‼ CVE-2022-24440 ‼
📖 Read
via "National Vulnerability Database".
The package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1.6.3 are vulnerable to Command Injection via git argument injection. When calling the Pod::Downloader.preprocess_options function and using git, both the git and branch parameters are passed to the git ls-remote subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-1207 ‼
📖 Read
via "National Vulnerability Database".
Out-of-bounds read in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to read sensitive information from outside the allocated buffer boundary.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23158 ‼
📖 Read
via "National Vulnerability Database".
Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A local authenticated user with standard privilege could potentially exploit this vulnerability and provide incorrect port information and get connected to valid WMS server📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23157 ‼
📖 Read
via "National Vulnerability Database".
Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A authenticated malicious user could potentially exploit this vulnerability in order to view sensitive information from the WMS Server.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24426 ‼
📖 Read
via "National Vulnerability Database".
Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26562 ‼
📖 Read
via "National Vulnerability Database".
An issue in provider/libserver/ECKrbAuth.cpp of Kopano-Core v11.0.2.51 contains an issue which allows attackers to authenticate even if the user account or password is expired.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23156 ‼
📖 Read
via "National Vulnerability Database".
Wyse Device Agent version 14.6.1.4 and below contain an Improper Authentication vulnerability. A malicious user could potentially exploit this vulnerability by providing invalid input in order to obtain a connection to WMS server.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23155 ‼
📖 Read
via "National Vulnerability Database".
Dell Wyse Management Suite versions 2.0 through 3.5.2 contain an unrestricted file upload vulnerability. A malicious user with admin privileges can exploit this vulnerability in order to execute arbitrary code on the system.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24066 ‼
📖 Read
via "National Vulnerability Database".
The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of [CVE-2022-24433](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2421199) which only patches against the git fetch attack vector. A similar use of the --upload-pack feature of git is also supported for git clone, which the prior fix didn't cover.📖 Read
via "National Vulnerability Database".
🕴 Apple's Zero-Day Woes Continue 🕴
📖 Read
via "Dark Reading".
Two new bugs in macOS and iOS disclosed this week add to the growing list of zero-days the company has rushed to patch over the past year.📖 Read
via "Dark Reading".
Dark Reading
Apple's Zero-Day Woes Continue
Two new bugs in macOS and iOS disclosed this week add to the growing list of zero-days the company has rushed to patch over the past year.
‼ CVE-2022-22963 ‼
📖 Read
via "National Vulnerability Database".
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27177 ‼
📖 Read
via "National Vulnerability Database".
A Python format string issue leading to information disclosure and potentially remote code execution in ConsoleMe for all versions prior to 1.2.2📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25156 ‼
📖 Read
via "National Vulnerability Database".
Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to login to the product by using a password reversed from a previously eavesdropped password hash.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1098 ‼
📖 Read
via "National Vulnerability Database".
Delta Electronics DIAEnergie (all versions prior to 1.8.02.004) are vulnerable to a DLL hijacking condition. When combined with the Incorrect Default Permissions vulnerability of 4.2.2 above, this makes it possible for an attacker to escalate privileges📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26417 ‼
📖 Read
via "National Vulnerability Database".
Omron CX-Position (versions 2.5.3 and prior) is vulnerable to a use after free memory condition while processing a specific project file, which may allow an attacker to execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0489 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab CE/EE affecting all versions starting with 8.15 . It was possible to trigger a DOS by using the math feature with a specific formula in issue comments.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25959 ‼
📖 Read
via "National Vulnerability Database".
Omron CX-Position (versions 2.5.3 and prior) is vulnerable to memory corruption while processing a specific project file, which may allow an attacker to execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22950 ‼
📖 Read
via "National Vulnerability Database".
n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1068 ‼
📖 Read
via "National Vulnerability Database".
Modbus Tools Modbus Slave (versions 7.4.2 and prior) is vulnerable to a stack-based buffer overflow in the registration field. This may cause the program to crash when a long character string is used.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26624 ‼
📖 Read
via "National Vulnerability Database".
An local privilege escalation vulnerability due to a "runasroot" command in eScan Anti-Virus. This vulnerability is due to invalid arguments and insufficient execution conditions related to "runasroot" command. This vulnerability can induce remote attackers to exploit root privileges by manipulating parameter values.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-14839 ‼
📖 Read
via "National Vulnerability Database".
It was observed that while login into Business-central console, HTTP request discloses sensitive information like username and password when intercepted using some tool like burp suite etc.📖 Read
via "National Vulnerability Database".