‼ CVE-2022-23378 ‼
📖 Read
via "National Vulnerability Database".
A Cross-Site Scripting (XSS) vulnerability exists within the 3.2.2 version of TastyIgniter. The "items%5B0%5D%5Bpath%5D" parameter of a request made to /admin/allergens/edit/1 is vulnerable.📖 Read
via "National Vulnerability Database".
🕴 Log4j and the Role of SBOMs in Reducing Software Security Risk 🕴
📖 Read
via "Dark Reading".
Enterprises are spending a pittance on securing their software supply chain, which makes COTS software dangerous — vulnerabilities can be "hidden" in open source components.📖 Read
via "Dark Reading".
Dark Reading
Log4j and the Role of SBOMs in Reducing Software Security Risk
Enterprises are spending a pittance on securing their software supply chain, which makes COTS software dangerous — vulnerabilities can be "hidden" in open source components.
🗓️ Couple charged with laundering proceeds from $4.5bn Bitfinex cryptocurrency hack 🗓️
📖 Read
via "The Daily Swig".
US investigators recover $3.6bn in digital assets📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Couple charged with laundering proceeds from $4.5bn Bitfinex cryptocurrency hack
US investigators recover $3.6bn in digital assets
🛠 GNU Privacy Guard 2.2.34 🛠
📖 Read
via "Packet Storm Security".
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions. This is the LTS release.📖 Read
via "Packet Storm Security".
Packetstormsecurity
GNU Privacy Guard 2.2.34 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
‼ CVE-2022-23102 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Affected products contain an open redirect vulnerability. An attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading to phishing attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46151 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14754, ZDI-CAN-15082)📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20009 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46152 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a type confusion vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14643, ZDI-CAN-14644, ZDI-CAN-14755, ZDI-CAN-15183)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23312 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP9 Security Patch 1). The integrated web application "Online Help" in affected product contains a Cross-Site Scripting (XSS) vulnerability that could be exploited if unsuspecting users are tricked into accessing a malicious link.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3813 ‼
📖 Read
via "National Vulnerability Database".
Improper Privilege Management in GitHub repository chatwoot/chatwoot prior to v2.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46153 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a memory corruption vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14645, ZDI-CAN-15305, ZDI-CAN-15589, ZDI-CAN-15599)📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20002 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37194 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.2.14 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS allows to upload and store arbitrary files at the webserver. This could allow an attacker to store malicious files.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46160 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15286)📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20010 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46154 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a stack based buffer overflow vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14646, ZDI-CAN-14679, ZDI-CAN-15084, ZDI-CAN-15304)📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46158 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a stack based buffer overflow vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15085, ZDI-CAN-15289, ZDI-CAN-15602)📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44000 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in JT2Go (All versions), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V12.4 (All versions), Teamcenter Visualization V13.1 (All versions), Teamcenter Visualization V13.2 (All versions), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15053)📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20008 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37855 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37858 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none.📖 Read
via "National Vulnerability Database".