βΌ CVE-2022-31479 βΌ
π Read
via "National Vulnerability Database".
An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable. The injected commands only get executed during start up or when unsafe calls regarding the hostname are used. This allows the attacker to gain remote access to the device and can make their persistence permanent by modifying the filesystem.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2021-39947 βΌ
π Read
via "National Vulnerability Database".
In specific circumstances, trace file buffers in GitLab Runner versions up to 14.3.4, 14.4 to 14.4.2, and 14.5 to 14.5.2 would re-use the file descriptor 0 for multiple traces and mix the output of several jobsπ Read
via "National Vulnerability Database".
βΌ CVE-2022-31480 βΌ
π Read
via "National Vulnerability Database".
An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service (DoS). This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. The attacker needs to have a properly signed and encrypted binary, loading the firmware to the device ultimately triggers a reboot.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31482 βΌ
π Read
via "National Vulnerability Database".
An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The overflowed data leads to segmentation fault and ultimately a denial-of-service condition, causing the device to reboot. The impact of this vulnerability is that an unauthenticated attacker could leverage this flaw to cause the target device to become unresponsive. An attacker could automate this attack to achieve persistent DoS, effectively rendering the target controller useless.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31483 βΌ
π Read
via "National Vulnerability Database".
An authenticated attacker can upload a file with a filename including Γ’β¬Ε..Γ’β¬οΏ½ and Γ’β¬Ε/Γ’β¬οΏ½ to achieve the ability to upload the desired file anywhere on the filesystem. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.271. This allows a malicious actor to overwrite sensitive system files and install a startup service to gain remote access to the underlaying Linux operating system with root privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31486 βΌ
π Read
via "National Vulnerability Database".
An authenticated attacker can send a specially crafted route to the Γ’β¬Εedit_route.cgiΓ’β¬οΏ½ binary and have it execute shell commands. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.303 for the LP series and 1.297 for the EP series. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1936 βΌ
π Read
via "National Vulnerability Database".
Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Deploy Token to misuse it from any location even when IP address restrictions were configuredπ Read
via "National Vulnerability Database".
βΌ CVE-2022-31485 βΌ
π Read
via "National Vulnerability Database".
An unauthenticated attacker can send a specially crafted packets to update the Γ’β¬ΕnotesΓ’β¬οΏ½ section of the home page of the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1821 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for a subgroup member to access the members list of their parent group.π Read
via "National Vulnerability Database".
π΄ Optiv Launches Cyber Recovery Solution Focused on Protection and Rapid Recovery π΄
π Read
via "Dark Reading".
CMS helps minimize the impact a cyberattack has on business operations, finances and reputation.π Read
via "Dark Reading".
Dark Reading
Optiv Launches Cyber Recovery Solution Focused on Protection and Rapid Recovery
CRS helps minimize the impact a cyberattack has on business operations, finances and reputation.
π΄ BigID Introduces Cloud Data Security On Demand π΄
π Read
via "Dark Reading".
New SmallID offering brings cloud-native data privacy and protection to organizations of all sizes.π Read
via "Dark Reading".
Dark Reading
BigID Introduces Cloud Data Security On Demand
New SmallID offering brings cloud-native data privacy and protection to organizations of all sizes.
π Latest Federal Data Privacy Bill Has Bipartisan Support π
π Read
via "".
Thereβs been countless data privacy acts introduced over the years but the American Data Privacy and Protection Act, introduced Friday, is the first with bipartisan promise.π Read
via "".
βΌ CVE-2022-32275 βΌ
π Read
via "National Vulnerability Database".
Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21758 βΌ
π Read
via "National Vulnerability Database".
In ccu, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06439600; Issue ID: ALPS06439600.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22396 βΌ
π Read
via "National Vulnerability Database".
Credentials are printed in clear text in the IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.3 virgo log file in certain cases. Credentials could be the remote vSnap, offload targets, or VADP credentials depending on the operation performed. Credentials that are using API key or certificate are not printed. IBM X-Force ID: 222231.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1550 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21749 βΌ
π Read
via "National Vulnerability Database".
In telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06511058; Issue ID: ALPS06511058.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1966 βΌ
π Read
via "National Vulnerability Database".
A use-after-free vulnerability was found in the Linux kernel's Netfilter subsystem in net/netfilter/nf_tables_api.c. This flaw allows a local attacker with user access to cause a privilege escalation issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1680 βΌ
π Read
via "National Vulnerability Database".
An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. When group SAML SSO is configured, the SCIM feature (available only on Premium+ subscriptions) may allow any owner of a Premium group to invite arbitrary users through their username and email, then change those users' email addresses via SCIM to an attacker controlled email address and thus - in the absence of 2FA - take over those accounts. It is also possible for the attacker to change the display name and username of the targeted account.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28224 βΌ
π Read
via "National Vulnerability Database".
Clusters using Calico (version 3.22.1 and below), Calico Enterprise (version 3.12.0 and below), may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not enabled. This may allow the attacker to intercept and reroute traffic to their compromised pod.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21752 βΌ
π Read
via "National Vulnerability Database".
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06493873; Issue ID: ALPS06493873.π Read
via "National Vulnerability Database".