‼ CVE-2022-37063 (flir_ax8_firmware) ‼
📖 Read
via "National Vulnerability Database".
All FLIR AX8 thermal sensor cameras versions up to and including 1.46.16 are vulnerable to Cross Site Scripting (XSS) due to improper input sanitization. An authenticated remote attacker can execute arbitrary JavaScript code in the web management interface. A successful exploit could allow the attacker to insert malicious JavaScript code.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37422 ‼
📖 Read
via "National Vulnerability Database".
Payara through 5.2022.2 allows directory traversal without authentication. This affects Payara Server, Payara Micro, and Payara Server Embedded.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35204 ‼
📖 Read
via "National Vulnerability Database".
Vitejs Vite before v2.9.13 was discovered to allow attackers to perform a directory traversal via a crafted URL to the victim's service.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37062 (flir_ax8_firmware) ‼
📖 Read
via "National Vulnerability Database".
All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an insecure design vulnerability due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains the path of the SQLite users database and download it. A successful exploit could allow the attacker to extract usernames and hashed passwords.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35976 ‼
📖 Read
via "National Vulnerability Database".
The GitOps Tools Extension for VSCode relies on kubeconfigs in order to communicate with Kubernetes clusters. A specially crafted kubeconfig leads to arbitrary code execution on behalf of the user running VSCode. Users relying on kubeconfigs that are generated or altered by other processes or users are affected by this issue. Please note that the vulnerability is specific to this extension, and the same kubeconfig would not result in arbitrary code execution when used with kubectl. Using only trust-worthy kubeconfigs is a safe mitigation. However, updating to the latest version of the extension is still highly recommended.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35175 (barangay_management_system) ‼
📖 Read
via "National Vulnerability Database".
Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /blotter/blotter.php.📖 Read
via "National Vulnerability Database".
🕴 Easing the Cyber-Skills Crisis With Staff Augmentation 🕴
📖 Read
via "Dark Reading".
Filling cybersecurity roles can be costly, slow, and chancy. More firms are working with third-party service providers to quickly procure needed expertise.📖 Read
via "Dark Reading".
Dark Reading
Easing the Cyber-Skills Crisis With Staff Augmentation
Filling cybersecurity roles can be costly, slow, and chancy. More firms are working with third-party service providers to quickly procure needed expertise.
‼ CVE-2021-33128 ‼
📖 Read
via "National Vulnerability Database".
Improper access control in the firmware for some Intel(R) E810 Ethernet Controllers before version 1.6.1.9 may allow a privileged user to potentially enable denial of service via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21148 ‼
📖 Read
via "National Vulnerability Database".
Improper access control in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33847 ‼
📖 Read
via "National Vulnerability Database".
Improper buffer restrictions in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.120 may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23403 ‼
📖 Read
via "National Vulnerability Database".
Improper input validation in the Intel(R) Data Center Manager software before version 4.1 may allow an authenticated user to potentially enable denial of service via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33060 ‼
📖 Read
via "National Vulnerability Database".
Out-of-bounds write in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26257 ‼
📖 Read
via "National Vulnerability Database".
Improper buffer restrictions in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.120 may allow an authenticated user to potentially enable denial of service via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21181 ‼
📖 Read
via "National Vulnerability Database".
Improper input validation for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21233 ‼
📖 Read
via "National Vulnerability Database".
Improper isolation of shared resources in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21812 ‼
📖 Read
via "National Vulnerability Database".
Improper access control in the Intel(R) HAXM software before version 7.7.1 may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21793 ‼
📖 Read
via "National Vulnerability Database".
Insufficient control flow management in the Intel(R) Ethernet 500 Series Controller drivers for VMWare before version 1.11.4.0 and in the Intel(R) Ethernet 700 Series Controller drivers for VMWare before version 2.1.5.0 may allow an authenticated user to potentially enable a denial of service via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25841 ‼
📖 Read
via "National Vulnerability Database".
Uncontrolled search path elements in the Intel(R) Datacenter Group Event Android application, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24378 ‼
📖 Read
via "National Vulnerability Database".
Improper initialization in the Intel(R) Data Center Manager software before version 4.1 may allow an authenticated user to potentially enable denial of service via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21229 ‼
📖 Read
via "National Vulnerability Database".
Improper buffer restrictions for some Intel(R) NUC 9 Extreme Laptop Kit drivers before version 2.2.0.22 may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22730 ‼
📖 Read
via "National Vulnerability Database".
Improper authentication in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an unauthenticated user to potentially enable escalation of privilege via network access.📖 Read
via "National Vulnerability Database".