‼ CVE-2022-2136 ‼
📖 Read
via "National Vulnerability Database".
The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34982 ‼
📖 Read
via "National Vulnerability Database".
The eziod package in PyPI before v0.0.1 included a code execution backdoor inserted by a third party.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2135 ‼
📖 Read
via "National Vulnerability Database".
The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36200 ‼
📖 Read
via "National Vulnerability Database".
Under certain circumstances an unauthenticated user could access the the web API for Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.2 and enumerate users.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2142 ‼
📖 Read
via "National Vulnerability Database".
The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2143 ‼
📖 Read
via "National Vulnerability Database".
The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34520 ‼
📖 Read
via "National Vulnerability Database".
Radare2 v5.7.2 was discovered to contain a NULL pointer dereference via the function r_bin_file_xtr_load_buffer at bin/bfile.c. This vulnerability allows attackers to cause a Denial of Service (DOS) via a crafted binary file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34502 ‼
📖 Read
via "National Vulnerability Database".
Radare2 v5.7.0 was discovered to contain a heap buffer overflow via the function consume_encoded_name_new at format/wasm/wasm.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted binary file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34501 ‼
📖 Read
via "National Vulnerability Database".
The bin-collection package in PyPI before v0.1 included a code execution backdoor inserted by a third party.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2470 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.21.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2137 ‼
📖 Read
via "National Vulnerability Database".
The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose information📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1655 ‼
📖 Read
via "National Vulnerability Database".
An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack. Horizon session cookies are created without the HttpOnly flag despite HorizonSecureCookies being set to true in the environmental files, possibly leading to a loss of confidentiality and integrity.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2139 ‼
📖 Read
via "National Vulnerability Database".
The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2138 ‼
📖 Read
via "National Vulnerability Database".
The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34981 ‼
📖 Read
via "National Vulnerability Database".
The PyCrowdTangle package in PyPI before v0.0.1 included a code execution backdoor inserted by a third party.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34500 ‼
📖 Read
via "National Vulnerability Database".
The bin-collect package in PyPI before v0.1 included a code execution backdoor inserted by a third party.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34503 ‼
📖 Read
via "National Vulnerability Database".
QPDF v8.4.2 was discovered to contain a heap buffer overflow via the function QPDF::processXRefStream. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34983 ‼
📖 Read
via "National Vulnerability Database".
The scu-captcha package in PyPI v0.0.1 to v0.0.4 included a code execution backdoor inserted by a third party.📖 Read
via "National Vulnerability Database".
🕴 Thales Expands Cybersecurity Portfolio With OneWelcome Acquisition 🕴
📖 Read
via "Dark Reading".
With more staff working remotely, identity, authentication, and access have never been more important.📖 Read
via "Dark Reading".
Dark Reading
Thales Expands Cybersecurity Portfolio With OneWelcome Acquisition
With more staff working remotely, identity, authentication, and access have never been more important.
🕴 Phishing Bonanza: Social Engineering Savvy Skyrockets as Malicious Actors Cash In 🕴
📖 Read
via "Dark Reading".
The ever-evolving threat from phishing is growing more sophisticated as attackers design high-pressure situations and leverage ever-more-convincing social engineering tactics to increase their success rates.📖 Read
via "Dark Reading".
Dark Reading
Phishing Bonanza: Social-Engineering Savvy Skyrockets as Malicious Actors Cash In
The ever-evolving threat from phishing is growing more sophisticated as attackers design high-pressure situations and leverage ever-more-convincing social engineering tactics to increase their success rates.
🕴 Snowballing Ransomware Variants Highlight Growing Threat to VMware ESXi Environments 🕴
📖 Read
via "Dark Reading".
Luna, Black Basta add to rapidly growing list of malware tools targeted at virtual machines deployed on VMware's bare-metal hypervisor technology.📖 Read
via "Dark Reading".
Dark Reading
Snowballing Ransomware Variants Highlight Growing Threat to VMware ESXi Environments
Luna, Black Basta add to rapidly growing list of malware tools targeted at virtual machines deployed on VMware's bare-metal hypervisor technology.