‼ CVE-2021-44462 ‼
📖 Read
via "National Vulnerability Database".
This vulnerability can be exploited by parsing maliciously crafted project files with Horner Automation Cscape EnvisionRV v4.50.3.1 and prior. The issues result from the lack of proper validation of user-supplied data, which can result in reads and writes past the end of allocated data structures. User interaction is required to exploit this vulnerability as an attacker must trick a valid user to open a malicious HMI project file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0494 ‼
📖 Read
via "National Vulnerability Database".
A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25606 ‼
📖 Read
via "National Vulnerability Database".
Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vulnerable parameters &download_path, &download_path_url, &download_page_url, &download_categories.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35254 ‼
📖 Read
via "National Vulnerability Database".
SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk. SolarWinds has removed this input field to prevent the misuse of this input in the future.📖 Read
via "National Vulnerability Database".
🕴 Indictment of Russian National Offers Glimpse Into Methodical Targeting of Energy Firm 🕴
📖 Read
via "Dark Reading".
Evgeny Viktorovich Gladkikh tried to cause catastrophic damage to Saudi oil refinery in 2017 via the Triton/Trisis malware, the US has alleged.📖 Read
via "Dark Reading".
Dark Reading
Indictment of Russian National Offers Glimpse Into Methodical Targeting of Energy Firm
Evgeny Viktorovich Gladkikh tried to cause catastrophic damage to Saudi oil refinery in 2017 via the Triton/Trisis malware, the US has alleged.
❌ DOJ Indicts Russian Gov’t Employees Over Targeting Power Sector ❌
📖 Read
via "Threat Post".
The supply-chain attack on the U.S. energy sector targeted thousands of computers at hundreds of organizations, including at least one nuclear power plant.📖 Read
via "Threat Post".
Threat Post
DOJ Indicts Russian Gov’t Employees Over Targeting Power Sector
The supply-chain attack on the U.S. energy sector targeted thousands of computers at hundreds of organizations, including at least one nuclear power plant.
‼ CVE-2022-27919 ‼
📖 Read
via "National Vulnerability Database".
Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. The configuration allows certain anonymous access to administration and an API.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27906 ‼
📖 Read
via "National Vulnerability Database".
Mendelson OFTP2 before 1.1 b43 is affected by directory traversal. To access the vulnerable code path, the attacker has to know one of the configured Odette IDs of the OFTP2 server. An attacker can upload files to the server outside of the intended upload directory.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26659 ‼
📖 Read
via "National Vulnerability Database".
Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file. Starting from version 4.6.0, the Docker Desktop installer, when run elevated, will write its log files to a location not writable by non-administrator users.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24643 ‼
📖 Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) issue was discovered in the OpenEMR Hospital Information Management System version 6.0.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26197 ‼
📖 Read
via "National Vulnerability Database".
Joget DX 7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Datalist table.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27920 ‼
📖 Read
via "National Vulnerability Database".
libkiwix 10.0.0 and 10.0.1 allows XSS in the built-in webserver functionality via the search suggestions URL parameter. This is fixed in 10.1.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25523 ‼
📖 Read
via "National Vulnerability Database".
TypesetterCMS v5.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which is exploited via a crafted POST request.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44905 ‼
📖 Read
via "National Vulnerability Database".
Incorrect permissions in the Bluetooth Services in the Fortessa FTBTLD Smart Lock as of 12-13-2022 allows a remote attacker to disable the lock via an unauthenticated edit to the lock name.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1071 ‼
📖 Read
via "National Vulnerability Database".
User after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26198 ‼
📖 Read
via "National Vulnerability Database".
Notable v1.8.4 does not filter text editing, allowing attackers to execute arbitrary code via a crafted payload injected into the Title text field.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26620 ‼
📖 Read
via "National Vulnerability Database".
Akeo Consulting Rufus Executable 3.17.1846 and Rufus Portable Executable 3.17p were discovered to allow attackers to execute arbitrary code or escalate privileges via placing a crafted x86 DLL in the same directory as other executables.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26200 ‼
📖 Read
via "National Vulnerability Database".
Technitium Installer v4.4 was discovered to allow attackers to execute arbitrary code or escalate privileges via placing a crafted DLL in the same directory as the current installer.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26205 ‼
📖 Read
via "National Vulnerability Database".
Marky commit 3686565726c65756e was discovered to contain a remote code execution (RCE) vulnerability via the Display text fields. This vulnerability allows attackers to execute arbitrary code via injection of a crafted payload.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27948 ‼
📖 Read
via "National Vulnerability Database".
Certain Tesla vehicles through 2022-03-26 allow attackers to open the charging port via a 315 MHz RF signal containing a fixed sequence of approximately one hundred symbols.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26245 ‼
📖 Read
via "National Vulnerability Database".
Falcon-plus v0.3 was discovered to contain a SQL injection vulnerability via the parameter grpName in /config/service/host.go.📖 Read
via "National Vulnerability Database".