βΌ CVE-2021-3876 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25636 βΌ
π Read
via "National Vulnerability Database".
LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to contain both "X509Data" and "KeyValue" children of the "KeyInfo" tag, which when opened caused LibreOffice to verify using the "KeyValue" but to report verification with the unrelated "X509Data" value. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.5.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25638 βΌ
π Read
via "National Vulnerability Database".
In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. This occurs when the sig_algo field differs between the certificate_verify message and the certificate message.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44567 βΌ
π Read
via "National Vulnerability Database".
An SQL Injection vulnerability exits in RosarioSIS before 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25101 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the component /templates/install.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25075 βΌ
π Read
via "National Vulnerability Database".
TOTOLink A3000RU V5.9c.2280_B20180512 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44610 βΌ
π Read
via "National Vulnerability Database".
Multiple SQL Injection vulnerabilities exist in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) URLs, (2) lang_id, (3) tmpl_id, (4) mod_rewrite (5) eta_doctype. (6) meta_charset, (7) default_group, and (8) page group parameters in the settings mode in admin/index.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44607 βΌ
π Read
via "National Vulnerability Database".
A Cross Site Scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 in the Assets page via an SVG file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25640 βΌ
π Read
via "National Vulnerability Database".
In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual authentication. A client can simply omit the certificate_verify message from the handshake, and never present a certificate.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3871 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2021. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25404 βΌ
π Read
via "National Vulnerability Database".
Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in delete.php via the DELETE_STR parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25838 βΌ
π Read
via "National Vulnerability Database".
Laravel Fortify before 1.11.1 allows reuse within a short time window, thus calling into question the "OT" part of the "TOTP" concept.π Read
via "National Vulnerability Database".
β S3 Ep71: VMware escapes, PHP holes, WP plugin woes, and scary scams [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Microsoft App Store Sizzling with New βElectron Botβ Malware β
π Read
via "Threat Post".
The SEO poisoning bot, capable of full system takeover, is actively taking over social media accounts, masquerading as popular games like Temple Run.π Read
via "Threat Post".
Threat Post
Microsoft App Store Sizzling with New βElectron Botβ Malware
The SEO poisoning bot, capable of full system takeover, is actively taking over social media accounts, masquerading as popular games like Temple Run.
π΄ 4 Simple Steps to a Modernized Threat Intelligence Approach π΄
π Read
via "Dark Reading".
As cybersecurity strategies continuously evolve to keep pace with attackers, the relevance of the traditional model is in need of an automation upgrade.π Read
via "Dark Reading".
Dark Reading
4 Simple Steps to a Modernized Threat Intelligence Approach
As cybersecurity strategies continuously evolve to keep pace with attackers, the relevance of the traditional model is in need of an automation upgrade.
βΌ CVE-2021-38995 βΌ
π Read
via "National Vulnerability Database".
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 213073.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2021-38994 βΌ
π Read
via "National Vulnerability Database".
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 213072.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22793 βΌ
π Read
via "National Vulnerability Database".
Cybonet - PineApp Mail Relay Local File Inclusion. Attacker can send a request to : /manage/mailpolicymtm/log/eml_viewer/email.content.body.php?filesystem_path=ENCDODED PATH and by doing that, the attacker can read Local Files inside the server.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22349 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import invalid data which could be used for an attack. IBM X-Force ID: 220144.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22794 βΌ
π Read
via "National Vulnerability Database".
Cybonet - PineApp Mail Relay Unauthenticated Sql Injection. Attacker can send a request to: /manage/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /admin/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /manage/emailrichment/usersunlist.php?CUSTOMER_ID_INNER=1 /admin/emailrichment/usersunlist.php?CUSTOMER_ID_INNER=1 and by doing that, the attacker can run Remote Code Execution in one liner.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39038 βΌ
π Read
via "National Vulnerability Database".
IBM WebSphere Application Server 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 213968.π Read
via "National Vulnerability Database".