‼ CVE-2015-7800 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2015-8819 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35411 ‼
📖 Read
via "National Vulnerability Database".
rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header is sent. In other words, although JSON (not Pickle) is the default data format, an unauthenticated client can cause the data to be processed with unpickle.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2343 ‼
📖 Read
via "National Vulnerability Database".
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22476 ‼
📖 Read
via "National Vulnerability Database".
IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and Open Liberty are vulnerable to identity spoofing by an authenticated user using a specially crafted request. IBM X-Force ID: 225604.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2015-3260 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35410 ‼
📖 Read
via "National Vulnerability Database".
mat2 (aka metadata anonymisation toolkit) before 0.13.0 allows ../ directory traversal during the ZIP archive cleaning process. This primarily affects mat2 web instances, in which clients could obtain sensitive information via a crafted archive.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34914 ‼
📖 Read
via "National Vulnerability Database".
Webswing before 22.1.3 allows X-Forwarded-For header injection. The client IP address is associated with a variable in the configuration page. The {clientIp} variable can be used as an application startup argument. The X-Forwarded-For header can be manipulated by a client to store an arbitrary value that is used to replace the clientIp variable (without sanitization). A client can thus inject multiple arguments into the session startup. Systems that do not use the clientIP variable in the configuration are not vulnerable. The vulnerability is fixed in these versions: 20.1.16, 20.2.19, 21.1.8, 21.2.12, and 22.1.3.📖 Read
via "National Vulnerability Database".
‼ CVE-2015-3263 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22464 ‼
📖 Read
via "National Vulnerability Database".
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225081.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22465 ‼
📖 Read
via "National Vulnerability Database".
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 could allow a local user to obtain elevated privileges due to improper access permissions. IBM X-Force ID: 225082.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2344 ‼
📖 Read
via "National Vulnerability Database".
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045.📖 Read
via "National Vulnerability Database".
‼ CVE-2015-1837 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2015-5598 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none.📖 Read
via "National Vulnerability Database".
🕴 Microsoft Reverses Course on Blocking Office Macros by Default 🕴
📖 Read
via "Dark Reading".
Security experts criticize company for reversing course on a decision it made just this February to block macros in files downloaded from the Internet.📖 Read
via "Dark Reading".
Dark Reading
Microsoft Reverses Course on Blocking Office Macros by Default
Security experts criticize company for reversing course, albeit temporarily, on a decision it made just this February to block macros in files downloaded from the Internet.
🕴 Microsoft Reverses Course on Blocking Office Macros by Default 🕴
📖 Read
via "Dark Reading".
Security experts criticize company for reversing course, albeit temporarily, on a decision it made just this February to block macros in files downloaded from the Internet.📖 Read
via "Dark Reading".
Dark Reading
Microsoft Reverses Course on Blocking Office Macros by Default
Security experts criticize company for reversing course, albeit temporarily, on a decision it made just this February to block macros in files downloaded from the Internet.
‼ CVE-2022-35412 ‼
📖 Read
via "National Vulnerability Database".
Digital Guardian Agent 7.7.4.0042 allows an administrator (who ordinarily does not have a supported way to uninstall the product) to disable some of the agent functionality and then exfiltrate files to an external USB device.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31137 ‼
📖 Read
via "National Vulnerability Database".
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 6.1.1.0 are subject to a remote code execution vulnerability. System commands can be run remotely via the subprocess_execute function without processing the inputs received from the user in the /app/options.py file. Attackers need not be authenticated to exploit this vulnerability. Users are advised to upgrade. There are no known workarounds for this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2353 ‼
📖 Read
via "National Vulnerability Database".
Prior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a user.📖 Read
via "National Vulnerability Database".
📢 NCSC and ICO chiefs plead with lawyers to stop making ransomware payments 📢
📖 Read
via "ITPro".
The two UK authorities say misconceptions around ICO fines are jeopardising the integrity of UK cyber security, in a direct appeal to the Law Society📖 Read
via "ITPro".
IT PRO
NCSC and ICO chiefs plead with lawyers to stop making ransomware payments | IT PRO
The two UK authorities say misconceptions around ICO fines are jeopardising the integrity of UK cyber security, in a direct appeal to the Law Society
📢 Web3 projects lose over $2 billion to hacks and exploits in 2022 📢
📖 Read
via "ITPro".
Blockchain and crypto schemes have already lost more in the first half of this year than throughout all of 2021📖 Read
via "ITPro".
IT PRO
Web3 projects lose over $2 billion to hacks and exploits in 2022 | IT PRO
Blockchain and crypto schemes have already lost more in the first half of this year than throughout all of 2021