βΌ CVE-2022-38757 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Micro Focus ZENworks 2020 Update 3a and prior versions. This vulnerability allows administrators with rights to perform actions (e.g., install a bundle) on a set of managed devices, to be able to exercise these rights on managed devices in the ZENworks zone but which are outside the scope of the administrator. This vulnerability does not result in the administrators gaining additional rights on the managed devices, either in the scope or outside the scope of the administrator.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47940 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in ksmbd in the Linux kernel before 5.18.18. fs/ksmbd/smb2pdu.c lacks length validation in the non-padding case in smb2_write.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47939 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in ksmbd in the Linux kernel before 5.19.2. fs/ksmbd/smb2pdu.c has a use-after-free and OOPS for SMB2_TREE_DISCONNECT.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46641 βΌ
π Read
via "National Vulnerability Database".
D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the lan(0)_dhcps_staticlist parameter in the SetIpMacBindSettings function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47938 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in ksmbd in the Linux kernel before 5.19.2. fs/ksmbd/smb2misc.c has an out-of-bounds read and OOPS for SMB2_TREE_CONNNECT.π Read
via "National Vulnerability Database".
β S3 Ep114: Preventing cyberthreats β stop them before they stop you! [Audio + Text] β
π Read
via "Naked Security".
Join world-renowned expert Fraser Howard, Director of Research at SophosLabs, for this fascinating episode on how to fight cybercrime.π Read
via "Naked Security".
Naked Security
S3 Ep114: Preventing cyberthreats β stop them before they stop you! [Audio + Text]
Join world-renowned expert Fraser Howard, Director of Research at SophosLabs, for this fascinating episode on how to fight cybercrime.
π΄ Videoconferencing Worries Grow, With SMBs in Cyberattack Crosshairs π΄
π Read
via "Dark Reading".
Securing videoconferencing solutions is just one of many IT security challenges small businesses are facing, often with limited financial and human resources.π Read
via "Dark Reading".
Dark Reading
Videoconferencing Worries Grow, With SMBs in Cyberattack Crosshairs
Securing videoconferencing solutions is just one of many IT security challenges small businesses are facing, often with limited financial and human resources.
π΄ LastPass Cops to Massive Breach Including Customer Vault Data π΄
π Read
via "Dark Reading".
The follow-on attack from August's source-code breach could fuel future campaigns against LastPass customers.π Read
via "Dark Reading".
Dark Reading
LastPass Cops to Massive Breach Including Customer Vault Data
The follow-on attack from August's source-code breach could fuel future campaigns against LastPass customers.
β LastPass finally admits: They did steal your password vaults after all β
π Read
via "Naked Security".
The crooks now know who you are, where you live, which computers are yours... and they got those password vaults, too.π Read
via "Naked Security".
Naked Security
LastPass finally admits: Those crooks who got in? They did steal your password vaults, after allβ¦
The crooks now know who you are, where you live, which computers are yours, where you go online⦠and they got those password vaults, too.
βΌ CVE-2022-47943 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in ksmbd in the Linux kernel before 5.19.2. There is an out-of-bounds read and OOPS for SMB2_WRITE, when there is a large length in the zero DataOffset case.π Read
via "National Vulnerability Database".
π΄ Container Verification Bug Allows Malicious Images to Cloud Up Kubernetes π΄
π Read
via "Dark Reading".
A complete bypass of the Kyverno security mechanism for container image imports allows cyberattackers to completely take over a Kubernetes pod to steal data and inject malware.π Read
via "Dark Reading".
Dark Reading
Container Verification Bug Allows Malicious Images to Cloud Up Kubernetes
A complete bypass of the Kyverno security mechanism for container image imports allows cyberattackers to completely take over a Kubernetes pod to steal data and inject malware.
βΌ CVE-2022-28228 βΌ
π Read
via "National Vulnerability Database".
Out-of-bounds read was discovered in YDB server. An attacker could construct a query with insert statement that would allow him to read sensitive information from other memory locations or cause a crash.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-28229 βΌ
π Read
via "National Vulnerability Database".
The hash functionality in userver before 42059b6319661583b3080cab9b595d4f8ac48128 allows attackers to cause a denial of service via crafted HTTP request, involving collisions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47946 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel 5.10.x before 5.10.155. A use-after-free in io_sqpoll_wait_sq in fs/io_uring.c allows an attacker to crash the kernel, resulting in denial of service. finish_wait can be skipped. An attack can occur in some situations by forking a process and then quickly terminating it. NOTE: later kernel versions, such as the 5.15 longterm series, substantially changed the implementation of io_sqpoll_wait_sq.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47945 βΌ
π Read
via "National Vulnerability Database".
ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23854 βΌ
π Read
via "National Vulnerability Database".
AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the system outside of the secure gateway web server.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47633 βΌ
π Read
via "National Vulnerability Database".
An image signature validation bypass vulnerability in Kyverno 1.8.3 and 1.8.4 allows a malicious image registry (or a man-in-the-middle attacker) to inject unsigned arbitrary container images into a protected Kubernetes cluster. This is fixed in 1.8.5. This has been fixed in 1.8.5 and mitigations are available for impacted releases.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38658 βΌ
π Read
via "National Vulnerability Database".
BigFix deployments that have installed the Notification Service on Windows are susceptible to disclosing SMTP BigFix operator's sensitive data in clear text. Operators who use Notification Service related content from BES Support are at risk of leaving their SMTP sensitive data exposed.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40011 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in typora through 1.38 allows remote attackers to run arbitrary code via export from editor.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22449 βΌ
π Read
via "National Vulnerability Database".
IBM Security Verify Governance, Identity Manager 10.01 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 224915.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45798 βΌ
π Read
via "National Vulnerability Database".
A link following vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges by creating a symbolic link and abusing the service to delete a file. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.π Read
via "National Vulnerability Database".