‼ CVE-2022-23506 ‼
📖 Read
via "National Vulnerability Database".
Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes, and Spinnaker's Rosco microservice produces machine images. Rosco prior to versions 1.29.2, 1.28.4, and 1.27.3 does not property mask secrets generated via packer builds. This can lead to exposure of sensitive AWS credentials in packer log files. Versions 1.29.2, 1.28.4, and 1.27.3 of Rosco contain fixes for this issue. A workaround is available. It's recommended to use short lived credentials via role assumption and IAM profiles. Additionally, credentials can be set in `/home/spinnaker/.aws/credentials` and `/home/spinnaker/.aws/config` as a volume mount for Rosco pods vs. setting credentials in roscos bake config properties. Last even with those it's recommend to use IAM Roles vs. long lived credentials. This drastically mitigates the risk of credentials exposure. If users have used static credentials, it's recommended to purge any bake logs for AWS, evaluate whether AWS_ACCESS_KEY, SECRET_KEY and/or other sensitive data has been introduced in log files and bake job logs. Then, rotate these credentials and evaluate potential improper use of those credentials.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32647 ‼
📖 Read
via "National Vulnerability Database".
In ccu, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07554646; Issue ID: ALPS07554646.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32636 ‼
📖 Read
via "National Vulnerability Database".
In keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07510064; Issue ID: ALPS07510064.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32641 ‼
📖 Read
via "National Vulnerability Database".
In meta wifi, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07453594; Issue ID: ALPS07453594.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44036 ‼
📖 Read
via "National Vulnerability Database".
RESERVED There is an arbitrary file upload vulnerability in b2evolution v7.2.5. Attackers can use this vulnerability to execute remote commands.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32638 ‼
📖 Read
via "National Vulnerability Database".
In isp, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494449; Issue ID: ALPS07494449.📖 Read
via "National Vulnerability Database".
🕴 2023 Will See Renewed Focus on Quantum Computing 🕴
📖 Read
via "Dark Reading".
Adopting post-quantum cryptography is something that has been discussed for years; it's time for organizations to get to work.📖 Read
via "Dark Reading".
Dark Reading
2023 Will See Renewed Focus on Quantum Computing
Adopting post-quantum cryptography has been discussed for years; now it's time for organizations to get to work.
‼ CVE-2022-46081 ‼
📖 Read
via "National Vulnerability Database".
In Garmin Connect 4.61, terminating a LiveTrack session wouldn't prevent the LiveTrack API from continued exposure of private personal information.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-39084 ‼
📖 Read
via "National Vulnerability Database".
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44445 ‼
📖 Read
via "National Vulnerability Database".
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-25094 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in innologi appointments Extension up to 2.0.5. This affects an unknown part of the component Appointment Handler. The manipulation of the argument formfield leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 2.0.6 is able to address this issue. The name of the patch is 986d3cb34e5e086c6f04e061f600ffc5837abe7f. It is recommended to upgrade the affected component. The identifier VDB-217353 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44430 ‼
📖 Read
via "National Vulnerability Database".
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39104 ‼
📖 Read
via "National Vulnerability Database".
In contacts service, there is a missing permission check. This could lead to local denial of service in Contacts service with no additional execution privileges needed.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44434 ‼
📖 Read
via "National Vulnerability Database".
In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.📖 Read
via "National Vulnerability Database".
‼ CVE-2014-125039 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in kkokko NeoXplora. Affected by this issue is some unknown functionality of the component Trainer Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is dce1aecd6ee050a29f953ffd8f02f21c7c13f1e6. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217352.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39087 ‼
📖 Read
via "National Vulnerability Database".
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44439 ‼
📖 Read
via "National Vulnerability Database".
In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39083 ‼
📖 Read
via "National Vulnerability Database".
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44428 ‼
📖 Read
via "National Vulnerability Database".
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.📖 Read
via "National Vulnerability Database".
‼ CVE-2010-10003 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in gesellix titlelink. Affected by this vulnerability is an unknown functionality of the file plugin_content_title.php. The manipulation of the argument phrase leads to sql injection. The name of the patch is b4604e523853965fa981a4e79aef4b554a535db0. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217351.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38682 ‼
📖 Read
via "National Vulnerability Database".
In contacts service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.📖 Read
via "National Vulnerability Database".