‼ CVE-2022-27243 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in MISP before 2.4.156. app/View/Users/terms.ctp allows Local File Inclusion via the custom terms file setting.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25603 ‼
📖 Read
via "National Vulnerability Database".
Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in MaxGalleria WordPress plugin (versions 6.2.5).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22671 ‼
📖 Read
via "National Vulnerability Database".
An authentication issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access to an iOS device may be able to access photos from the lock screen.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22586 ‼
📖 Read
via "National Vulnerability Database".
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22666 ‼
📖 Read
via "National Vulnerability Database".
A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, watchOS 8.5. Processing a maliciously crafted image may lead to heap corruption.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22596 ‼
📖 Read
via "National Vulnerability Database".
A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4. An application may be able to execute arbitrary code with kernel privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22603 ‼
📖 Read
via "National Vulnerability Database".
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1011 ‼
📖 Read
via "National Vulnerability Database".
A flaw use after free in the Linux kernel FUSE filesystem was found in the way user triggers write(). A local user could use this flaw to get some unauthorized access to some data from the FUSE filesystem and as result potentially privilege escalation too.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22627 ‼
📖 Read
via "National Vulnerability Database".
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0547 ‼
📖 Read
via "National Vulnerability Database".
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22578 ‼
📖 Read
via "National Vulnerability Database".
A logic issue was addressed with improved validation. This issue is fixed in tvOS 15.3, iOS 15.3 and iPadOS 15.3, watchOS 8.4, macOS Monterey 12.2. A malicious application may be able to gain root privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22607 ‼
📖 Read
via "National Vulnerability Database".
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25607 ‼
📖 Read
via "National Vulnerability Database".
Authenticated (author or higher user role) SQL Injection (SQLi) vulnerability discovered in FV Flowplayer Video Player WordPress plugin (versions <= 7.5.15.727).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22652 ‼
📖 Read
via "National Vulnerability Database".
The GSMA authentication panel could be presented on the lock screen. The issue was resolved by requiring device unlock to interact with the GSMA authentication panel. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access may be able to view and modify the carrier account information and settings from the lock screen.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22600 ‼
📖 Read
via "National Vulnerability Database".
The issue was addressed with improved permissions logic. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A malicious application may be able to bypass certain Privacy preferences.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22651 ‼
📖 Read
via "National Vulnerability Database".
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.3. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27245 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in MISP before 2.4.156. app/Model/Server.php does not restrict generateServerSettings to the CLI. This could lead to SSRF.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27246 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in MISP before 2.4.156. An SVG org logo (which may contain JavaScript) is not forbidden by default.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27789 ‼
📖 Read
via "National Vulnerability Database".
The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a contains debug statements that expose sensitive information to the program's standard output device. An attacker who has compromised the FOS system may utilize this weakness to capture sensitive information, such as user credentials.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22592 ‼
📖 Read
via "National Vulnerability Database".
A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27244 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in MISP before 2.4.156. A malicious site administrator could store an XSS payload in the custom auth name. This would be executed each time the administrator modifies a user.📖 Read
via "National Vulnerability Database".