βΌ CVE-2021-3596 βΌ
π Read
via "National Vulnerability Database".
A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c. This issue is due to not checking the return value from libxml2's xmlCreatePushParserCtxt() and uses the value directly, which leads to a crash and segmentation fault.π Read
via "National Vulnerability Database".
βΌ CVE-2020-14481 βΌ
π Read
via "National Vulnerability Database".
The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user credentials, including the Windows user or Windows DeskLock passwords. If the compromised user has an administrative account, an attacker could gain full access to the userΓ’β¬β’s operating system and certain components of FactoryTalk View SE.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24709 βΌ
π Read
via "National Vulnerability Database".
@awsui/components-react is the main AWS UI package which contains React components, with TypeScript definitions designed for user interface development. Multiple components in versions before 3.0.367 have been found to not properly neutralize user input and may allow for javascript injection. Users are advised to upgrade to version 3.0.367 or later. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24232 βΌ
π Read
via "National Vulnerability Database".
A local file inclusion in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0544 βΌ
π Read
via "National Vulnerability Database".
An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3700 βΌ
π Read
via "National Vulnerability Database".
A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts of buffered write data in the case of a slow or blocked destination.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44662 βΌ
π Read
via "National Vulnerability Database".
A Site Scripting (XSS) vulnerability exists in the Xerte Project Xerte through 3.8.4 via the link parameter in print.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44532 βΌ
π Read
via "National Vulnerability Database".
Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25148 βΌ
π Read
via "National Vulnerability Database".
The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_id parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.5.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25305 βΌ
π Read
via "National Vulnerability Database".
The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the IP parameter found in the ~/includes/class-wp-statistics-ip.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when site administrators view a sites statistics, in versions up to and including 13.1.5.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0653 βΌ
π Read
via "National Vulnerability Database".
The Profile Builder Γ’β¬β User Profile & User Registration Forms WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the site_url parameter found in the ~/assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specially crafted link by an attacker. This affects versions up to and including 3.6.1.π Read
via "National Vulnerability Database".
βΌ CVE-2020-10640 βΌ
π Read
via "National Vulnerability Database".
Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a specific communication service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0651 βΌ
π Read
via "National Vulnerability Database".
The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_type parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.5.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44663 βΌ
π Read
via "National Vulnerability Database".
A Remote Code Execution (RCE) vulnerability exists in the Xerte Project Xerte through 3.8.4 via a crafted php file through elfinder in connetor.php.π Read
via "National Vulnerability Database".
βΌ CVE-2020-10636 βΌ
π Read
via "National Vulnerability Database".
Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4 user accounts to be obtained.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25306 βΌ
π Read
via "National Vulnerability Database".
The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the browser parameter found in the ~/includes/class-wp-statistics-visitor.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when site administrators view a sites statistics, in versions up to and including 13.1.5.π Read
via "National Vulnerability Database".
βΌ CVE-2020-14502 βΌ
π Read
via "National Vulnerability Database".
The web interface of the 1734-AENTR communication module is vulnerable to stored XSS. A remote, unauthenticated attacker could store a malicious script within the web interface that, when executed, could modify some string values on the homepage of the web interface.π Read
via "National Vulnerability Database".
βΌ CVE-2020-14504 βΌ
π Read
via "National Vulnerability Database".
The web interface of the 1734-AENTR communication module mishandles authentication for HTTP POST requests. A remote, unauthenticated attacker can send a crafted request that may allow for modification of the configuration settings.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0546 βΌ
π Read
via "National Vulnerability Database".
A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2020-14478 βΌ
π Read
via "National Vulnerability Database".
A local, authenticated attacker could use an XML External Entity (XXE) attack to exploit weakly configured XML files to access local or remote content. A successful exploit could potentially cause a denial-of-service condition and allow the attacker to arbitrarily read any local file via system-level services.π Read
via "National Vulnerability Database".
π1
β The Harsh Truths of Cybersecurity in 2022, Part II β
π Read
via "Threat Post".
Sonya Duffin, ransomware and data-protection expert at Veritas Technologies, shares three steps organizations can take today to reduce cyberattack fallout.π Read
via "Threat Post".
Threat Post
The Harsh Truths of Cybersecurity in 2022, Part II
Sonya Duffin, ransomware and data-protection expert at Veritas Technologies, shares three steps organizations can take today to reduce cyberattack fallout.