βΌ CVE-2022-32250 βΌ
π Read
via "National Vulnerability Database".
net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26866 βΌ
π Read
via "National Vulnerability Database".
Dell PowerStore Versions before v2.1.1.0. contains a Stored Cross-Site Scripting vulnerability. A high privileged network attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29085 βΌ
π Read
via "National Vulnerability Database".
Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42877 βΌ
π Read
via "National Vulnerability Database".
TOTOLINK EX1200T V4.1.2cu.5215 contains a denial of service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29084 βΌ
π Read
via "National Vulnerability Database".
Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict excessive authentication attempts in Unisphere GUI. A remote unauthenticated attacker may potentially exploit this vulnerability to brute-force passwords and gain access to the system as the victim. Account takeover is possible if weak passwords are used by users.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29767 βΌ
π Read
via "National Vulnerability Database".
adbyby v2.7 allows external users to make connections via port 8118. This can cause a program logic error and lead to a Denial of Service (DoS) via high CPU usage due to a large number of connections.π Read
via "National Vulnerability Database".
π’ IT Pro News In Review: Businesses cancel cyber policies, EE milestone, Costa Rica Conti attack π’
π Read
via "ITPro".
Catch up on the biggest headlines of the week in just two minutesπ Read
via "ITPro".
IT PRO
IT Pro News In Review: Businesses cancel cyber policies, EE milestone, Costa Rica Conti attack
Catch up on the biggest headlines of the week in just two minutes
π’ The cookie phase-out might precede an AdTech apocalypse π’
π Read
via "ITPro".
With the industry phasing out third-party cookies, what does this mean for businesses reliant on them to track and improve their campaigns?π Read
via "ITPro".
IT PRO
The cookie phase-out might precede an AdTech apocalypse | IT PRO
With the industry phasing out third-party cookies, what does this mean for businesses reliant on them to track and improve their campaigns?
π’ DOE βββββββββββββββfundsβ βdevelopment of Qunnect's Quantum Repeater π’
π Read
via "ITPro".
The $1.85 million grant will eventually pave the way for quantum internetπ Read
via "ITPro".
IT PRO
DOE βββββββββββββββfundsβ βdevelopment of Qunnect's Quantum Repeater | IT PRO
The $1.85 million grant will eventually pave the way for quantum internet
π’ Ministry of Defence pledges resilience to all known vulnerabilities and cyber attack methods by 2030 π’
π Read
via "ITPro".
New MoD cyber security strategy is underpinned by a 'secure by design' approach that will run across the organisationπ Read
via "ITPro".
IT PRO
Ministry of Defence pledges resilience to all known vulnerabilities and cyber attack methods by 2030 | IT PRO
New MoD cyber security strategy is underpinned by a 'secure by design' approach that will run across the organisation
βΌ CVE-2022-32271 βΌ
π Read
via "National Vulnerability Database".
In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability. This is an internal URL Protocol used by Real Player to reference a file that contains an URL. It is possible to inject script code to arbitrary domains. It is also possible to reference arbitrary local files.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1987 βΌ
π Read
via "National Vulnerability Database".
Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32265 βΌ
π Read
via "National Vulnerability Database".
qDecoder before 12.1.0 does not ensure that the percent character is followed by two hex digits for URL decoding.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1988 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Generic in GitHub repository neorazorx/facturascripts prior to 2022.09.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32270 βΌ
π Read
via "National Vulnerability Database".
In Real Player 20.0.7.309 and 20.0.8.310, external::Import() allows download of arbitrary file types and Directory Traversal, leading to Remote Code Execution. This occurs because it is possible to plant executables in the startup folder (DLL planting could also occur).π Read
via "National Vulnerability Database".
βΌ CVE-2022-32268 βΌ
π Read
via "National Vulnerability Database".
StarWind SAN and NAS v0.2 build 1914 allow remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32269 βΌ
π Read
via "National Vulnerability Database".
In Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript: URIs in local HTTP error pages (displayed by Internet Explorer core). This leads to arbitrary code execution.π Read
via "National Vulnerability Database".
π’ Second ransomware group attacks Costa Rica π’
π Read
via "ITPro".
The countryβs health service has had its systems affected by the new attackπ Read
via "ITPro".
IT PRO
Second ransomware group attacks Costa Rica | IT PRO
The countryβs health service has had its systems affected by the new attack
π’ Zscaler and Siemens team up to provide all-in-one digital transformation solution π’
π Read
via "ITPro".
Zscaler-powered zero trust OT security platform is now available globally via Siemensπ Read
via "ITPro".
IT PRO
Zscaler and Siemens team up to provide all-in-one digital transformation solution | IT PRO
Zscaler-powered zero trust OT security platform is now available globally via Siemens
π’ GitHub Enterprise Server 3.5 is equipped with a horde of new security protections π’
π Read
via "ITPro".
Admins are also given more controls to ensure the smooth running of servers, be it on-prem or in the cloudπ Read
via "ITPro".
IT PRO
GitHub Enterprise Server 3.5 is equipped with a horde of new security protections | IT PRO
Admins are also given more controls to ensure the smooth running of servers, be it on-prem or in the cloud
π’ What is your digital footprint? π’
π Read
via "ITPro".
Your digital footprint is always growing β so we explore how you can keep it under controlπ Read
via "ITPro".
IT PRO
What is your digital footprint? | IT PRO
Your digital footprint is always growing β so we explore how you can keep it under control