‼ CVE-2021-29395 ‼
📖 Read
via "National Vulnerability Database".
Directory travesal in /northstar/filemanager/download.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to download arbitrary files, including JSP source code, across the filesystem of the host of the web application.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24129 ‼
📖 Read
via "National Vulnerability Database".
The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allows server-side request forgery (SSRF) due to insufficient restriction of the request_uri parameter. This allows attackers to interact with arbitrary third-party HTTP services.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23507 ‼
📖 Read
via "National Vulnerability Database".
The package object-path-set before 1.0.2 are vulnerable to Prototype Pollution via the setPath method, as it allows an attacker to merge object prototypes into it. *Note:* This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-OBJECTPATHSET-607908📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29398 ‼
📖 Read
via "National Vulnerability Database".
Directory traversal in /northstar/Common/NorthFileManager/fileManagerObjects.jsp Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to browse and list the directories across the entire filesystem of the host of the web application.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45408 ‼
📖 Read
via "National Vulnerability Database".
Open Redirect vulnerability exists in SeedDMS 6.0.15 in out.Login.php, which llows remote malicious users to redirect users to malicious sites using the "referuri" parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29393 ‼
📖 Read
via "National Vulnerability Database".
Remote Code Execution in cominput.jsp and comoutput.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to inject and execute arbitrary system commands via the unsanitized user-controlled "command" and "commandvalues" parameters.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23497 ‼
📖 Read
via "National Vulnerability Database".
This affects the package @strikeentco/set before 1.0.2. It allows an attacker to cause a denial of service and may lead to remote code execution. **Note:** This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-STRIKEENTCOSET-1038821📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45429 ‼
📖 Read
via "National Vulnerability Database".
A Buffer Overflow vulnerablity exists in VirusTotal YARA git commit: 605b2edf07ed8eb9a2c61ba22eb2e7c362f47ba7 via yr_set_configuration in yara/libyara/libyara.c, which could cause a Denial of Service.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24448 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29396 ‼
📖 Read
via "National Vulnerability Database".
Systemic Insecure Permissions in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to use various functionalities without authentication.📖 Read
via "National Vulnerability Database".
🕴 The 3 Most Common Causes of Data Breaches in 2021 🕴
📖 Read
via "Dark Reading".
Phishing, Smishing, BEC📖 Read
via "Dark Reading".
Dark Reading
The 3 Most Common Causes of Data Breaches in 2021
Phishing, smishing, and business email compromise continue to do their dirty work.
‼ CVE-2022-23329 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJCMS Jspxcms v10.2.0 allows attackers to execute arbitrary commands via uploading malicious files.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46671 ‼
📖 Read
via "National Vulnerability Database".
options.c in atftp before 0.7.5 reads past the end of an array, and consequently discloses server-side /etc/group data to a remote client.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23330 ‼
📖 Read
via "National Vulnerability Database".
A remote code execution (RCE) vulnerability in HelloWorldAddonController.java of jpress v4.2.0 allows attackers to execute arbitrary code via a crafted JAR package.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24348 ‼
📖 Read
via "National Vulnerability Database".
Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover credentials stored in a YAML file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23947 ‼
📖 Read
via "National Vulnerability Database".
A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon DCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23560 ‼
📖 Read
via "National Vulnerability Database".
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would allow limited reads and writes outside of arrays in TFLite. This exploits missing validation in the conversion from sparse tensors to dense tensors. The fix is included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. Users are advised to upgrade as soon as possible.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23577 ‼
📖 Read
via "National Vulnerability Database".
Tensorflow is an Open Source Machine Learning Framework. The implementation of `GetInitOp` is vulnerable to a crash caused by dereferencing a null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0487 ‼
📖 Read
via "National Vulnerability Database".
A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23557 ‼
📖 Read
via "National Vulnerability Database".
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would trigger a division by zero in `BiasAndClamp` implementation. There is no check that the `bias_size` is non zero. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24114 ‼
📖 Read
via "National Vulnerability Database".
Local privilege escalation due to race condition on application startup. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287📖 Read
via "National Vulnerability Database".