β Dangerous hole in Apache Commons Text β like Log4Shell all over again β
π Read
via "Naked Security".
Third time unlucky. Time to put your patching boots on again...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ Treat Essential Security Certificates as Valuable Assets π΄
π Read
via "Dark Reading".
Manage the company's often-overlooked security certificates as the valuable assets they are, essential for security hygiene and to prevent issues.π Read
via "Dark Reading".
Dark Reading
Treat Essential Security Certificates as Valuable Assets
Manage the company's often-overlooked security certificates as the valuable assets they are, essential for security hygiene and to prevent issues.
π΄ German Cybersecurity Boss Sacked Over Kremlin Connection π΄
π Read
via "Dark Reading".
Head of German national cybersecurity agency was fired over ties to a member of Russian intelligence once honored by Vladimir Putin.π Read
via "Dark Reading".
Dark Reading
German Cybersecurity Boss Sacked Over Kremlin Connection
Head of German national cybersecurity agency was fired over ties to a member of Russian intelligence once honored by Vladimir Putin.
β Zoom for Mac patches sneaky βspy-on-meβ bug β update now! β
π Read
via "Naked Security".
Hey! That back door isn't supposed to be there at all, let alone propped open...π Read
via "Naked Security".
Naked Security
Zoom for Mac patches sneaky βspy-on-meβ bug β update now!
Hey! That back door isnβt supposed to be there at all, let alone propped openβ¦
β Dangerous hole in Apache Commons Text β like Log4Shell all over again β
π Read
via "Naked Security".
Third time unlucky. Time to put your patching boots on again...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2022-39198 βΌ
π Read
via "National Vulnerability Database".
A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.17 and prior versions; Apache Dubbo 3.0.x version 3.0.11 and prior versions; Apache Dubbo 3.1.x version 3.1.0 and prior versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42188 βΌ
π Read
via "National Vulnerability Database".
In Lavalite 9.0.0, the XSRF-TOKEN cookie is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server.π Read
via "National Vulnerability Database".
π΄ Gen Z, Millennial Workers Are Bigger Cybersecurity Risks Than Older Employees π΄
π Read
via "Dark Reading".
Younger workers surveyed are less likely to follow established business cybersecurity protocols than their Gen X and baby boomer counterparts, a new survey finds.π Read
via "Dark Reading".
Dark Reading
Gen Z, Millennial Workers Are Bigger Cybersecurity Risks Than Older Employees
Younger workers surveyed are less likely to follow established business cybersecurity protocols than their Gen X and baby boomer counterparts, a new survey finds.
π΄ What Is the Difference Between Identity Verification and Authentication? π΄
π Read
via "Dark Reading".
Identity verification and identity authentication are neither synonymous nor interchangeable, and implementing both is essential to fighting fraud.π Read
via "Dark Reading".
Dark Reading
What Is the Difference Between Identity Verification and Authentication?
Identity verification and identity authentication are neither synonymous nor interchangeable, and implementing both is essential to fighting fraud.
π1
βΌ CVE-2022-21623 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Application Config Console). Supported versions that are affected are 13.4.0.0 and 13.5.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Enterprise Manager Base Platform accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).π Read
via "National Vulnerability Database".
βΌ CVE-2022-39400 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).π Read
via "National Vulnerability Database".
βΌ CVE-2022-21601 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.4.0-12.0.0.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Billing and Revenue Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Billing and Revenue Management. CVSS 3.1 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L).π Read
via "National Vulnerability Database".
βΌ CVE-2022-21634 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: LLVM Interpreter). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GraalVM Enterprise Edition. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).π Read
via "National Vulnerability Database".
βΌ CVE-2022-21622 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the Oracle SOA Suite product of Oracle Fusion Middleware (component: Adapters). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SOA Suite. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle SOA Suite accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).π Read
via "National Vulnerability Database".
βΌ CVE-2022-21629 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are 9.2.6.4 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).π Read
via "National Vulnerability Database".
βΌ CVE-2022-21587 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).π Read
via "National Vulnerability Database".
βΌ CVE-2022-21621 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.40. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 6.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H).π Read
via "National Vulnerability Database".
βΌ CVE-2022-21607 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).π Read
via "National Vulnerability Database".
βΌ CVE-2022-21636 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Session Management). Supported versions that are affected are 12.2.6-12.2.11. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications Framework accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).π Read
via "National Vulnerability Database".
βΌ CVE-2022-21609 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Server). The supported version that is affected is 5.9.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N).π Read
via "National Vulnerability Database".
βΌ CVE-2022-21631 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Design Tools SEC). Supported versions that are affected are 9.2.6.4 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).π Read
via "National Vulnerability Database".