IBM InfoSphere Information Server 安全漏洞

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A security vulnerability exists in IBM InfoSphere Information Server version 11.7 that stems fro...

Centreon Contact Group SQL Injection Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the contact groups configuration page. The issue results from the lack of proper validation of a...

PT-2022-26429 · Centreon · Centreon

Name of the Vulnerable Software and Affected Versions: Centreon affected versions not specified Description: This issue allows remote attackers to escalate privileges on affected installations. Authentication is required to exploit this issue. The specific flaw exists within the contact groups...

Glut of Fake LinkedIn Profiles Pits HR Against the Bots

A recent proliferation of phony executive profiles on LinkedIn is creating something of an identity crisis for the business networking site, and for companies that rely on it to hire and screen prospective employees. The fabricated LinkedIn identities -- which pair AI-generated profile photos wit...

keycloak: Stored XSS in groups dropdown

A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting XSS attack...

Information Disclosure

moodle/moodle is vulnerable to information disclosure. The vulnerability exists because the activity attempts report does not properly filter by groups in the getreport function of manager.php, allowing an attacker to reveal the information about attempts or users in groups to non-editing teacher...

GHSA-385F-VGQ7-8HHX Moodle No groups filtering in H5P activity attempts report

The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to...

Moodle No groups filtering in H5P activity attempts report

The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to...

CVE-2022-40316

The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to...

UBUNTU-CVE-2022-40316

The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to...

CVE-2022-40316

CVE-2022-40316 affects Moodle (H5P activity attempts report). The issue is an information disclosure: the report did not filter by groups in separate groups mode, potentially exposing attempts/users in groups to non-editing teachers. Documented CVSS 3.1 base score 4.3 (MEDIUM) with low confidenti...

How one product manager builds community at Microsoft Security

I first met Joey Cruz not long after he joined the Microsoft Identity and Network Access IDNA team when he helped create demos for a keynote speech I was delivering. Joey has a way of making you feel that even if something goes sideways, it will all be okay because he will make sure it is. As...

Hackers Aid Protests Against Iranian Government with Proxies, Leaks and Hacks

Several hacktivist groups are using Telegram and other tools to aid anti-government protests in Iran to bypass regime censorship restrictions amid ongoing unrest in the country following the death of Mahsa Amini in custody. "Key activities are data leaking and selling, including officials' phone...

Researchers Identify 3 Hacktivist Groups Supporting Russian Interests

At least three alleged hacktivist groups working in support of Russian interests are likely doing so in collaboration with state-sponsored cyber threat actors, according to Mandiant. The Google-owned threat intelligence and incident response firm said with moderate confidence that "moderators of...

OESA-2022-1936 docker security update

Docker is an open source project to build, ship and run any application as a lightweight container. Security Fixes: Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where supplementary groups are not set up properly. If an...

CVE-2022-3277

An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significa...

Control System Defense: Know the Opponent

Summary Traditional approaches to securing OT/ICS do not adequately address current threats. Operational technology/industrial control system OT/ICS assets that operate, control, and monitor day-to-day critical infrastructure and industrial processes continue to be an attractive target for...

Stored Cross-Site Scripting (XSS)

Description There is insufficient input validation in the pop-up notifications. Proof of Concept Steps to reproduce: 1. Log in to an admin account 2. Click on Ports - Manage Groups 3. Create a new Port Group with the Name alertdocument.location and an arbitrary Description 4. The XSS is triggered...

GO-2022-1008 Unauthorized file access in github.com/containers/buildah

SGID programs executed in a container can access files that have negative group permissions for the user's primary group. Consider a file which is owned by user u1 and group g1, permits user and other read access, and does NOT permit group read access. This file is readable by u1 and all other...

Improper Access Control

github.com/cri-o/cri-o is vulnerable to improper access control. The vulnerability exists because of incorrect handling of the supplementary groups, which allows local authenticated attackers to access restricted information or possible unauthorized data modification...