βΌ CVE-2022-22474 βΌ
π Read
via "National Vulnerability Database".
IBM Spectrum Protect 8.1.0.0 through 8.1.14.0 dsmcad, dsmc, and dsmcsvc processes incorrectly handle certain read operations on TCP/IP sockets. This can result in a denial of service for IBM Spectrum Protect client operations. IBM X-Force ID: 225348.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22472 βΌ
π Read
via "National Vulnerability Database".
IBM Spectrum Protect Plus Container Backup and Restore (10.1.5 through 10.1.10.2 for Kubernetes and 10.1.7 through 10.1.10.2 for Red Hat OpenShift) could allow a remote attacker to bypass IBM Spectrum Protect Plus role based access control restrictions, caused by improper disclosure of session information. By retrieving the logs of a container an attacker could exploit this vulnerability to bypass login security of the IBM Spectrum Protect Plus server and gain unauthorized access based on the permissions of the IBM Spectrum Protect Plus user to the vulnerable Spectrum Protect Plus server software. IBM X-Force ID: 225340.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31112 βΌ
π Read
via "National Vulnerability Database".
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions parse Server LiveQuery does not remove protected fields in classes, passing them to the client. The LiveQueryController now removes protected fields from the client response. Users are advised to upgrade. Users unable t upgrade should use `Parse.Cloud.afterLiveQueryEvent` to manually remove protected fields.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38954 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could disclose sensitive version information that could aid in future attacks against the system. IBM X-Force ID: 211414.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2057 βΌ
π Read
via "National Vulnerability Database".
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2058 βΌ
π Read
via "National Vulnerability Database".
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.π Read
via "National Vulnerability Database".
βΌ CVE-2013-4309 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22494 βΌ
π Read
via "National Vulnerability Database".
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14 could allow a remote attacker to gain details of the database, such as type and version, by sending a specially-crafted HTTP request. This information could then be used in future attacks. IBM X-Force ID: 226940.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22478 βΌ
π Read
via "National Vulnerability Database".
IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225886.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22496 βΌ
π Read
via "National Vulnerability Database".
While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID: 226942.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37791 βΌ
π Read
via "National Vulnerability Database".
MyAdmin v1.0 is affected by an incorrect access control vulnerability in viewing personal center in /api/user/userData?userCode=admin.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22487 βΌ
π Read
via "National Vulnerability Database".
An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. A remote attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to both the IBM Spectrum Protect storage agent and the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 with which it communicates. IBM X-Force ID: 226326.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2056 βΌ
π Read
via "National Vulnerability Database".
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1955 βΌ
π Read
via "National Vulnerability Database".
Session 1.13.0 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation.π Read
via "National Vulnerability Database".
π What is Data Security? π
π Read
via "".
What is data security, why does it matter, and what are the best ways to address data security?π Read
via "".
βΌ CVE-2022-34794 βΌ
π Read
via "National Vulnerability Database".
Missing permission checks in Jenkins Recipe Plugin 1.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-33312 βΌ
π Read
via "National Vulnerability Database".
Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/action/import_cert_file/` API is affected by command injection vulnerability.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-34790 βΌ
π Read
via "National Vulnerability Database".
Jenkins eXtreme Feedback Panel Plugin 2.0.1 and earlier does not escape the job names used in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2197 βΌ
π Read
via "National Vulnerability Database".
By using a specific credential string, an attacker with network access to the deviceΓ’β¬β’s web interface could circumvent the authentication scheme and perform administrative operations.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34785 βΌ
π Read
via "National Vulnerability Database".
Jenkins build-metrics Plugin 1.3 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about jobs otherwise inaccessible to them.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34783 βΌ
π Read
via "National Vulnerability Database".
Jenkins Plot Plugin 2.1.10 and earlier does not escape plot descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.π Read
via "National Vulnerability Database".