‼ CVE-2022-39295 ‼
📖 Read
via "National Vulnerability Database".
Knowage is an open source suite for modern business analytics alternative over big data systems. KnowageLabs / Knowage-Server starting with the 6.x branch and prior to versions 7.4.22, 8.0.9, and 8.1.0 is vulnerable to cross-site scripting because the `XSSRequestWrapper::stripXSS` method can be bypassed. Versions 7.4.22, 8.0.9, and 8.1.0 contain patches for this issue. There are no known workarounds.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39278 ‼
📖 Read
via "National Vulnerability Database".
Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection. Prior to versions 1.15.2, 1.14.5, and 1.13.9, the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted or oversized message which results in the control plane crashing when the Kubernetes validating or mutating webhook service is exposed publicly. This endpoint is served over TLS port 15017, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially external istiod topologies, this port is exposed over the public internet. Versions 1.15.2, 1.14.5, and 1.13.9 contain patches for this issue. There are no effective workarounds, beyond upgrading. This bug is due to an error in `regexp.Compile` in Go.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35134 ‼
📖 Read
via "National Vulnerability Database".
Boodskap IoT Platform v4.4.9-02 contains a cross-site scripting (XSS) vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31123 ‼
📖 Read
via "National Vulnerability Database".
Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server admin to download and successfully run a malicious plugin even though unsigned plugins are not allowed. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not install plugins downloaded from untrusted sources.📖 Read
via "National Vulnerability Database".
🕴 Juice Technology Receives ISO Certification for Charging Station Cyber Security 🕴
📖 Read
via "Dark Reading".
Electric Vehicle Charging Station Leader Certified in Accordance with ISO/SAE 21434 "Road Vehicles – Cybersecurity Engineering".📖 Read
via "Dark Reading".
Dark Reading
Juice Technology Receives ISO Certification for Charging Station Cyber Security
Electric Vehicle Charging Station Leader Certified in Accordance with ISO/SAE 21434 "Road Vehicles – Cybersecurity Engineering".
🕴 ControlMap Announces the Launch of the Trust Portal, Creating Transparency in Cybersecurity Compliance 🕴
📖 Read
via "Dark Reading".
.📖 Read
via "Dark Reading".
Dark Reading
ControlMap Announces the Launch of the Trust Portal, Creating Transparency in Cybersecurity Compliance
‼ CVE-2022-42720 ‼
📖 Read
via "National Vulnerability Database".
Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.14 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42722 ‼
📖 Read
via "National Vulnerability Database".
In the Linux kernel 5.8 through 5.19.14, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39302 ‼
📖 Read
via "National Vulnerability Database".
Ree6 is a moderation bot. This vulnerability would allow other server owners to create configurations such as "Better-Audit-Logging" which contain a channel from another server as a target. This would mean you could send log messages to another Guild channel and bypass raid and webhook protections. A specifically crafted log message could allow spamming and mass advertisements. This issue has been patched in version 1.9.9. There are currently no known workarounds.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41674 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel through 5.19.11. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36802 ‼
📖 Read
via "National Vulnerability Database".
The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This can be exploited by a remote, unauthenticated attacker with Super Admin privileges by sending a specially crafted HTTP request.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42721 ‼
📖 Read
via "National Vulnerability Database".
A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.14 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36803 ‼
📖 Read
via "National Vulnerability Database".
The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37602 ‼
📖 Read
via "National Vulnerability Database".
Prototype pollution vulnerability in karma-runner grunt-karma 4.0.1 via the key variable in grunt-karma.js.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3502 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in Human Resource Management System 1.0. It has been classified as problematic. This affects an unknown part of the component Leave Handler. The manipulation of the argument Reason leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-210831.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3503 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Purchase Order Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the component Supplier Handler. The manipulation of the argument Supplier Name/Address/Contact person/Contact leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210832.📖 Read
via "National Vulnerability Database".
🕴 Care and Feeding of the SOC's Most Powerful Tool: Your Brain 🕴
📖 Read
via "Dark Reading".
Once overloaded, our brains can't process information effectively, performance decreases, and even the simplest of tasks seem foreign.📖 Read
via "Dark Reading".
Dark Reading
Care and Feeding of the SOC's Most Powerful Tool: Your Brain
Once overloaded, our brains can't process information effectively, performance decreases, and even the simplest of tasks seem foreign.
‼ CVE-2022-35052 ‼
📖 Read
via "National Vulnerability Database".
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b84b1.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35046 ‼
📖 Read
via "National Vulnerability Database".
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0466.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35051 ‼
📖 Read
via "National Vulnerability Database".
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b55af.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35058 ‼
📖 Read
via "National Vulnerability Database".
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b05ce.📖 Read
via "National Vulnerability Database".