βΌ CVE-2022-33124 βΌ
π Read
via "National Vulnerability Database".
aiohttp v3.8.1 was discovered to contain an invalid IPv6 URL which can lead to a Denial of Service (DoS).π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-34210 βΌ
π Read
via "National Vulnerability Database".
A missing permission check in Jenkins ThreadFix Plugin 1.5.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34173 βΌ
π Read
via "National Vulnerability Database".
In Jenkins 2.340 through 2.355 (both inclusive) the tooltip of the build button in list views supports HTML without escaping the job display name, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34187 βΌ
π Read
via "National Vulnerability Database".
Jenkins Filesystem List Parameter Plugin 0.0.7 and earlier does not escape the name and description of File system objects list parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34177 βΌ
π Read
via "National Vulnerability Database".
Jenkins Pipeline: Input Step Plugin 448.v37cea_9a_10a_70 and earlier archives files uploaded for `file` parameters for Pipeline `input` steps on the controller as part of build metadata, using the parameter name without sanitization as a relative path inside a build-related directory, allowing attackers able to configure Pipelines to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34174 βΌ
π Read
via "National Vulnerability Database".
In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32126 βΌ
π Read
via "National Vulnerability Database".
74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34208 βΌ
π Read
via "National Vulnerability Database".
A missing permission check in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34170 βΌ
π Read
via "National Vulnerability Database".
In Jenkins 2.320 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the help icon does not escape the feature name that is part of its tooltip, effectively undoing the fix for SECURITY-1955, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.π Read
via "National Vulnerability Database".
π΄ Johnson Controls Acquires Tempered Networks to Bring Zero Trust Cybersecurity to Connected Buildings π΄
π Read
via "Dark Reading".
Johnson Controls will roll out the Tempered Networks platform across deployments of its OpenBlue AI-enabled platform.π Read
via "Dark Reading".
Dark Reading
Johnson Controls Acquires Tempered Networks to Bring Zero Trust Cybersecurity to Connected Buildings
Johnson Controls will roll out the Tempered Networks platform across deployments of its OpenBlue AI-enabled platform.
π΄ Chinese APT Group Likely Using Ransomware Attacks as Cover for IP Theft π΄
π Read
via "Dark Reading".
Bronze Starlightβs use of multiple ransomware families and its victim-targeting suggest thereβs more to the groupβs activities than just financial gain, security vendor says.π Read
via "Dark Reading".
Dark Reading
Chinese APT Group Likely Using Ransomware Attacks as Cover for IP Theft
Bronze Starlightβs use of multiple ransomware families and its victim-targeting suggest thereβs more to the groupβs activities than just financial gain, security vendor says.
βΌ CVE-2022-26863 βΌ
π Read
via "National Vulnerability Database".
Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2183 βΌ
π Read
via "National Vulnerability Database".
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26862 βΌ
π Read
via "National Vulnerability Database".
Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26864 βΌ
π Read
via "National Vulnerability Database".
Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2182 βΌ
π Read
via "National Vulnerability Database".
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32987 βΌ
π Read
via "National Vulnerability Database".
Multiple cross-site scripting (XSS) vulnerabilities in /bsms/?page=manage_account of Simple Bakery Shop Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username or Full Name fields.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2147 βΌ
π Read
via "National Vulnerability Database".
Cloudflare Warp for Windows from version 2022.2.95.0 contained an unquoted service path which enables arbitrary code execution leading to privilege escalation. The fix was released in version 2022.3.186.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32398 βΌ
π Read
via "National Vulnerability Database".
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/cells/manage_cell.php:4π Read
via "National Vulnerability Database".
βΌ CVE-2022-32392 βΌ
π Read
via "National Vulnerability Database".
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/actions/manage_action.php:4π Read
via "National Vulnerability Database".
βΌ CVE-2022-32399 βΌ
π Read
via "National Vulnerability Database".
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/crimes/view_crime.php:4π Read
via "National Vulnerability Database".