βΌ CVE-2022-21158 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting vulnerability in marktext versions prior to v0.17.0 due to improper handling of the link (with javascript: scheme) inside the document may allow an attacker to execute an arbitrary script on the PC of the user using marktext.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26520 βΌ
π Read
via "National Vulnerability Database".
** DISPUTED ** In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP file under a Tomcat web root. NOTE: the vendor's position is that there is no pgjdbc vulnerability; instead, it is a vulnerability for any application to use the pgjdbc driver with untrusted connection properties.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40060 βΌ
π Read
via "National Vulnerability Database".
There is a heap-based buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24930 βΌ
π Read
via "National Vulnerability Database".
An Improper access control vulnerability in StRetailModeReceiver in Wear OS 3.0 prior to Firmware update MAR-2022 Release allows untrusted applications to reset default app settings without a proper permissionπ Read
via "National Vulnerability Database".
βΌ CVE-2022-25816 βΌ
π Read
via "National Vulnerability Database".
Improper authentication in Samsung Lock and mask apps setting prior to SMR Mar-2022 Release 1 allows attacker to change enable/disable without authenticationπ Read
via "National Vulnerability Database".
βΌ CVE-2022-26104 βΌ
π Read
via "National Vulnerability Database".
SAP Financial Consolidation - version 10.1, does not perform necessary authorization checks for updating homepage messages, resulting for an unauthorized user to alter the maintenance system message.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40055 βΌ
π Read
via "National Vulnerability Database".
There is a man-in-the-middle attack vulnerability during system update download in recovery mode. Successful exploitation of this vulnerability may affect integrity.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24609 βΌ
π Read
via "National Vulnerability Database".
Luocms v2.0 is affected by an incorrect access control vulnerability. Through /admin/templates/template_manage.php, an attacker can write an arbitrary shell file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25555 βΌ
π Read
via "National Vulnerability Database".
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ntpServer parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25826 βΌ
π Read
via "National Vulnerability Database".
Information Exposure vulnerability in Galaxy S3 Plugin prior to version 2.2.03.22012751 allows attacker to access password information of connected WiFiAp in the logπ Read
via "National Vulnerability Database".
βΌ CVE-2022-24607 βΌ
π Read
via "National Vulnerability Database".
Luocms v2.0 is affected by SQL Injection in /admin/news/news_ok.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24397 βΌ
π Read
via "National Vulnerability Database".
SAP NetWeaver Enterprise Portal - versions 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.This reflected cross-site scripting attack can be used to non-permanently deface or modify displayed content of portal Website. The execution of the script content by a victim registered on the portal could compromise the confidentiality and integrity of victimΓ’β¬β’s web browser.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25547 βΌ
π Read
via "National Vulnerability Database".
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44632 βΌ
π Read
via "National Vulnerability Database".
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/upgrade_info feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22795 βΌ
π Read
via "National Vulnerability Database".
Signiant - Manager+Agents XML External Entity (XXE) - Extract internal files of the affected machine An attacker can read all the system files, the product is running with root on Linux systems and nt/authority on windows systems, which allows him to access and extract any file on the systems, such as passwd, shadow, hosts and so on. By gaining access to these files, attackers can steal sensitive information from the victims machine.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40047 βΌ
π Read
via "National Vulnerability Database".
There is a vulnerability of memory not being released after effective lifetime in the Bastet module. Successful exploitation of this vulnerability may affect integrity.π Read
via "National Vulnerability Database".
β Malware Posing as Russia DDoS Tool Bites Pro-Ukraine Hackers β
π Read
via "Threat Post".
Be careful when downloading a tool to cyber-target Russia: It could be an infostealer wolf dressed in sheep's clothing that grabs your cryptocurrency info instead.π Read
via "Threat Post".
Threat Post
Malware Posing as Russia DDoS Tool Bites Pro-Ukraine Hackers
Be careful when downloading a tool to cyber-target Russia: It could be an infostealer wolf dressed in sheep's clothing that grabs your cryptocurrency info instead.
π1
π΄ Ex-Canadian Government Employee Charged in NetWalker Ransomware Attacks π΄
π Read
via "Dark Reading".
Sebastien Vachon-Desjardins of Gatineau, Quebec, Canada, allegedly responsible for some $28 million in ransomware losses from victims in the US.π Read
via "Dark Reading".
Dark Reading
Ex-Canadian Government Employee Charged in NetWalker Ransomware Attacks
Sebastien Vachon-Desjardins of Gatineau, Quebec, Canada, allegedly responsible for some $28 million in ransomware losses from victims in the US.
π΄ Spotlight on First Dan Kaminsky Fellow: Jonathan Leitschuh π΄
π Read
via "Dark Reading".
Human Security honors its late co-founder with a fellowship to fund smart and passionate cybersecurity advocates to do open source work for common good.π Read
via "Dark Reading".
Dark Reading
Spotlight on First Dan Kaminsky Fellow: Jonathan Leitschuh
Human Security honors its late co-founder with a fellowship to fund smart and passionate cybersecurity advocates to do open source work for common good.
βΌ CVE-2021-39022 βΌ
π Read
via "National Vulnerability Database".
IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. IBM X-Force ID: 213858.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39025 βΌ
π Read
via "National Vulnerability Database".
IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 could disclose internal IP address information when the web backend is down. IBM X-Force 213863.π Read
via "National Vulnerability Database".