CVE-2022-39266 : ISOLATED-VM UP TO 4.3.6 API PROTECTION MECHANISM
Description isolated-vm is a library for nodejs which gives the user access to v8’s Isolate interface. In versions 4.3.6 and
What Is Remote File Inclusion (RFI)? How Does Remote File Inclusion Work?
What is Remote File Inclusion (RFI)? RFI is also known as Remote file inclusion. In this the attackers or Penetration
What Is Session Hijacking? How To Prevent Session Hijacking?
What is Session Hijacking? Session Hijacking is the type of attack in which the attacker takes over or hijacks a
CVE-2022-34424 : DELL OS10 10.5.1.X/10.5.2.X/10.5.3.X OUT-OF-BOUNDS WRITE
Description Networking OS10, versions 10.5.1.x, 10.5.2.x, and 10.5.3.x contain a vulnerability that could allow an attacker to cause a system
CVE-2022-41604 : CHECK POINT ZONEALARM EXTREME SECURITY PRIOR 15.8.211.19229 UPDATES PERMISSION
Description Check Point ZoneAlarm Extreme Security before 15.8.211.19229 allows local users to escalate privileges. This occurs because of weak permissions
CVE-2022-39243 : NUPROCESS UP TO 2.0.4 COMMAND LINE ARGUMENT JAVA_JAVA_LANG_UNIXPROCESS_FORKANDEXEC COMMAND INJECTION
Description NuProcess is an external process execution implementation for Java. In all the versions of NuProcess where it forks processes
CVE-2022-2025 : GRANDSTREAM GSD3710 1.0.11.13 STRCOPY STACK-BASED OVERFLOW
Description An attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it
DNS Security Extensions (DNSSEC) – Why Did The Need Arise For Its Implementation?
What is DNS and how does it work? DNS is the abbreviation for Domain Name System. The task of the
CVE-2022-2315 : DATABASE SOFTWARE PRIOR 2 ACCREDITATION TRACKING/PRESENTATION SQL INJECTION
Description Database Software Accreditation Tracking/Presentation Module product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in
CVE-2022-37877 : ARUBA CLEARPASS POLICY MANAGER UP TO 6.9.11/6.10.6 ON MACOS ONGUARD AGENT PRIVILEGE ESCALATION
Description A vulnerability in the ClearPass OnGuard macOS agent could allow malicious users on a macOS instance to elevate their
What is General Data Protection Regulation (GDPR)?
GDPR (General data protection regulation) is regulation to provide uniform data protection by eliminating the inconsistencies in national laws of
CVE-2022-23768 : NEO INFORMATION SYSTEMS NIS-HAP11AC PRIOR 4.2-B20220530142945 TELNET SERVICE ACCESS CONTROL
Description This Vulnerability in NIS-HAP11AC is caused by an exposed external port for the telnet service. Remote attackers use this
How Content Security Policy (CSP) Secures Web Clients?
What is Content Security Policy (CSP)? Content Security Policy (CSP) is an additional layer of security on the HTTP browser
CVE-2022-28758 : ZOOM ON-PREMISE MEETING CONNECTOR MMR PRIOR 4.8.20220815.130 ACCESS CONTROL
Description Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious
What Is Swagger? How To Provide Security To Swagger?
What is Swagger? Swagger is the way of defining the structure of APIs (Application Programming Interface). Swagger is specifically developed
CVE-2022-2977 : LINUX KERNEL TPM DEVICE USE AFTER FREE
Description A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized
CVE-2022-37703 : AMANDA 3.5.1 CALCSIZE OPENDIR PRIVILEGES MANAGEMENT
Description In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this
What Is A Supply Chain Attack? How To Prevent Them?
What is a Supply Chain Attack? The supply chain includes everything from the delivery of materials from suppliers to manufacturers
CVE-2022-31226 : DELL BIOS STACK-BASED OVERFLOW
Description Dell BIOS versions contain a Stack-based Buffer Overflow vulnerability. A local authenticated malicious user could potentially exploit this vulnerability
CVE-2022-39135 : APACHE CALCITE UP TO 1.31.X XML EXTERNAL ENTITY REFERENCE
Description In Apache Calcite prior to version 1.32.0 the SQL operators EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM and EXTRACT_VALUE do not restrict XML
What Is Clickjacking? How Can A Hacker Steal Your Mouse Clicks?
What Is Clickjacking? Users are tricked into believing they are clicking on one thing when they are actually clicking on
What Is Remote Code Execution? How Does It works?
What Is Remote Code Execution? Remote Code Execution or RCE, also known as arbitrary code execution is a network vulnerability
CVE-2022-36642 : TELOS ALLIANCE OMNIA MPX NODE UP TO 1.5.0+R1 /APPCONFIG/USERDB.JSON ACCESS CONTROL
Description A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node through 1.0.0-1.4.9 allows attackers to access
What Is Container Runtime Protection? What Are The Tools Used?
What is Container Runtime Protection? Container runtime protection provides security for containers during runtime. With the evolution of container technology,