‼ CVE-2022-1050 ‼
📖 Read
via "National Vulnerability Database".
Guest driver might execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26836 ‼
📖 Read
via "National Vulnerability Database".
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerExport.ashx/Calendar. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22941 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a publisher_acl, if a user configured in the publisher_acl targets any minion connected to the Syndic, the Salt Master incorrectly interpreted no valid targets as valid, allowing configured users to target any of the minions connected to the syndic with their configured commands. This requires a syndic master combined with publisher_acl configured on the Master-of-Masters, allowing users specified in the publisher_acl to bypass permissions, publishing authorized commands to any configured minion.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26069 ‼
📖 Read
via "National Vulnerability Database".
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerPage_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.📖 Read
via "National Vulnerability Database".
🕴 CriticalStart Releases Enhanced Capabilities for Microsoft 365 Defender 🕴
📖 Read
via "Dark Reading".
Latest enhancements allow customers to leverage Microsoft 365 Defender and MDR to respond to breaches stemming from user account-based attacks.📖 Read
via "Dark Reading".
Dark Reading
CriticalStart Releases Enhanced Capabilities for Microsoft 365 Defender
Latest enhancements allow customers to leverage Microsoft 365 Defender and MDR to respond to breaches stemming from user account-based attacks.
‼ CVE-2022-1122 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-22948 ‼
📖 Read
via "National Vulnerability Database".
The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43109 ‼
📖 Read
via "National Vulnerability Database".
An SQL Injection vulnerability exits in PuneethReddyHC online-shopping-system as of 11/01/2021 via the p parameter in product.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43110 ‼
📖 Read
via "National Vulnerability Database".
An Access Conrol vulnerability exists in PuneethReddyHC online-shopping-system as of 11/01/2021 in add_products.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42970 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability exists in cxuucms v3 via the imgurl of /feedback/post/ content parameter.📖 Read
via "National Vulnerability Database".
❌ Log4JShell Used to Swarm VMware Servers with Miners, Backdoors ❌
📖 Read
via "Threat Post".
Researchers have found three backdoors and four miners in attacks exploiting the Log4Shell vulnerability, some of which are still ongoing.📖 Read
via "Threat Post".
Threat Post
Log4JShell Used to Swarm VMware Servers with Miners, Backdoors
Researchers have found three backdoors and four miners in attacks exploiting the Log4Shell vulnerability, some of which are still ongoing.
🕴 Private Equity Firm Led by Mnuchin Acquires Mobile Security Vendor Zimperium 🕴
📖 Read
via "Dark Reading".
Liberty Strategic Capital to pay $525 million for mobile security vendor.📖 Read
via "Dark Reading".
Dark Reading
Private Equity Firm Led by Mnuchin Acquires Mobile Security Vendor Zimperium
Liberty Strategic Capital to pay $525 million for mobile security vendor.
‼ CVE-2021-43118 ‼
📖 Read
via "National Vulnerability Database".
A Remote Command Injection vulnerability exists in DrayTek Vigor 2960 1.5.1.3, DrayTek Vigor 3900 1.5.1.3, and DrayTek Vigor 300B 1.5.1.3 via a crafted HTTP message containing malformed QUERY STRING in mainfunction.cgi, which could let a remote malicious user execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21821 ‼
📖 Read
via "National Vulnerability Database".
NVIDIA CUDA Toolkit SDK contains an integer overflow vulnerability in cuobjdump.To exploit this vulnerability, a remote attacker would require a local user to download a specially crafted, corrupted file and locally execute cuobjdump against the file. Such an attack may lead to remote code execution that causes complete denial of service and an impact on data confidentiality and integrity.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26871 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which could lead to remote code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42911 ‼
📖 Read
via "National Vulnerability Database".
A Format String vulnerability exists in DrayTek Vigor 2960 <= 1.5.1.3, DrayTek Vigor 3900 <= 1.5.1.3, and DrayTek Vigor 300B <= 1.5.1.3 in the mainfunction.cgi file via a crafted HTTP message containing malformed QUERY STRING, which could let a remote malicious user execute arbitrary code.📖 Read
via "National Vulnerability Database".
🕴 Log4j Attacks Continue Unabated Against VMware Horizon Servers 🕴
📖 Read
via "Dark Reading".
Threat actors are exploiting the vulnerability to drop Web shells and cryptominers, security vendor says.📖 Read
via "Dark Reading".
Dark Reading
Log4j Attacks Continue Unabated Against VMware Horizon Servers
Threat actors are exploiting the vulnerability to drop Web shells and cryptominers, security vendor says.
‼ CVE-2021-44082 ‼
📖 Read
via "National Vulnerability Database".
textpattern 4.8.7 is vulnerable to Cross Site Scripting (XSS) via /textpattern/index.php,Body. A remote and unauthenticated attacker can use XSS to trigger remote code execution by uploading a webshell. To do so they must first steal the CSRF token before submitting a file upload request.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-24771 ‼
📖 Read
via "National Vulnerability Database".
Incorrect access control in NexusPHP 1.5.beta5.20120707 allows unauthorized attackers to access published content.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-24769 ‼
📖 Read
via "National Vulnerability Database".
SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the classes parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26244 ‼
📖 Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "special" field.📖 Read
via "National Vulnerability Database".