‼ CVE-2022-2990 ‼
📖 Read
via "National Vulnerability Database".
An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38538 ‼
📖 Read
via "National Vulnerability Database".
Archery v1.7.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the checksum parameter in the report module.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38139 ‼
📖 Read
via "National Vulnerability Database".
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in RD Station plugin <= 5.1.3 at WordPress.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36778 ‼
📖 Read
via "National Vulnerability Database".
insert HTML / js code inside input how to get to the vulnerable input : Workers > worker nickname > inject in this input the code.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2989 ‼
📖 Read
via "National Vulnerability Database".
An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3027 ‼
📖 Read
via "National Vulnerability Database".
The CMS8000 device does not properly control or sanitize the SSID name of a new Wi-Fi access point. A threat actor could create an SSID with a malicious name, including non-standard characters that, when the device attempts connecting to the malicious SSID, the device can be exploited to write arbitrary files or display incorrect information.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38100 ‼
📖 Read
via "National Vulnerability Database".
The CMS800 device fails while attempting to parse malformed network data sent by a threat actor. A threat actor with network access can remotely issue a specially formatted UDP request that will cause the entire device to crash and require a physical reboot. A UDP broadcast request could be sent that causes a mass denial-of-service attack on all CME8000 devices connected to the same network.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38540 ‼
📖 Read
via "National Vulnerability Database".
Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the create_kill_session interface.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38453 ‼
📖 Read
via "National Vulnerability Database".
Multiple binary application files on the CMS8000 device are compiled with 'not stripped' and 'debug_info' compilation settings. These compiler settings greatly decrease the level of effort for a threat actor to reverse engineer sensitive code and identify additional vulnerabilities.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36780 ‼
📖 Read
via "National Vulnerability Database".
Avdor CIS - crystal quality Credentials Management Errors. The product is phone call recorder, you can hear all the recorded calls without authenticate to the system. Attacker sends crafted URL to the system: ip:port//V=2;ChannellD=number;Ext=number;Command=startLM;Client=number;Request=number;R=number number - id of the recorded number.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1278 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1602 ‼
📖 Read
via "National Vulnerability Database".
A potential security vulnerability has been identified in HP ThinPro 7.2 Service Pack 8 (SP8). The security vulnerability in SP8 is not remedied after upgrading from SP8 to Service Pack 9 (SP9). HP has released Service Pack 10 (SP10) to remediate the potential vulnerability introduced in SP8.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3190 ‼
📖 Read
via "National Vulnerability Database".
Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38542 ‼
📖 Read
via "National Vulnerability Database".
Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the kill_session interface.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38537 ‼
📖 Read
via "National Vulnerability Database".
Archery v1.4.5 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_file, end_file, start_time, and stop_time parameters in the binlog2sql interface.📖 Read
via "National Vulnerability Database".
🕴 Arcserve Independent Global Study Finds Businesses Still Losing Mission-Critical Company Data 🕴
📖 Read
via "Dark Reading".
.📖 Read
via "Dark Reading".
Dark Reading
Arcserve Independent Global Study Finds Businesses Still Losing Mission-Critical Company Data
.
🕴 Opus Security Emerges from Stealth with $10M in Funding for Cloud SecOps and Remediation Processes 🕴
📖 Read
via "Dark Reading".
Siemplify veterans introduce Cloud Security Orchestration and Remediation platform, backed by high-profile investors including YL Ventures, Tiger Global, and CEOs of CrowdStrike and CyberArk📖 Read
via "Dark Reading".
Dark Reading
Opus Security Emerges from Stealth with $10M in Funding for Cloud SecOps and Remediation Processes
Siemplify veterans introduce Cloud Security Orchestration and Remediation platform, backed by high-profile investors including YL Ventures, Tiger Global, and CEOs of CrowdStrike and CyberArk
🕴 Name That Toon: Shiver Me Timbers! 🕴
📖 Read
via "Dark Reading".
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.📖 Read
via "Dark Reading".
Dark Reading
Name That Toon: Shiver Me Timbers!
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
🔏 CISA Seeks Comment on Cyber Incident Reporting Rules 🔏
📖 Read
via "".
CISA has taken the first step towards implementing a law that will require U.S. critical infrastructure to report cybersecurity incidents to the government.📖 Read
via "".
🤔1🤯1
‼ CVE-2022-36020 ‼
📖 Read
via "National Vulnerability Database".
The typo3/html-sanitizer package is an HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. Due to a parsing issue in the upstream package `masterminds/html5`, malicious markup used in a sequence with special HTML comments cannot be filtered and sanitized. This allows for a bypass of the cross-site scripting mechanism of `typo3/html-sanitizer`. This issue has been addressed in versions 1.0.7 and 2.0.16 of the `typo3/html-sanitizer` package. Users are advised to upgrade. There are no known workarounds for this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36103 ‼
📖 Read
via "National Vulnerability Database".
Talos Linux is a Linux distribution built for Kubernetes deployments. Talos worker nodes use a join token to get accepted into the Talos cluster. Due to improper validation of the request while signing a worker node CSR (certificate signing request) Talos control plane node might issue Talos API certificate which allows full access to Talos API on a control plane node. Accessing Talos API with full level access on a control plane node might reveal sensitive information which allows full level access to the cluster (Kubernetes and Talos PKI, etc.). Talos API join token is stored in the machine configuration on the worker node. When configured correctly, Kubernetes workloads don't have access to the machine configuration, but due to a misconfiguration workload might access the machine configuration and reveal the join token. This problem has been fixed in Talos 1.2.2. Enabling the Pod Security Standards mitigates the vulnerability by denying hostPath mounts and host networking by default in the baseline policy. Clusters that don't run untrusted workloads are not affected. Clusters with correct Pod Security configurations which don't allow hostPath mounts, and secure access to cloud metadata server (or machine configuration is not supplied via cloud metadata server) are not affected.📖 Read
via "National Vulnerability Database".