βΌ CVE-2022-22265 βΌ
π Read
via "National Vulnerability Database".
An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42392 βΌ
π Read
via "National Vulnerability Database".
The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console which leads to unauthenticated remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22569 βΌ
π Read
via "National Vulnerability Database".
An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44528 βΌ
π Read
via "National Vulnerability Database".
A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40022 βΌ
π Read
via "National Vulnerability Database".
The weaver module has a vulnerability in parameter type verification,Successful exploitation of this vulnerability may affect data confidentiality.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23568 βΌ
π Read
via "National Vulnerability Database".
The package extend2 before 1.0.1 are vulnerable to Prototype Pollution via the extend function due to unsafe recursive merge.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40001 βΌ
π Read
via "National Vulnerability Database".
The CaasKit module has a path traversal vulnerability. Successful exploitation of this vulnerability may cause the MeeTime application to be unavailable.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46163 βΌ
π Read
via "National Vulnerability Database".
Kentico Xperience 13.0.44 allows XSS via an XML document to the Media Libraries subsystem.π Read
via "National Vulnerability Database".
π΄ The Evolution of Patch Management: How and When It Got So Complicated π΄
π Read
via "Dark Reading".
In the wake of WannaCry and its ilk, the National Vulnerability Database arose to help security organizations track and prioritize vulnerabilities to patch. Part 1 of 3.π Read
via "Dark Reading".
Dark Reading
The Evolution of Patch Management: How and When It Got So Complicated
In the wake of WannaCry and its ilk, the National Vulnerability Database arose to help security organizations track and prioritize vulnerabilities to patch. Part 1 of 3.
βΌ CVE-2022-22264 βΌ
π Read
via "National Vulnerability Database".
Improper sanitization of incoming intent in Dressroom prior to SMR Jan-2022 Release 1 allows local attackers to read and write arbitrary files without permission.π Read
via "National Vulnerability Database".
π¦Ώ Behind the scenes: A day in the life of a security auditing manager π¦Ώ
π Read
via "Tech Republic".
Working with clients on finding vulnerabilities within their cybersecurity frameworks is the key part of a security manager's job. Here's how one security auditing manager gets it done.π Read
via "Tech Republic".
TechRepublic
Behind the scenes: A day in the life of a security auditing manager
Working with clients on finding vulnerabilities within their cybersecurity frameworks
is the key part of a security manager's job. Here's how one security auditing manager gets it done.
is the key part of a security manager's job. Here's how one security auditing manager gets it done.
ποΈ Report: DDoS attacks increasing year on year as cybercriminals demand extortionate payouts ποΈ
π Read
via "The Daily Swig".
Crooks attempt to cash in by upping the anteπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Report: DDoS attacks increasing year on year as cybercriminals demand extortionate payouts
Crooks attempt to cash in by upping the ante
β Cyber-Spike: Orgs Suffer 925 Attacks per Week, an All-Time High β
π Read
via "Threat Post".
Cyberattacks increased 50 percent YoY in 2021 and peaked in December due to a frenzy of Log4j exploits, researchers found.π Read
via "Threat Post".
Threat Post
Cyber-Spike: Orgs Suffer 925 Attacks per Week, an All-Time High
Cyberattacks increased 50 percent YoY in 2021 and peaked in December due to a frenzy of Log4j exploits, researchers found.
βΌ CVE-2022-22116 βΌ
π Read
via "National Vulnerability Database".
In Directus, versions 9.0.0-alpha.4 through 9.4.1 are vulnerable to stored Cross-Site Scripting (XSS) vulnerability via SVG file upload in media upload functionality. A low privileged attacker can inject arbitrary javascript code which will be executed in a victimΓ’β¬β’s browser when they open the image URL.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44586 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in dst-admin v1.3.0. The product has an unauthorized arbitrary file download vulnerability that can expose sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0156 βΌ
π Read
via "National Vulnerability Database".
vim is vulnerable to Use After Freeπ Read
via "National Vulnerability Database".
βΌ CVE-2022-0158 βΌ
π Read
via "National Vulnerability Database".
vim is vulnerable to Heap-based Buffer Overflowπ Read
via "National Vulnerability Database".
βΌ CVE-2021-25052 βΌ
π Read
via "National Vulnerability Database".
The Button Generator WordPress plugin before 2.3.3 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22115 βΌ
π Read
via "National Vulnerability Database".
In Teedy, versions v1.5 through v1.9 are vulnerable to Stored Cross-Site Scripting (XSS) in the name of a created Tag. Since the Tag name is not being sanitized properly in the edit tag page, a low privileged attacker can store malicious scripts in the name of the Tag. In the worst case, the victim who inadvertently triggers the attack is a highly privileged administrator. The injected scripts can extract the Session ID, which can lead to full Account Takeover of the administrator, and privileges escalation.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24948 βΌ
π Read
via "National Vulnerability Database".
The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not validate the qvquery parameter of the tp_get_dl_post_info_ajax AJAX action, which could allow unauthenticated users to retrieve sensitive information, such as private and draft postsπ Read
via "National Vulnerability Database".
βΌ CVE-2021-25054 βΌ
π Read
via "National Vulnerability Database".
The WPcalc WordPress plugin through 2.1 does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection vulnerability.π Read
via "National Vulnerability Database".