βΌ CVE-2022-26514 βΌ
π Read
via "National Vulnerability Database".
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_tagHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0343 βΌ
π Read
via "National Vulnerability Database".
A local attacker, as a different local user, may be able to send a HTTP request to 127.0.0.1:10000 after the user (typically a developer) manually invoked the ./tools/run-dev-server script. It is recommended to upgrade to any version beyond 24.2π Read
via "National Vulnerability Database".
βΌ CVE-2022-0923 βΌ
π Read
via "National Vulnerability Database".
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerDialog_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44081 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow vulnerability exists in the AMF of open5gs 2.1.4. When the length of MSIN in Supi exceeds 24 characters, it leads to AMF denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26887 βΌ
π Read
via "National Vulnerability Database".
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_HandlerTag_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27175 βΌ
π Read
via "National Vulnerability Database".
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetCalcTagList. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25347 βΌ
π Read
via "National Vulnerability Database".
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to path traversal attacks, which may allow an attacker to write arbitrary files to locations on the file system.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26338 βΌ
π Read
via "National Vulnerability Database".
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_hierarchyHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26666 βΌ
π Read
via "National Vulnerability Database".
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerDialogECC.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26839 βΌ
π Read
via "National Vulnerability Database".
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to an incorrect default permission in the DIAEnergie application, which may allow an attacker to plant new files (such as DLLs) or replace existing executable files.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22934 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minionΓ’β¬β’s public key, which can result in attackers substituting arbitrary pillar data.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26667 βΌ
π Read
via "National Vulnerability Database".
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetDemandAnalysisData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26013 βΌ
π Read
via "National Vulnerability Database".
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_dmdsetHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26065 βΌ
π Read
via "National Vulnerability Database".
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetLatestDemandNode and GetDemandAnalysisData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1050 βΌ
π Read
via "National Vulnerability Database".
Guest driver might execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26836 βΌ
π Read
via "National Vulnerability Database".
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerExport.ashx/Calendar. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22941 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a publisher_acl, if a user configured in the publisher_acl targets any minion connected to the Syndic, the Salt Master incorrectly interpreted no valid targets as valid, allowing configured users to target any of the minions connected to the syndic with their configured commands. This requires a syndic master combined with publisher_acl configured on the Master-of-Masters, allowing users specified in the publisher_acl to bypass permissions, publishing authorized commands to any configured minion.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26069 βΌ
π Read
via "National Vulnerability Database".
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerPage_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.π Read
via "National Vulnerability Database".
π΄ CriticalStart Releases Enhanced Capabilities for Microsoft 365 Defender π΄
π Read
via "Dark Reading".
Latest enhancements allow customers to leverage Microsoft 365 Defender and MDR to respond to breaches stemming from user account-based attacks.π Read
via "Dark Reading".
Dark Reading
CriticalStart Releases Enhanced Capabilities for Microsoft 365 Defender
Latest enhancements allow customers to leverage Microsoft 365 Defender and MDR to respond to breaches stemming from user account-based attacks.
βΌ CVE-2022-1122 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-22948 βΌ
π Read
via "National Vulnerability Database".
The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.π Read
via "National Vulnerability Database".