‼ CVE-2022-46698 ‼
📖 Read
via "National Vulnerability Database".
A logic issue was addressed with improved checks. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may disclose sensitive user information.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42842 ‼
📖 Read
via "National Vulnerability Database".
The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. A remote user may be able to cause kernel code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39920 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45033 ‼
📖 Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in Expense Tracker 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat text field.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46701 ‼
📖 Read
via "National Vulnerability Database".
The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2. Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42837 ‼
📖 Read
via "National Vulnerability Database".
An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, watchOS 9.2. A remote user may be able to cause unexpected app termination or arbitrary code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46692 ‼
📖 Read
via "National Vulnerability Database".
A logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may bypass Same Origin Policy.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42859 ‼
📖 Read
via "National Vulnerability Database".
Multiple issues were addressed by removing the vulnerable code. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, watchOS 9.2. An app may be able to bypass Privacy preferences.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46694 ‼
📖 Read
via "National Vulnerability Database".
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2, tvOS 16.2, watchOS 9.2. Parsing a maliciously crafted video file may lead to kernel code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46691 ‼
📖 Read
via "National Vulnerability Database".
A memory consumption issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42840 ‼
📖 Read
via "National Vulnerability Database".
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2. An app may be able to execute arbitrary code with kernel privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39937 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3427 ‼
📖 Read
via "National Vulnerability Database".
The Corner Ad plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.56. This is due to missing or incorrect nonce validation on its corner_ad_settings_page function. This makes it possible for unauthenticated attackers to trigger the deletion of ads via forged request granted they can trick a site administrator into performing an action such as clicking on a link.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42805 ‼
📖 Read
via "National Vulnerability Database".
An integer overflow was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44236 ‼
📖 Read
via "National Vulnerability Database".
Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG 8.5.0.17807 (20181130-16:12) has a Weak password vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44588 ‼
📖 Read
via "National Vulnerability Database".
Unauth. SQL Injection vulnerability in Cryptocurrency Widgets Pack Plugin <=1.8.1 on WordPress.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42851 ‼
📖 Read
via "National Vulnerability Database".
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, tvOS 16.2. Parsing a maliciously crafted TIFF file may lead to disclosure of user information.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4514 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in Opencaching Deutschland oc-server3. Affected is an unknown function of the file htdocs/lang/de/ocstyle/varset.inc.php. The manipulation of the argument varvalue leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 4bdd6a0e7b7760cea03b91812cbb80d7b16e3b5f. It is recommended to apply a patch to fix this issue. VDB-215886 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39921 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46700 ‼
📖 Read
via "National Vulnerability Database".
A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.📖 Read
via "National Vulnerability Database".
🕴 Zero Trust Shouldn’t Be The New Normal 🕴
📖 Read
via "Dark Reading".
Zero trust is useful in some situations, but organizations should not be trying to fit zero trust everywhere. In some cases, identity-based networking is an appropriate alternative.📖 Read
via "Dark Reading".
Dark Reading
Zero Trust Shouldn’t Be The New Normal
Zero trust is useful in some situations, but organizations should not be trying to fit zero trust everywhere. In some cases, identity-based networking is an appropriate alternative.
🤔1