βΌ CVE-2022-22943 βΌ
π Read
via "National Vulnerability Database".
VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0) contains an uncontrolled search path vulnerability. A malicious actor with local administrative privileges in the Windows guest OS, where VMware Tools is installed, may be able to execute code with system privileges in the Windows guest OS due to an uncontrolled search path element.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22687 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0265 βΌ
π Read
via "National Vulnerability Database".
Improper Restriction of XML External Entity Reference in GitHub repository hazelcast/hazelcast prior to 5.1.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22695 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22690 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22689 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23051 βΌ
π Read
via "National Vulnerability Database".
PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while adding an 'Attack Tree' by modifying the 'svg_file' parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22947 βΌ
π Read
via "National Vulnerability Database".
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23708 βΌ
π Read
via "National Vulnerability Database".
A flaw was discovered in Elasticsearch 7.17.0Γ’β¬β’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated users with Γ’β¬Ε*Γ’β¬οΏ½ index permissions access to this index.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2021-4002 βΌ
π Read
via "National Vulnerability Database".
A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data.π Read
via "National Vulnerability Database".
ποΈ Equifax data breach: Consumers unlikely to benefit financially from final settlement ποΈ
π Read
via "The Daily Swig".
Potential claimants would face an βuphill battle in order to establish standingβ, says US privacy law expertπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Equifax data breach: Consumers unlikely to benefit financially from final settlement
Potential claimants would face an βuphill battle in order to establish standingβ, says US privacy law expert
βΌ CVE-2022-23327 βΌ
π Read
via "National Vulnerability Database".
A design flaw in Go-Ethereum 1.10.12 and older versions allows an attacker node to send 5120 future transactions with a high gas price in one message, which can purge all of pending transactions in a victim node's memory pool, causing a denial of service (DoS).π Read
via "National Vulnerability Database".
βΌ CVE-2022-0752 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Generic in GitHub repository hestiacp/hestiacp prior to 1.5.9.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23328 βΌ
π Read
via "National Vulnerability Database".
A design flaw in all versions of Go-Ethereum allows an attacker node to send 5120 pending transactions of a high gas price from one account that all fully spend the full balance of the account to a victim Geth node, which can purge all of pending transactions in a victim node's memory pool and then occupy the memory pool to prevent new transactions from entering the pool, resulting in a denial of service (DoS).π Read
via "National Vulnerability Database".
ποΈ RCE vulnerability in Dynamicweb enterprise software could allow server compromise ποΈ
π Read
via "The Daily Swig".
βExtremely easy to exploitβ bug introduced to codebase in 2018, say researchersπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
RCE vulnerability in Dynamicweb enterprise software could allow server compromise
βExtremely easy to exploitβ bug introduced to codebase in 2018, say researchers
π΄ DORA's Global Reach and Why Enterprises Need to Prepare π΄
π Read
via "Dark Reading".
The new EU regulation is a response to the rise of ransomware attacks and other new cyberthreats that have proliferated in the wake of the global pandemic.π Read
via "Dark Reading".
Dark Reading
DORA's Global Reach and Why Enterprises Need to Prepare
The new EU regulation is a response to the rise of ransomware attacks and other new cyberthreats that have proliferated in the wake of the global pandemic.
βΌ CVE-2021-46393 βΌ
π Read
via "National Vulnerability Database".
There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v10 variable is directly retrieved from the http request parameter startIp. Then v10 will be splice to stack by function sscanf without any security check,which causes stack overflow. By POSTing the page /goform/SetPptpServerCfg with proper startIp, the attacker can easily perform remote code execution with carefully crafted overflow data.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46394 βΌ
π Read
via "National Vulnerability Database".
There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v13 variable is directly retrieved from the http request parameter startIp. Then v13 will be splice to stack by function sscanf without any security check, which causes stack overflow. By POSTing the page /goform/SetPptpServerCfg with proper startIp, the attacker can easily perform remote code execution with carefully crafted overflow data.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43392 βΌ
π Read
via "National Vulnerability Database".
STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to obtain information on cryptographic secrets. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE-J in closed configuration and J-SIGN (when signature verification is activated) but not for J-SAFE3 EPASS BAC and EAC products. It might also impact other products based on the J-SAFE-3 Java Card platform.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26201 βΌ
π Read
via "National Vulnerability Database".
Victor CMS v1.0 was discovered to contain a SQL injection vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44321 βΌ
π Read
via "National Vulnerability Database".
Mini-Inventory-and-Sales-Management-System is affected by Cross Site Request Forgery (CSRF), where an attacker can update/delete items in the inventory. The attacker must be logged into the application create a malicious file for updating the inventory details and items.π Read
via "National Vulnerability Database".