‼ CVE-2022-23796 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Joomla! 3.7.0 through 3.10.6. Lack of input validation could allow an XSS attack using com_fields.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39765 ‼
📖 Read
via "National Vulnerability Database".
In Gallery, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-201535427📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39782 ‼
📖 Read
via "National Vulnerability Database".
In Telephony, there is a possible unauthorized modification of the PLMN SIM file due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-202760015📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27907 ‼
📖 Read
via "National Vulnerability Database".
Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39761 ‼
📖 Read
via "National Vulnerability Database".
In Media, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-179783181📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39783 ‼
📖 Read
via "National Vulnerability Database".
In rcsservice, there is a possible way to modify TTY mode due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-197960597📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39780 ‼
📖 Read
via "National Vulnerability Database".
In Traceur, there is a possible bypass of developer settings requirements for capturing system traces due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-204992293📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39773 ‼
📖 Read
via "National Vulnerability Database".
In VpnManagerService, there is a possible disclosure of installed VPN packages due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-191276656📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23795 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. A user row was not bound to a specific authentication mechanism which could under very special circumstances allow an account takeover.📖 Read
via "National Vulnerability Database".
❌ Critical RCE Bug in Spring Could Be the Next Log4Shell, Researchers Warn ❌
📖 Read
via "Threat Post".
The so-called 'Spring4Shell' bug has cropped up, so to speak, and could be lurking in literally millions of Java applications.📖 Read
via "Threat Post".
Threat Post
RCE Bug in Spring Cloud Could Be the Next Log4Shell, Researchers Warn
The security bug could crop up, so to speak, in any number of Java applications.
‼ CVE-2021-39790 ‼
📖 Read
via "National Vulnerability Database".
In Dialer, there is a possible way to manipulate visual voicemail settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-186405146📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24135 ‼
📖 Read
via "National Vulnerability Database".
QingScan 1.3.0 is affected by Cross Site Scripting (XSS) vulnerability in all search functions.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24132 ‼
📖 Read
via "National Vulnerability Database".
phpshe V1.8 is affected by a denial of service (DoS) attack in the registry's verification code, which can paralyze the target service.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28223 ‼
📖 Read
via "National Vulnerability Database".
Tekon KIO devices through 2022-03-30 allow an authenticated admin user to escalate privileges to root by uploading a malicious Lua plugin.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27772 ‼
📖 Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1160 ‼
📖 Read
via "National Vulnerability Database".
heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.📖 Read
via "National Vulnerability Database".
🕴 CISA, DOE Warn of Attacks on Uninterruptible Power Supply (UPS) Devices 🕴
📖 Read
via "Dark Reading".
Take UPS management interfaces off the Internet "immediately," agencies say.📖 Read
via "Dark Reading".
Dark Reading
CISA, DOE Warn of Attacks on Uninterruptible Power Supply (UPS) Devices
Take UPS management interfaces off the Internet "immediately," agencies say.
‼ CVE-2019-12266 ‼
📖 Read
via "National Vulnerability Database".
Stack-based Buffer Overflow vulnerability in Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to run arbitrary code on the affected device. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. Wyze Cam v3 versions prior to 4.36.8.32.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40645 ‼
📖 Read
via "National Vulnerability Database".
An SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/2021 in the defkey parameter getHaveDoneTaskDataList method of the FlowTaskController.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40644 ‼
📖 Read
via "National Vulnerability Database".
An SQL Injection vulnerability exists in oasys oa_system as of 9/7/2021 in resources/mappers/notice-mapper.xml.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24763 ‼
📖 Read
via "National Vulnerability Database".
PJSIP is a free and open source multimedia communication library written in the C language. Versions 2.12 and prior contain a denial-of-service vulnerability that affects PJSIP users that consume PJSIP's XML parsing in their apps. Users are advised to update. There are no known workarounds.📖 Read
via "National Vulnerability Database".