‼ CVE-2022-22359 ‼
📖 Read
via "National Vulnerability Database".
IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 220652.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22417 ‼
📖 Read
via "National Vulnerability Database".
IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 223127.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22358 ‼
📖 Read
via "National Vulnerability Database".
IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 220651.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34023 ‼
📖 Read
via "National Vulnerability Database".
Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /officials/officials.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22360 ‼
📖 Read
via "National Vulnerability Database".
IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and could result in in granting permission to unauthorized resources. IBM X-Force ID: 220782.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22416 ‼
📖 Read
via "National Vulnerability Database".
IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 223126.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35912 ‼
📖 Read
via "National Vulnerability Database".
In grails-databinding in Grails before 3.3.15, 4.x before 4.1.1, 5.x before 5.1.9, and 5.2.x before 5.2.1 (at least when certain Java 8 configurations are used), data binding allows a remote attacker to execute code by gaining access to the class loader.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2469 ‼
📖 Read
via "National Vulnerability Database".
GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27580 ‼
📖 Read
via "National Vulnerability Database".
A deserialization vulnerability in a .NET framework class used and not properly checked by Safety Designer all versions up to and including 1.11.0 allows an attacker to craft malicious project files. Opening/importing such a malicious project file would execute arbitrary code with the privileges of the current user when opened or imported by the Safety Designer. This compromises confidentiality integrity and availability. For the attack to succeed a user must manually open a malicious project file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27579 ‼
📖 Read
via "National Vulnerability Database".
A deserialization vulnerability in a .NET framework class used and not properly checked by Flexi Soft Designer in all versions up to and including 1.9.4 SP1 allows an attacker to craft malicious project files. Opening/importing such a malicious project file would execute arbitrary code with the privileges of the current user when opened or imported by the Flexi Soft Designer. This compromises confidentiality integrity and availability. For the attack to succeed a user must manually open a malicious project file.📖 Read
via "National Vulnerability Database".
🕴 Startup Aims to Secure AI, Machine Learning Development 🕴
📖 Read
via "Dark Reading".
With security experts warning against attacks on machine learning models and data, startup HiddenLayer aims to protect the neural networks powering AI-augmented products.📖 Read
via "Dark Reading".
Dark Reading
Startup Aims to Secure AI, Machine Learning Development
With security experts warning against attacks on machine learning models and data, startup HiddenLayer aims to protect the neural networks powering AI-augmented products.
🕴 Post-Breakup, Conti Ransomware Members Remain Dangerous 🕴
📖 Read
via "Dark Reading".
The gang's members have moved into different criminal activities, and could regroup once law-enforcement attention has simmered down a bit, researchers say.📖 Read
via "Dark Reading".
Dark Reading
Post-Breakup, Conti Ransomware Members Remain Dangerous
The gang's members have moved into different criminal activities, and could regroup once law-enforcement attention has simmered down a bit, researchers say.
‼ CVE-2022-34024 ‼
📖 Read
via "National Vulnerability Database".
Barangay Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the resident module editing function at /bmis/pages/resident/resident.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34169 ‼
📖 Read
via "National Vulnerability Database".
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being retired. No future releases of Apache Xalan Java to address this issue are expected. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36305 ‼
📖 Read
via "National Vulnerability Database".
Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the body function at /web/api/v1/upload/UploadHandler.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27373 ‼
📖 Read
via "National Vulnerability Database".
Shanghai Feixun Data Communication Technology Co., Ltd router fir302b A2 was discovered to contain a remote command execution (RCE) vulnerability via the Ping function.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2394 ‼
📖 Read
via "National Vulnerability Database".
Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36304 ‼
📖 Read
via "National Vulnerability Database".
Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the generate_response function at /web/api/v1/upload/UploadHandler.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30570 ‼
📖 Read
via "National Vulnerability Database".
The Column Based Security component of TIBCO Software Inc.'s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with network access to obtain read access to application information on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Data Virtualization: versions 8.5.2 and below and TIBCO Data Virtualization for AWS Marketplace: versions 8.5.2 and below.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36303 ‼
📖 Read
via "National Vulnerability Database".
Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the handle_file_upload function at /web/api/v1/upload/UploadHandler.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34025 ‼
📖 Read
via "National Vulnerability Database".
Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the post function at /web/api/v1/upload/UploadHandler.php.📖 Read
via "National Vulnerability Database".