‼ CVE-2021-39780 ‼
📖 Read
via "National Vulnerability Database".
In Traceur, there is a possible bypass of developer settings requirements for capturing system traces due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-204992293📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39773 ‼
📖 Read
via "National Vulnerability Database".
In VpnManagerService, there is a possible disclosure of installed VPN packages due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-191276656📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23795 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. A user row was not bound to a specific authentication mechanism which could under very special circumstances allow an account takeover.📖 Read
via "National Vulnerability Database".
❌ Critical RCE Bug in Spring Could Be the Next Log4Shell, Researchers Warn ❌
📖 Read
via "Threat Post".
The so-called 'Spring4Shell' bug has cropped up, so to speak, and could be lurking in literally millions of Java applications.📖 Read
via "Threat Post".
Threat Post
RCE Bug in Spring Cloud Could Be the Next Log4Shell, Researchers Warn
The security bug could crop up, so to speak, in any number of Java applications.
‼ CVE-2021-39790 ‼
📖 Read
via "National Vulnerability Database".
In Dialer, there is a possible way to manipulate visual voicemail settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-186405146📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24135 ‼
📖 Read
via "National Vulnerability Database".
QingScan 1.3.0 is affected by Cross Site Scripting (XSS) vulnerability in all search functions.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24132 ‼
📖 Read
via "National Vulnerability Database".
phpshe V1.8 is affected by a denial of service (DoS) attack in the registry's verification code, which can paralyze the target service.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28223 ‼
📖 Read
via "National Vulnerability Database".
Tekon KIO devices through 2022-03-30 allow an authenticated admin user to escalate privileges to root by uploading a malicious Lua plugin.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27772 ‼
📖 Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1160 ‼
📖 Read
via "National Vulnerability Database".
heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.📖 Read
via "National Vulnerability Database".
🕴 CISA, DOE Warn of Attacks on Uninterruptible Power Supply (UPS) Devices 🕴
📖 Read
via "Dark Reading".
Take UPS management interfaces off the Internet "immediately," agencies say.📖 Read
via "Dark Reading".
Dark Reading
CISA, DOE Warn of Attacks on Uninterruptible Power Supply (UPS) Devices
Take UPS management interfaces off the Internet "immediately," agencies say.
‼ CVE-2019-12266 ‼
📖 Read
via "National Vulnerability Database".
Stack-based Buffer Overflow vulnerability in Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to run arbitrary code on the affected device. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. Wyze Cam v3 versions prior to 4.36.8.32.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40645 ‼
📖 Read
via "National Vulnerability Database".
An SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/2021 in the defkey parameter getHaveDoneTaskDataList method of the FlowTaskController.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40644 ‼
📖 Read
via "National Vulnerability Database".
An SQL Injection vulnerability exists in oasys oa_system as of 9/7/2021 in resources/mappers/notice-mapper.xml.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24763 ‼
📖 Read
via "National Vulnerability Database".
PJSIP is a free and open source multimedia communication library written in the C language. Versions 2.12 and prior contain a denial-of-service vulnerability that affects PJSIP users that consume PJSIP's XML parsing in their apps. Users are advised to update. There are no known workarounds.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-9564 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the authentication logic of Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to bypass login and control the devices. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. Wyze Cam v3 versions prior to 4.36.8.32.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45031 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in MEPSAN's USC+ before version 3.0 has a weakness in login function which lets attackers to generate high privileged accounts passwords.📖 Read
via "National Vulnerability Database".
🕴 Zero-Day Vulnerability Discovered in Java Spring Framework 🕴
📖 Read
via "Dark Reading".
A proof-of-concept exploit allows remote compromises of Spring Web applications.📖 Read
via "Dark Reading".
Dark Reading
Zero-Day Vulnerability Discovered in Java Spring Framework
A proof-of-concept exploit allows remote compromises of Spring Web applications.
‼ CVE-2022-24790 ‼
📖 Read
via "National Vulnerability Database".
Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46008 ‼
📖 Read
via "National Vulnerability Database".
In totolink a3100r V5.9c.4577, the hard-coded telnet password can be discovered from official released firmware. An attacker, who has connected to the Wi-Fi, can easily telnet into the target with root shell if the telnet is function turned on.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46010 ‼
📖 Read
via "National Vulnerability Database".
Totolink A3100R V5.9c.4577 suffers from Use of Insufficiently Random Values via the web configuration. The SESSION_ID is predictable. An attacker can hijack a valid session and conduct further malicious operations.📖 Read
via "National Vulnerability Database".