‼ CVE-2022-0839 ‼
📖 Read
via "National Vulnerability Database".
Improper Restriction of XML External Entity Reference in GitHub repository liquibase/liquibase prior to 4.8.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23397 ‼
📖 Read
via "National Vulnerability Database".
The Cedar Gate EZ-NET portal 6.5.5 6.8.0 Internet portal has a call to display messages to users which does not properly sanitize data sent in through a URL parameter. This leads to a Reflected Cross-Site Scripting vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-18325 ‼
📖 Read
via "National Vulnerability Database".
Multilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-18326 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23214 ‼
📖 Read
via "National Vulnerability Database".
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22946 ‼
📖 Read
via "National Vulnerability Database".
In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46378 ‼
📖 Read
via "National Vulnerability Database".
DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through an unauthenticated remote configuration download.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3743 ‼
📖 Read
via "National Vulnerability Database".
An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.📖 Read
via "National Vulnerability Database".
🔏 Friday Five 3/4 🔏
📖 Read
via "".
Utah latest state poised to pass privacy law, the Conti ransomware leaks, and more - catch up on the week's infosec news with the Friday Five!📖 Read
via "".
Digital Guardian
Friday Five 3/4
Utah latest state poised to pass privacy law, the Conti ransomware leaks, and more - catch up on the week's infosec news with the Friday Five!
‼ CVE-2022-25623 ‼
📖 Read
via "National Vulnerability Database".
The Symantec Management Agent is susceptible to a privilege escalation vulnerability. A low privilege local account can be elevated to the SYSTEM level through registry manipulations.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24727 ‼
📖 Read
via "National Vulnerability Database".
Weblate is a web based localization tool with tight version control integration. Prior to version 4.11.1, Weblate didn't properly sanitize some arguments passed to Git and Mercurial, allowing them to change their behavior in an unintended way. Instances where untrusted users cannot create new components are not affected. The issues were fixed in the 4.11.1 release.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20319 ‼
📖 Read
via "National Vulnerability Database".
An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image can write arbitrary data, and achieve full access to the node being installed.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3575 ‼
📖 Read
via "National Vulnerability Database".
A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23233 ‼
📖 Read
via "National Vulnerability Database".
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could lead to Denial of Service (DoS) of the Local Distribution Router (LDR) service.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20300 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow. The highest threat from this vulnerability is to system availability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21828 ‼
📖 Read
via "National Vulnerability Database".
A user with high privilege access to the Incapptic Connect web console can remotely execute code on the Incapptic Connect server using a unspecified attack vector in Incapptic Connect version 1.40.0, 1.39.1, 1.39.0, 1.38.1, 1.38.0, 1.37.1, 1.37.0, 1.36.0, 1.35.5, 1.35.4 and 1.35.3.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3428 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in the Linux kernel. A denial of service problem is identified if an extent tree is corrupted in a crafted ext4 filesystem in fs/ext4/extents.c in ext4_es_cache_extent. Fabricating an integer overflow, A local attacker with a special user privilege may cause a system crash problem which can lead to an availability threat.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20303 ‼
📖 Read
via "National Vulnerability Database".
A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20302 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat from this vulnerability is to system availability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23232 ‼
📖 Read
via "National Vulnerability Database".
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could allow disabled, expired, or locked external user accounts to access S3 data to which they previously had access. StorageGRID 11.6.0 obtains the user account status from Active Directory or Azure and will block S3 access for disabled user accounts during the subsequent background synchronization. User accounts that are expired or locked for Active Directory or Azure, or user accounts that are disabled, expired, or locked in identity sources other than Active Directory or Azure must be manually removed from group memberships or have their S3 keys manually removed from Tenant Manager in all versions of StorageGRID (formerly StorageGRID Webscale).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26318 ‼
📖 Read
via "National Vulnerability Database".
On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.📖 Read
via "National Vulnerability Database".