βΌ CVE-2022-41390 βΌ
π Read
via "National Vulnerability Database".
OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at download.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35611 βΌ
π Read
via "National Vulnerability Database".
A Cross-Site Request Forgery (CSRF) in MQTTRoute v3.3 and below allows attackers to create and remove dashboards.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31130 βΌ
π Read
via "National Vulnerability Database".
Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some conditions. The vulnerability impacts data source and plugin proxy endpoints with authentication tokens. The destination plugin could receive a user's Grafana authentication token. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not use API keys, JWT authentication, or any HTTP Header based authentication.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39229 βΌ
π Read
via "National Vulnerability Database".
Grafana is an open source data visualization platform for metrics, logs, and traces. Versions prior to 9.1.8 and 8.5.14 allow one user to block another user's login attempt by registering someone else'e email address as a username. A Grafana userΓ’β¬β’s username and email address are unique fields, that means no other user can have the same username or email address as another user. A user can have an email address as a username. However, the login system allows users to log in with either username or email address. Since Grafana allows a user to log in with either their username or email address, this creates an usual behavior where `user_1` can register with one email address and `user_2` can register their username as `user_1`Γ’β¬β’s email address. This prevents `user_1` logging into the application since `user_1`'s password wonΓ’β¬β’t match with `user_2`'s email address. Versions 9.1.8 and 8.5.14 contain a patch. There are no workarounds for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41391 βΌ
π Read
via "National Vulnerability Database".
OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at showImg.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39295 βΌ
π Read
via "National Vulnerability Database".
Knowage is an open source suite for modern business analytics alternative over big data systems. KnowageLabs / Knowage-Server starting with the 6.x branch and prior to versions 7.4.22, 8.0.9, and 8.1.0 is vulnerable to cross-site scripting because the `XSSRequestWrapper::stripXSS` method can be bypassed. Versions 7.4.22, 8.0.9, and 8.1.0 contain patches for this issue. There are no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39278 βΌ
π Read
via "National Vulnerability Database".
Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection. Prior to versions 1.15.2, 1.14.5, and 1.13.9, the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted or oversized message which results in the control plane crashing when the Kubernetes validating or mutating webhook service is exposed publicly. This endpoint is served over TLS port 15017, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially external istiod topologies, this port is exposed over the public internet. Versions 1.15.2, 1.14.5, and 1.13.9 contain patches for this issue. There are no effective workarounds, beyond upgrading. This bug is due to an error in `regexp.Compile` in Go.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35134 βΌ
π Read
via "National Vulnerability Database".
Boodskap IoT Platform v4.4.9-02 contains a cross-site scripting (XSS) vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31123 βΌ
π Read
via "National Vulnerability Database".
Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server admin to download and successfully run a malicious plugin even though unsigned plugins are not allowed. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not install plugins downloaded from untrusted sources.π Read
via "National Vulnerability Database".
π΄ Juice Technology Receives ISO Certification for Charging Station Cyber Security π΄
π Read
via "Dark Reading".
Electric Vehicle Charging Station Leader Certified in Accordance with ISO/SAE 21434 "Road Vehicles β Cybersecurity Engineering".π Read
via "Dark Reading".
Dark Reading
Juice Technology Receives ISO Certification for Charging Station Cyber Security
Electric Vehicle Charging Station Leader Certified in Accordance with ISO/SAE 21434 "Road Vehicles β Cybersecurity Engineering".
π΄ ControlMap Announces the Launch of the Trust Portal, Creating Transparency in Cybersecurity Compliance π΄
π Read
via "Dark Reading".
.π Read
via "Dark Reading".
Dark Reading
ControlMap Announces the Launch of the Trust Portal, Creating Transparency in Cybersecurity Compliance
βΌ CVE-2022-42720 βΌ
π Read
via "National Vulnerability Database".
Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.14 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42722 βΌ
π Read
via "National Vulnerability Database".
In the Linux kernel 5.8 through 5.19.14, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39302 βΌ
π Read
via "National Vulnerability Database".
Ree6 is a moderation bot. This vulnerability would allow other server owners to create configurations such as "Better-Audit-Logging" which contain a channel from another server as a target. This would mean you could send log messages to another Guild channel and bypass raid and webhook protections. A specifically crafted log message could allow spamming and mass advertisements. This issue has been patched in version 1.9.9. There are currently no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41674 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel through 5.19.11. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36802 βΌ
π Read
via "National Vulnerability Database".
The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This can be exploited by a remote, unauthenticated attacker with Super Admin privileges by sending a specially crafted HTTP request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42721 βΌ
π Read
via "National Vulnerability Database".
A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.14 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36803 βΌ
π Read
via "National Vulnerability Database".
The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37602 βΌ
π Read
via "National Vulnerability Database".
Prototype pollution vulnerability in karma-runner grunt-karma 4.0.1 via the key variable in grunt-karma.js.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3502 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Human Resource Management System 1.0. It has been classified as problematic. This affects an unknown part of the component Leave Handler. The manipulation of the argument Reason leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-210831.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3503 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Purchase Order Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the component Supplier Handler. The manipulation of the argument Supplier Name/Address/Contact person/Contact leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210832.π Read
via "National Vulnerability Database".