π΄ Optiv Launches Cyber Recovery Solution Focused on Protection and Rapid Recovery π΄
π Read
via "Dark Reading".
CMS helps minimize the impact a cyberattack has on business operations, finances and reputation.π Read
via "Dark Reading".
Dark Reading
Optiv Launches Cyber Recovery Solution Focused on Protection and Rapid Recovery
CRS helps minimize the impact a cyberattack has on business operations, finances and reputation.
π΄ BigID Introduces Cloud Data Security On Demand π΄
π Read
via "Dark Reading".
New SmallID offering brings cloud-native data privacy and protection to organizations of all sizes.π Read
via "Dark Reading".
Dark Reading
BigID Introduces Cloud Data Security On Demand
New SmallID offering brings cloud-native data privacy and protection to organizations of all sizes.
π Latest Federal Data Privacy Bill Has Bipartisan Support π
π Read
via "".
Thereβs been countless data privacy acts introduced over the years but the American Data Privacy and Protection Act, introduced Friday, is the first with bipartisan promise.π Read
via "".
βΌ CVE-2022-32275 βΌ
π Read
via "National Vulnerability Database".
Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21758 βΌ
π Read
via "National Vulnerability Database".
In ccu, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06439600; Issue ID: ALPS06439600.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22396 βΌ
π Read
via "National Vulnerability Database".
Credentials are printed in clear text in the IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.3 virgo log file in certain cases. Credentials could be the remote vSnap, offload targets, or VADP credentials depending on the operation performed. Credentials that are using API key or certificate are not printed. IBM X-Force ID: 222231.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1550 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21749 βΌ
π Read
via "National Vulnerability Database".
In telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06511058; Issue ID: ALPS06511058.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1966 βΌ
π Read
via "National Vulnerability Database".
A use-after-free vulnerability was found in the Linux kernel's Netfilter subsystem in net/netfilter/nf_tables_api.c. This flaw allows a local attacker with user access to cause a privilege escalation issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1680 βΌ
π Read
via "National Vulnerability Database".
An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. When group SAML SSO is configured, the SCIM feature (available only on Premium+ subscriptions) may allow any owner of a Premium group to invite arbitrary users through their username and email, then change those users' email addresses via SCIM to an attacker controlled email address and thus - in the absence of 2FA - take over those accounts. It is also possible for the attacker to change the display name and username of the targeted account.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28224 βΌ
π Read
via "National Vulnerability Database".
Clusters using Calico (version 3.22.1 and below), Calico Enterprise (version 3.12.0 and below), may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not enabled. This may allow the attacker to intercept and reroute traffic to their compromised pod.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21752 βΌ
π Read
via "National Vulnerability Database".
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06493873; Issue ID: ALPS06493873.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31493 βΌ
π Read
via "National Vulnerability Database".
LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30586 βΌ
π Read
via "National Vulnerability Database".
Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21756 βΌ
π Read
via "National Vulnerability Database".
In WLAN driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06535950; Issue ID: ALPS06535950.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23712 βΌ
π Read
via "National Vulnerability Database".
A Denial of Service flaw was discovered in Elasticsearch. Using this vulnerability, an unauthenticated attacker could forcibly shut down an Elasticsearch node with a specifically formatted network request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21755 βΌ
π Read
via "National Vulnerability Database".
In WLAN driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06545464; Issue ID: ALPS06545464.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21745 βΌ
π Read
via "National Vulnerability Database".
In WIFI Firmware, there is a possible memory corruption due to a use after free. This could lead to remote escalation of privilege, when devices are connecting to the attacker-controllable Wi-Fi hotspot, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06468872; Issue ID: ALPS06468872.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31768 βΌ
π Read
via "National Vulnerability Database".
IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21754 βΌ
π Read
via "National Vulnerability Database".
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06535953; Issue ID: ALPS06535953.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21751 βΌ
π Read
via "National Vulnerability Database".
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06511132; Issue ID: ALPS06511132.π Read
via "National Vulnerability Database".