‼ CVE-2021-29823 ‼
📖 Read
via "National Vulnerability Database".
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204465.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36773 ‼
📖 Read
via "National Vulnerability Database".
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233571.📖 Read
via "National Vulnerability Database".
🕴 Threat Actor Phishing PyPI Users Identified 🕴
📖 Read
via "Dark Reading".
"JuiceLedger" has escalated a campaign to distribute its information stealer by now going after developers who published code on the widely used Python code repository.📖 Read
via "Dark Reading".
Dark Reading
Threat Actor Phishing PyPI Users Identified
"JuiceLedger" has escalated a campaign to distribute its information stealer by now going after developers who published code on the widely used Python code repository.
🕴 Neopets Hackers Had Network Access for 18 Months 🕴
📖 Read
via "Dark Reading".
Neopets has confirmed that its IT systems were compromised from January 2021 through July 2022, exposing 69 million user accounts and source code.📖 Read
via "Dark Reading".
Dark Reading
Neopets Hackers Had Network Access for 18 Months
Neopets has confirmed that its IT systems were compromised from January 2021 through July 2022, exposing 69 million user accounts and source code.
‼ CVE-2022-2738 ‼
📖 Read
via "National Vulnerability Database".
The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117. This issue could possibly be used to crash or cause potential code execution in Go applications that use the Go GPGME wrapper library, under certain conditions, during GPG signature verification.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38127 ‼
📖 Read
via "National Vulnerability Database".
A NULL pointer dereference in the read_and_display_attr_value() function in binutils/dwarf.c may lead to program crash when parsing corrupt DWARF data.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2320 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1902 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36602 ‼
📖 Read
via "National Vulnerability Database".
InnoSilicon A10 a10_20200924_120556 was discovered to contain a remote code execution (RCE) vulnerability in the setPlatformAPI function.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1677 ‼
📖 Read
via "National Vulnerability Database".
In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files. This malformed entry can match any arbitrary hostname, or all hostnames in the cluster, and direct traffic to an arbitrary application within the cluster, including one under attacker control.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-23452 ‼
📖 Read
via "National Vulnerability Database".
An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service.📖 Read
via "National Vulnerability Database".
👍2
‼ CVE-2022-36622 ‼
📖 Read
via "National Vulnerability Database".
Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_GetObjectInfo1.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-2308 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in vDPA with VDUSE backend. There are currently no checks in VDUSE kernel driver to ensure the size of the device config space is in line with the features advertised by the VDUSE userspace application. In case of a mismatch, Virtio drivers config read helpers do not initialize the memory indirectly passed to vduse_vdpa_get_config() returning uninitialized memory from the stack. This could cause undefined behavior or data leaks in Virtio drivers.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3078 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel through 5.16-rc6. There is a lack of check after calling vzalloc() and lack of free after allocation in drivers/media/test-drivers/vidtv/vidtv_s302m.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2447 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in OpenStack. The application credential tokens can be used even after they have expired. This flaw allows an authenticated remote attacker to obtain access despite the defender's efforts to remove access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1632 ‼
📖 Read
via "National Vulnerability Database".
An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinationCACertificate explicitly set to the default serviceCA skips internal Service TLS certificate validation. This flaw allows an attacker to exploit an invalid certificate, resulting in a loss of confidentiality.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2319 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2256 ‼
📖 Read
via "National Vulnerability Database".
A Stored Cross-site scripting (XSS) vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2764 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2403 ‼
📖 Read
via "National Vulnerability Database".
A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could exploit this flaw by reading the oauth-serving-cert ConfigMap in the openshift-config-managed namespace, compromising any web traffic secured using that certificate.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2639 ‼
📖 Read
via "National Vulnerability Database".
An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system.📖 Read
via "National Vulnerability Database".