βΌ CVE-2022-20859 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the Disaster Recovery framework of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an authenticated, remote attacker to perform certain administrative actions they should not be able to. This vulnerability is due to insufficient access control checks on the affected device. An attacker with read-only privileges could exploit this vulnerability by executing a specific vulnerable command on an affected device. A successful exploit could allow the attacker to perform a set of administrative actions they should not be able to.π Read
via "National Vulnerability Database".
βΌ CVE-2021-4234 βΌ
π Read
via "National Vulnerability Database".
OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset packet sent from the client which the client again does not respond to, resulting in a limited amplification attack.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20800 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20862 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the operating system.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27549 βΌ
π Read
via "National Vulnerability Database".
HCL Launch may store certain data for recurring activities in a plain text format.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20812 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco Expressway Series refers to the Expressway Control (Expressway-C) device and the Expressway Edge (Expressway-E) device. For more information about these vulnerabilities, see the Details section of this advisory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20768 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to access confidential information, some of which may contain personally identifiable information (PII). Note: To access the logs that are stored in the RoomOS Cloud, an attacker would need valid Administrator-level credentials.π Read
via "National Vulnerability Database".
βΌ CVE-2015-3172 βΌ
π Read
via "National Vulnerability Database".
EidoGo is susceptible to Cross-Site Scripting (XSS) attacks via maliciously crafted SGF input.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20791 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the database user privileges of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. This vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vulnerability by sending a crafted command from the API to the application. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device. The attacker would need valid user credentials to exploit this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2014-8164 βΌ
π Read
via "National Vulnerability Database".
A insecure configuration for certificate verification (http.verify_mode = OpenSSL::SSL::VERIFY_NONE) may lead to verification bypass in Red Hat CloudForms 5.x.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20808 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to incorrect handling of multiple simultaneous device registrations on Cisco SSM On-Prem. An attacker could exploit this vulnerability by sending multiple device registration requests to Cisco SSM On-Prem. A successful exploit could allow the attacker to cause a DoS condition on an affected device.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27548 βΌ
π Read
via "National Vulnerability Database".
HCL Launch stores user credentials in plain clear text which can be read by a local user.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20815 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20813 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco Expressway Series refers to the Expressway Control (Expressway-C) device and the Expressway Edge (Expressway-E) device. For more information about these vulnerabilities, see the Details section of this advisory.π Read
via "National Vulnerability Database".
π΄ Prevention Takes Priority Over Response π΄
π Read
via "Dark Reading".
Cybersecurity teams continue to emphasize intrusion prevention over incident response, despite US government action.π Read
via "Dark Reading".
Dark Reading
Prevention Takes Priority Over Response
Cybersecurity teams continue to emphasize intrusion prevention over incident response, despite US government action.
π€―1
βΌ CVE-2022-2342 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository outline/outline prior to v0.64.4.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32567 βΌ
π Read
via "National Vulnerability Database".
The Appfire Jira Misc Custom Fields (JMCF) app 2.4.6 for Atlassian Jira allows XSS via a crafted project name to the Add Auto Indexing Rule function.π Read
via "National Vulnerability Database".
β OpenSSL fixes two βone-linerβ crypto bugs β what you need to know β
π Read
via "Naked Security".
"As bad as Heartbleed"? We heard that concern a week ago, but we think it's less ungood than that...π Read
via "Naked Security".
Naked Security
OpenSSL fixes two βone-linerβ crypto bugs β what you need to know
βAs bad as Heartbleedβ? We heard that concern a week ago, but we think itβs less ungood than thatβ¦
ποΈ Fortinet patch batch remedies multiple path traversal vulnerabilities ποΈ
π Read
via "The Daily Swig".
Four high, six medium, and one low severity issue fixedπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Fortinet patch batch remedies multiple path traversal vulnerabilities
Four high, six medium, and one low severity issue fixed
π΄ Inside NIST's 4 Crypto Algorithms for a Post-Quantum World π΄
π Read
via "Dark Reading".
With the world potentially less than a decade away from breaking current encryption around critical data, researchers weigh in on planning for the post-quantum world.π Read
via "Dark Reading".
Dark Reading
Inside NIST's 4 Crypto Algorithms for a Post-Quantum World
With the world potentially less than a decade away from breaking current encryption around critical data, researchers weigh in on planning for the post-quantum world.
βΌ CVE-2022-25046 βΌ
π Read
via "National Vulnerability Database".
A path traversal vulnerability in loader.php of CWP v0.9.8.1122 allows attackers to execute arbitrary code via a crafted POST request.π Read
via "National Vulnerability Database".