‼ CVE-2022-1122 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-22948 ‼
📖 Read
via "National Vulnerability Database".
The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43109 ‼
📖 Read
via "National Vulnerability Database".
An SQL Injection vulnerability exits in PuneethReddyHC online-shopping-system as of 11/01/2021 via the p parameter in product.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43110 ‼
📖 Read
via "National Vulnerability Database".
An Access Conrol vulnerability exists in PuneethReddyHC online-shopping-system as of 11/01/2021 in add_products.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42970 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability exists in cxuucms v3 via the imgurl of /feedback/post/ content parameter.📖 Read
via "National Vulnerability Database".
❌ Log4JShell Used to Swarm VMware Servers with Miners, Backdoors ❌
📖 Read
via "Threat Post".
Researchers have found three backdoors and four miners in attacks exploiting the Log4Shell vulnerability, some of which are still ongoing.📖 Read
via "Threat Post".
Threat Post
Log4JShell Used to Swarm VMware Servers with Miners, Backdoors
Researchers have found three backdoors and four miners in attacks exploiting the Log4Shell vulnerability, some of which are still ongoing.
🕴 Private Equity Firm Led by Mnuchin Acquires Mobile Security Vendor Zimperium 🕴
📖 Read
via "Dark Reading".
Liberty Strategic Capital to pay $525 million for mobile security vendor.📖 Read
via "Dark Reading".
Dark Reading
Private Equity Firm Led by Mnuchin Acquires Mobile Security Vendor Zimperium
Liberty Strategic Capital to pay $525 million for mobile security vendor.
‼ CVE-2021-43118 ‼
📖 Read
via "National Vulnerability Database".
A Remote Command Injection vulnerability exists in DrayTek Vigor 2960 1.5.1.3, DrayTek Vigor 3900 1.5.1.3, and DrayTek Vigor 300B 1.5.1.3 via a crafted HTTP message containing malformed QUERY STRING in mainfunction.cgi, which could let a remote malicious user execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21821 ‼
📖 Read
via "National Vulnerability Database".
NVIDIA CUDA Toolkit SDK contains an integer overflow vulnerability in cuobjdump.To exploit this vulnerability, a remote attacker would require a local user to download a specially crafted, corrupted file and locally execute cuobjdump against the file. Such an attack may lead to remote code execution that causes complete denial of service and an impact on data confidentiality and integrity.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26871 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which could lead to remote code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42911 ‼
📖 Read
via "National Vulnerability Database".
A Format String vulnerability exists in DrayTek Vigor 2960 <= 1.5.1.3, DrayTek Vigor 3900 <= 1.5.1.3, and DrayTek Vigor 300B <= 1.5.1.3 in the mainfunction.cgi file via a crafted HTTP message containing malformed QUERY STRING, which could let a remote malicious user execute arbitrary code.📖 Read
via "National Vulnerability Database".
🕴 Log4j Attacks Continue Unabated Against VMware Horizon Servers 🕴
📖 Read
via "Dark Reading".
Threat actors are exploiting the vulnerability to drop Web shells and cryptominers, security vendor says.📖 Read
via "Dark Reading".
Dark Reading
Log4j Attacks Continue Unabated Against VMware Horizon Servers
Threat actors are exploiting the vulnerability to drop Web shells and cryptominers, security vendor says.
‼ CVE-2021-44082 ‼
📖 Read
via "National Vulnerability Database".
textpattern 4.8.7 is vulnerable to Cross Site Scripting (XSS) via /textpattern/index.php,Body. A remote and unauthenticated attacker can use XSS to trigger remote code execution by uploading a webshell. To do so they must first steal the CSRF token before submitting a file upload request.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-24771 ‼
📖 Read
via "National Vulnerability Database".
Incorrect access control in NexusPHP 1.5.beta5.20120707 allows unauthorized attackers to access published content.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-24769 ‼
📖 Read
via "National Vulnerability Database".
SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the classes parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26244 ‼
📖 Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "special" field.📖 Read
via "National Vulnerability Database".
‼ CVE-2015-3298 ‼
📖 Read
via "National Vulnerability Database".
Yubico ykneo-openpgp before 1.0.10 has a typo in which an invalid PIN can be used. When first powered up, a signature will be issued even though the PIN has not been validated.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26947 ‼
📖 Read
via "National Vulnerability Database".
Archer 6.x through 6.9 SP3 (6.9.3.0) contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web application; the malicious code is then reflected back to the victim and gets executed by the web browser in the context of the vulnerable web application.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26948 ‼
📖 Read
via "National Vulnerability Database".
The Archer RSS feed integration for Archer 6.x through 6.9 SP1 (6.9.1.0) is affected by an insecure credential storage vulnerability. A malicious attacker may obtain access to credential information to use it in further attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26949 ‼
📖 Read
via "National Vulnerability Database".
Archer 6.x through 6.9 SP2 P1 (6.9.2.1) contains an improper access control vulnerability on attachments. A remote authenticated malicious user could potentially exploit this vulnerability to gain access to files that should only be allowed by extra privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24693 ‼
📖 Read
via "National Vulnerability Database".
Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB 2.7.8 have hardcoded credentials that are easily discovered, and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.)📖 Read
via "National Vulnerability Database".