‼ CVE-2022-24800 ‼
📖 Read
via "National Vulnerability Database".
October/System is the system module for October CMS, a self-hosted CMS platform based on the Laravel PHP Framework. Prior to versions 1.0.476, 1.1.12, and 2.2.15, when the developer allows the user to specify their own filename in the `fromData` method, an unauthenticated user can perform remote code execution (RCE) by exploiting a race condition in the temporary storage directory. This vulnerability affects plugins that expose the `October\Rain\Database\Attach\File::fromData` as a public interface and does not affect vanilla installations of October CMS since this method is not exposed or used by the system internally or externally. The issue has been patched in Build 476 (v1.0.476), v1.1.12, and v2.2.15. Those who are unable to upgrade may apply with patch to their installation manually as a workaround.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28771 ‼
📖 Read
via "National Vulnerability Database".
Due to missing authentication check, SAP Business one License service API - version 10.0 allows an unauthenticated attacker to send malicious http requests over the network. On successful exploitation, an attacker can break the whole application making it inaccessible.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31654 ‼
📖 Read
via "National Vulnerability Database".
VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31591 ‼
📖 Read
via "National Vulnerability Database".
SAP BusinessObjects BW Publisher Service - versions 420, 430, uses a search path that contains an unquoted element. A local attacker can gain elevated privileges by inserting an executable file in the path of the affected service📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35171 ‼
📖 Read
via "National Vulnerability Database".
When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22998 ‼
📖 Read
via "National Vulnerability Database".
Implemented protections on AWS credentials that were not properly protected.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35172 ‼
📖 Read
via "National Vulnerability Database".
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31593 ‼
📖 Read
via "National Vulnerability Database".
SAP Business One client - version 10.0 allows an attacker with low privileges, to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35225 ‼
📖 Read
via "National Vulnerability Database".
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack. This leads to limited impact on confidentiality and integrity of data.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1025 ‼
📖 Read
via "National Vulnerability Database".
All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35224 ‼
📖 Read
via "National Vulnerability Database".
SAP Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This attack can be used to non-permanently deface or modify portal content. The execution of script content by a victim registered on the portal could compromise the confidentiality and integrity of victim?s web browser session.📖 Read
via "National Vulnerability Database".
🕴 PyPI Mandates 2FA, Plans Google Titan Key Giveaway 🕴
📖 Read
via "Dark Reading".
Python's most popular package manager is intent on securing the supply chain by requiring developers to enable two-factor authentication.📖 Read
via "Dark Reading".
Dark Reading
PyPI Mandates 2FA, Plans Google Titan Key Giveaway
Python's most popular package manager is intent on securing the supply chain by requiring developers to enable two-factor authentication.
‼ CVE-2022-30211 ‼
📖 Read
via "National Vulnerability Database".
Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22031 ‼
📖 Read
via "National Vulnerability Database".
Windows Credential Guard Domain-joined Public Key Elevation of Privilege Vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33633 ‼
📖 Read
via "National Vulnerability Database".
Skype for Business and Lync Remote Code Execution Vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21845 ‼
📖 Read
via "National Vulnerability Database".
Windows Kernel Information Disclosure Vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30226 ‼
📖 Read
via "National Vulnerability Database".
Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22022, CVE-2022-22041, CVE-2022-30206.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30216 ‼
📖 Read
via "National Vulnerability Database".
Windows Server Service Tampering Vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22047 ‼
📖 Read
via "National Vulnerability Database".
Windows CSRSS Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22026, CVE-2022-22049.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22029 ‼
📖 Read
via "National Vulnerability Database".
Windows Network File System Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22039.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30225 ‼
📖 Read
via "National Vulnerability Database".
Windows Media Player Network Sharing Service Elevation of Privilege Vulnerability.📖 Read
via "National Vulnerability Database".