βΌ CVE-2022-24416 βΌ
π Read
via "National Vulnerability Database".
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.π Read
via "National Vulnerability Database".
π€1
βΌ CVE-2022-24415 βΌ
π Read
via "National Vulnerability Database".
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24421 βΌ
π Read
via "National Vulnerability Database".
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24419 βΌ
π Read
via "National Vulnerability Database".
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-24420 βΌ
π Read
via "National Vulnerability Database".
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26276 βΌ
π Read
via "National Vulnerability Database".
An issue in index.php of OneNav v0.9.14 allows attackers to perform directory traversal.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0880 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26533 βΌ
π Read
via "National Vulnerability Database".
Alist v2.1.0 and below was discovered to contain a cross-site scripting (XSS) vulnerability via /i/:data/ipa.plist.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26967 βΌ
π Read
via "National Vulnerability Database".
GPAC 2.0 allows a heap-based buffer overflow in gf_base64_encode. It can be triggered via MP4Box.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26966 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45889 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in PONTON X/P Messenger before 3.11.2. Several functions are vulnerable to reflected XSS, as demonstrated by private/index.jsp?partners/ShowNonLocalPartners.do?localID= or private/index.jsp or private/index.jsp?database/databaseTab.jsp or private/index.jsp?activation/activationMainTab.jsp or private/index.jsp?communication/serverTab.jsp or private/index.jsp?emailNotification/notificationTab.jsp.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45886 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in PONTON X/P Messenger before 3.11.2. Anti-CSRF tokens are globally valid, making the web application vulnerable to a weakened version of CSRF, where an arbitrary token of a low-privileged user (such as operator) can be used to confirm actions of higher-privileged ones (such as xpadmin).π Read
via "National Vulnerability Database".
βΌ CVE-2021-45887 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in PONTON X/P Messenger before 3.11.2. Due to path traversal in private/SchemaSetUpload.do for uploaded ZIP files, an executable script can be uploaded by web application administrators, giving the attacker remote code execution on the underlying server via an imgs/*.jsp URI.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45888 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in PONTON X/P Messenger before 3.11.2. The navigation tree that is shown on the left side of every page of the web application is vulnerable to XSS: it allows injection of JavaScript into its nodes. Creating such nodes is only possible for users who have the role Configuration Administrator or Administrator.π Read
via "National Vulnerability Database".
β Alleged Kaseya ransomware attacker arrives in Texas for trial β
π Read
via "Naked Security".
The US Independence Day weekend of 2021 wasn't much of a holiday for cybersecurity staff. That was when the Kaseya attack unfolded...π Read
via "Naked Security".
Naked Security
Alleged Kaseya ransomware attacker arrives in Texas for trial
The US Independence Day weekend of 2021 wasnβt much of a holiday for cybersecurity staff. That was when the Kaseya attack unfoldedβ¦
βΌ CVE-2022-0938 βΌ
π Read
via "National Vulnerability Database".
Stored XSS via file upload in GitHub repository star7th/showdoc prior to v2.10.4.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0940 βΌ
π Read
via "National Vulnerability Database".
Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22721 βΌ
π Read
via "National Vulnerability Database".
If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22720 βΌ
π Read
via "National Vulnerability Database".
Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smugglingπ Read
via "National Vulnerability Database".
βΌ CVE-2022-22719 βΌ
π Read
via "National Vulnerability Database".
A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23943 βΌ
π Read
via "National Vulnerability Database".
Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.π Read
via "National Vulnerability Database".