‼ CVE-2022-1011 ‼
📖 Read
via "National Vulnerability Database".
A flaw use after free in the Linux kernel FUSE filesystem was found in the way user triggers write(). A local user could use this flaw to get some unauthorized access to some data from the FUSE filesystem and as result potentially privilege escalation too.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22627 ‼
📖 Read
via "National Vulnerability Database".
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0547 ‼
📖 Read
via "National Vulnerability Database".
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22578 ‼
📖 Read
via "National Vulnerability Database".
A logic issue was addressed with improved validation. This issue is fixed in tvOS 15.3, iOS 15.3 and iPadOS 15.3, watchOS 8.4, macOS Monterey 12.2. A malicious application may be able to gain root privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22607 ‼
📖 Read
via "National Vulnerability Database".
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25607 ‼
📖 Read
via "National Vulnerability Database".
Authenticated (author or higher user role) SQL Injection (SQLi) vulnerability discovered in FV Flowplayer Video Player WordPress plugin (versions <= 7.5.15.727).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22652 ‼
📖 Read
via "National Vulnerability Database".
The GSMA authentication panel could be presented on the lock screen. The issue was resolved by requiring device unlock to interact with the GSMA authentication panel. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access may be able to view and modify the carrier account information and settings from the lock screen.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22600 ‼
📖 Read
via "National Vulnerability Database".
The issue was addressed with improved permissions logic. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A malicious application may be able to bypass certain Privacy preferences.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22651 ‼
📖 Read
via "National Vulnerability Database".
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.3. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27245 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in MISP before 2.4.156. app/Model/Server.php does not restrict generateServerSettings to the CLI. This could lead to SSRF.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27246 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in MISP before 2.4.156. An SVG org logo (which may contain JavaScript) is not forbidden by default.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27789 ‼
📖 Read
via "National Vulnerability Database".
The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a contains debug statements that expose sensitive information to the program's standard output device. An attacker who has compromised the FOS system may utilize this weakness to capture sensitive information, such as user credentials.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22592 ‼
📖 Read
via "National Vulnerability Database".
A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27244 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in MISP before 2.4.156. A malicious site administrator could store an XSS payload in the custom auth name. This would be executed each time the administrator modifies a user.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24091 ‼
📖 Read
via "National Vulnerability Database".
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious font file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-4031 ‼
📖 Read
via "National Vulnerability Database".
Syltek application before its 10.22.00 version, does not correctly check that a product ID has a valid payment associated to it. This could allow an attacker to forge a request and bypass the payment system by marking items as payed without any verification.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22633 ‼
📖 Read
via "National Vulnerability Database".
A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22634 ‼
📖 Read
via "National Vulnerability Database".
A buffer overflow was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. A malicious application may be able to execute arbitrary code with kernel privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22591 ‼
📖 Read
via "National Vulnerability Database".
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25193 ‼
📖 Read
via "National Vulnerability Database".
By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22620 ‼
📖 Read
via "National Vulnerability Database".
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8). Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..📖 Read
via "National Vulnerability Database".