‼ CVE-2022-32275 ‼
📖 Read
via "National Vulnerability Database".
Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21758 ‼
📖 Read
via "National Vulnerability Database".
In ccu, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06439600; Issue ID: ALPS06439600.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22396 ‼
📖 Read
via "National Vulnerability Database".
Credentials are printed in clear text in the IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.3 virgo log file in certain cases. Credentials could be the remote vSnap, offload targets, or VADP credentials depending on the operation performed. Credentials that are using API key or certificate are not printed. IBM X-Force ID: 222231.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1550 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21749 ‼
📖 Read
via "National Vulnerability Database".
In telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06511058; Issue ID: ALPS06511058.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1966 ‼
📖 Read
via "National Vulnerability Database".
A use-after-free vulnerability was found in the Linux kernel's Netfilter subsystem in net/netfilter/nf_tables_api.c. This flaw allows a local attacker with user access to cause a privilege escalation issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1680 ‼
📖 Read
via "National Vulnerability Database".
An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. When group SAML SSO is configured, the SCIM feature (available only on Premium+ subscriptions) may allow any owner of a Premium group to invite arbitrary users through their username and email, then change those users' email addresses via SCIM to an attacker controlled email address and thus - in the absence of 2FA - take over those accounts. It is also possible for the attacker to change the display name and username of the targeted account.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28224 ‼
📖 Read
via "National Vulnerability Database".
Clusters using Calico (version 3.22.1 and below), Calico Enterprise (version 3.12.0 and below), may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not enabled. This may allow the attacker to intercept and reroute traffic to their compromised pod.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21752 ‼
📖 Read
via "National Vulnerability Database".
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06493873; Issue ID: ALPS06493873.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31493 ‼
📖 Read
via "National Vulnerability Database".
LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30586 ‼
📖 Read
via "National Vulnerability Database".
Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21756 ‼
📖 Read
via "National Vulnerability Database".
In WLAN driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06535950; Issue ID: ALPS06535950.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23712 ‼
📖 Read
via "National Vulnerability Database".
A Denial of Service flaw was discovered in Elasticsearch. Using this vulnerability, an unauthenticated attacker could forcibly shut down an Elasticsearch node with a specifically formatted network request.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21755 ‼
📖 Read
via "National Vulnerability Database".
In WLAN driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06545464; Issue ID: ALPS06545464.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21745 ‼
📖 Read
via "National Vulnerability Database".
In WIFI Firmware, there is a possible memory corruption due to a use after free. This could lead to remote escalation of privilege, when devices are connecting to the attacker-controllable Wi-Fi hotspot, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06468872; Issue ID: ALPS06468872.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31768 ‼
📖 Read
via "National Vulnerability Database".
IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21754 ‼
📖 Read
via "National Vulnerability Database".
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06535953; Issue ID: ALPS06535953.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21751 ‼
📖 Read
via "National Vulnerability Database".
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06511132; Issue ID: ALPS06511132.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21757 ‼
📖 Read
via "National Vulnerability Database".
In WIFI Firmware, there is a possible system crash due to a missing count check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06468894; Issue ID: ALPS06468894.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21750 ‼
📖 Read
via "National Vulnerability Database".
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06521283; Issue ID: ALPS06521283.📖 Read
via "National Vulnerability Database".
🕴 Communication Is Key to CISO Success 🕴
📖 Read
via "Dark Reading".
A panel of CISOs at the RSA Conference outlined what a successful first 90-day plan looks like, and it boiled down to effective communication and listening.📖 Read
via "Dark Reading".
Dark Reading
Communication Is Key to CISO Success
A panel of CISOs at the RSA Conference outlined what a successful first 90-day plan looks like, and it boiled down to effective communication and listening.