‼ CVE-2022-36454 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the MiCollab Client API of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated attacker to impersonate another user's name.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27913 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Joomla! 4.2.0 through 4.2.3. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in various components.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36451 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the MiCollab Client server component of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to conduct a Server-Side Request Forgery (SSRF) attack due to insufficient restriction of URL parameters. A successful exploit could allow an attacker to leverage connections and permissions available to the host server.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31468 ‼
📖 Read
via "National Vulnerability Database".
OX App Suite through 8.2 allows XSS via an attachment or OX Drive content when a client uses the len or off parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38162 ‼
📖 Read
via "National Vulnerability Database".
Reflected cross-site scripting (XSS) vulnerabilities in WithSecure through 2022-08-10) exists within the F-Secure Policy Manager due to an unvalidated parameter in the endpoint, which allows remote attackers to provide a malicious input.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-41711 ‼
📖 Read
via "National Vulnerability Database".
Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33185 ‼
📖 Read
via "National Vulnerability Database".
Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user account.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33181 ‼
📖 Read
via "National Vulnerability Database".
An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files using switch commands “configshowâ€� and “supportlinkâ€�.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33178 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33183 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote authenticated attacker to perform stack buffer overflow using in “firmwaredownloadâ€� and “diagshowâ€� commands.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33184 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, 7.4.2j could allow local authenticated attackers to exploit stack-based buffer overflows and execute arbitrary code as the root user account.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28169 ‼
📖 Read
via "National Vulnerability Database".
Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user. By exploiting this vulnerability, a user whose role is not an admin can create a new user with an admin role using the operator session id. The issue was replicated after intercepting the admin, and operator authorization headers sent unencrypted and editing a user addition request to use the operator's authorization header.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33180 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with “seccryptocfgâ€�, “configuploadâ€�.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33179 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells with “set contextâ€� and escalate privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28170 ‼
📖 Read
via "National Vulnerability Database".
Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33182 ‼
📖 Read
via "National Vulnerability Database".
A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root using switch commands “supportlinkâ€�, “firmwaredownloadâ€�, “portcfgupload, license, and “fosexecâ€�.📖 Read
via "National Vulnerability Database".
⚠ Apple megaupdate: Ventura out, iOS and iPad kernel zero-day – act now! ⚠
📖 Read
via "Naked Security".
Ventura hits the market with 112 patches, Catalina's gone missing, and iPhones and iPads get a critical kernel-level zero-day patch...📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
⚠ Clearview AI image-scraping face recognition service hit with €20m fine in France ⚠
📖 Read
via "Naked Security".
"We told you to stop but you ignored us," said the French regulator, "so now we're coming after you again."📖 Read
via "Naked Security".
Naked Security
Clearview AI image-scraping face recognition service hit with €20m fine in France
“We told you to stop but you ignored us,” said the French regulator, “so now we’re coming after you again.”
‼ CVE-2022-43750 ‼
📖 Read
via "National Vulnerability Database".
drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43747 ‼
📖 Read
via "National Vulnerability Database".
baramundi Management Agent (bMA) in baramundi Management Suite (bMS) 2021 R1 and R2 and 2022 R1 allows remote code execution. This is fixed in 2022 R2.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31256 ‼
📖 Read
via "National Vulnerability Database".
A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called by the sendmail systemd service of openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: SUSE openSUSE Factory sendmail versions prior to 8.17.1-1.1.📖 Read
via "National Vulnerability Database".