βΌ CVE-2022-37059 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) in Admin Panel of Subrion CMS 4.2.1 allows attacker to inject arbitrary code via Login Fieldπ Read
via "National Vulnerability Database".
β Tentacles of β0ktapusβ Threat Group Victimize 130 Firms β
π Read
via "Threat Post".
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.π Read
via "Threat Post".
Threat Post
Tentacles of β0ktapusβ Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
π΄ NATO Investigates Dark Web Leak of Data Stolen from Missile Vendor π΄
π Read
via "Dark Reading".
Documents allegedly belonging to an EU defense dealer include those relating to weapons used by Ukraine in its fight against Russia.π Read
via "Dark Reading".
Dark Reading
NATO Investigates Dark Web Leak of Data Stolen From Missile Vendor
Documents allegedly belonging to an EU defense dealer include those relating to weapons used by Ukraine in its fight against Russia.
π΄ Cyber-Insurance Firms Limit Payouts, Risk Obsolescence π΄
π Read
via "Dark Reading".
Businesses need to re-evaluate their cyber-insurance policies as firms like Lloyd's of London continue to add restrictions, including excluding losses related to state-backed cyberattackers.π Read
via "Dark Reading".
Dark Reading
Cyber-Insurance Firms Limit Payouts, Risk Obsolescence
Businesses need to re-evaluate their cyber-insurance policies as firms like Lloyd's of London continue to add restrictions, including excluding losses related to state-backed cyberattackers.
βΌ CVE-2022-0284 βΌ
π Read
via "National Vulnerability Database".
A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor.h'. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image File Format (TIFF) image to convert it into a PICON file format. This issue can potentially lead to a denial of service and information disclosure.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0496 βΌ
π Read
via "National Vulnerability Database".
A vulnerbiility was found in Openscad, where a DXF-format drawing with particular (not necessarily malformed!) properties may cause an out-of-bounds memory access when imported using import().π Read
via "National Vulnerability Database".
βΌ CVE-2022-0812 βΌ
π Read
via "National Vulnerability Database".
An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0851 βΌ
π Read
via "National Vulnerability Database".
There is a flaw in convert2rhel. When the --activationkey option is used with convert2rhel, the activation key is subsequently passed to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the activation key via the process command line via e.g. htop or ps. The specific impact varies upon the subscription, but generally this would allow an attacker to register systems purchased by the victim until discovered; a form of fraud. This could occur regardless of how the activation key is supplied to convert2rhel because it involves how convert2rhel provides it to subscription-manager.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0480 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1043 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the Linux kernelΓ’β¬β’s io_uring implementation. This flaw allows an attacker with a local account to corrupt system memory, crash the system or escalate privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2961 βΌ
π Read
via "National Vulnerability Database".
A use-after-free flaw was found in the Linux kernelΓ’β¬β’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rose_bind() function. This flaw allows a local user to crash or potentially escalate their privileges on the system.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31677 βΌ
π Read
via "National Vulnerability Database".
An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor (before v0.19.0). A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0852 βΌ
π Read
via "National Vulnerability Database".
There is a flaw in convert2rhel. convert2rhel passes the Red Hat account password to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the password via the process command line via e.g. htop or ps. The specific impact varies upon the privileges of the Red Hat account in question, but it could affect the integrity, availability, and/or data confidentiality of other systems that are administered by that account. This occurs regardless of how the password is supplied to convert2rhel.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0358 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group, potentially escalating their privileges within the guest. A malicious local user in the host might also leverage this unexpected executable file created by the guest to escalate their privileges on the host system.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35020 βΌ
π Read
via "National Vulnerability Database".
Advancecomp v2.3 was discovered to contain a heap buffer overflow via the component __interceptor_memcpy at /sanitizer_common/sanitizer_common_interceptors.inc.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36686 βΌ
π Read
via "National Vulnerability Database".
Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/stockin&month=.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36690 βΌ
π Read
via "National Vulnerability Database".
Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=user/manage_user&id=.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36688 βΌ
π Read
via "National Vulnerability Database".
Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/stockout&month=.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36689 βΌ
π Read
via "National Vulnerability Database".
Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/waste&month=.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35018 βΌ
π Read
via "National Vulnerability Database".
Advancecomp v2.3 was discovered to contain a segmentation fault.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35017 βΌ
π Read
via "National Vulnerability Database".
Advancecomp v2.3 was discovered to contain a heap buffer overflow.π Read
via "National Vulnerability Database".