βΌ CVE-2022-21512 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Integration Broker). Supported versions that are affected are 8.58 and 8.59. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).π Read
via "National Vulnerability Database".
βΌ CVE-2022-21566 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Diagnostics). Supported versions that are affected are 12.2.9-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications Framework accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).π Read
via "National Vulnerability Database".
βΌ CVE-2022-21575 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the Oracle WebCenter Sites Support Tools product of Oracle Fusion Middleware (component: User Interface). The supported version that is affected is Prior to 4.4.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites Support Tools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites Support Tools accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Sites Support Tools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebCenter Sites Support Tools. CVSS 3.1 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L).π Read
via "National Vulnerability Database".
βΌ CVE-2022-21570 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 3.7.1.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle Coherence. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Coherence. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).π Read
via "National Vulnerability Database".
βΌ CVE-2022-21582 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). The supported version that is affected is 14.5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Trade Finance accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Trade Finance accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Trade Finance. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L).π Read
via "National Vulnerability Database".
βΌ CVE-2022-21536 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Policy Framework). Supported versions that are affected are 13.4.0.0 and 13.5.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in takeover of Enterprise Manager Base Platform. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).π Read
via "National Vulnerability Database".
βΌ CVE-2022-21572 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Billing Care). Supported versions that are affected are 12.0.0.4.0-12.0.0.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Billing and Revenue Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Billing and Revenue Management accessible data as well as unauthorized read access to a subset of Oracle Communications Billing and Revenue Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).π Read
via "National Vulnerability Database".
βΌ CVE-2022-32456 βΌ
π Read
via "National Vulnerability Database".
Digiwin BPMΓ’β¬β’s function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL command to access, modify, delete database or disrupt service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32958 βΌ
π Read
via "National Vulnerability Database".
A remote attacker with general user privilege can send a message to Teamplus ProΓ’β¬β’s chat group that exceeds message size limit, to terminate other recipientsΓ’β¬β’ Teamplus Pro chat process.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32961 βΌ
π Read
via "National Vulnerability Database".
HICOSΓ’β¬β’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for token information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32457 βΌ
π Read
via "National Vulnerability Database".
Digiwin BPM has inadequate filtering for URL parameter. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network topology base on URL error response.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32960 βΌ
π Read
via "National Vulnerability Database".
HiCOSΓ’β¬β’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for card number. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32962 βΌ
π Read
via "National Vulnerability Database".
HiCOSΓ’β¬β’ client-side citizen certificate component has a double free vulnerability. An unauthenticated physical attacker can exploit this vulnerability to corrupt memory and execute arbitrary code, manipulate system data or terminate service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32458 βΌ
π Read
via "National Vulnerability Database".
Digiwin BPM has a XML External Entity Injection (XXE) vulnerability due to insufficient validation for user input. An unauthenticated remote attacker can perform XML injection attack to access arbitrary system files.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32959 βΌ
π Read
via "National Vulnerability Database".
HiCOSΓ’β¬β’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33967 βΌ
π Read
via "National Vulnerability Database".
squashfs filesystem implementation of U-Boot versions from v2020.10-rc2 to v2022.07-rc5 contains a heap-based buffer overflow vulnerability due to a defect in the metadata reading process. Loading a specially crafted squashfs image may lead to a denial-of-service (DoS) condition or arbitrary code execution.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-34866 βΌ
π Read
via "National Vulnerability Database".
Passage Drive versions v1.4.0 to v1.5.1.0 and Passage Drive for Box version v1.0.0 contain an insufficient data verification vulnerability for interprocess communication. By running a malicious program, an arbitrary OS command may be executed with LocalSystem privilege of the Windows system where the product is running.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31250 βΌ
π Read
via "National Vulnerability Database".
A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of openSUSE Tumbleweed allows local attackers to escalate from the keylime user to root. This issue affects: openSUSE Tumbleweed keylime versions prior to 6.4.2-1.1.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46828 βΌ
π Read
via "National Vulnerability Database".
In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.π Read
via "National Vulnerability Database".
π΄ Tackling the Cybersecurity Workforce Challenge With Apprentices π΄
π Read
via "Dark Reading".
One of the announcements out of the National Cyber Workforce and Education Summit on July 19 was the 120-day Cybersecurity Apprenticeship Sprint.π Read
via "Dark Reading".
Dark Reading
Tackling the Cybersecurity Workforce Challenge With Apprentices
One of the announcements out of the National Cyber Workforce and Education Summit on July 19 was the 120-day Cybersecurity Apprenticeship Sprint.
ποΈ W3C launches Decentralized Identifiers as a web standard ποΈ
π Read
via "The Daily Swig".
DID has been designed to give users and organizations greater security and privacyπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
W3C launches Decentralized Identifiers as a web standard
DID has been designed to give users and organizations greater security and privacy