โผ CVE-2022-27830 โผ
๐ Read
via "National Vulnerability Database".
Improper validation vulnerability in SemBlurInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-27567 โผ
๐ Read
via "National Vulnerability Database".
Null pointer dereference vulnerability in parser_hvcC function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attackers.๐ Read
via "National Vulnerability Database".
๐ด Former DHS Acting IT Chief Convicted in Software, Database Theft Scheme ๐ด
๐ Read
via "Dark Reading".
Former DHS employees targeted confidential, proprietary software and personally identifying information (PII) for hundreds of thousands of federal employees.๐ Read
via "Dark Reading".
Dark Reading
Former DHS Acting IT Chief Convicted in Software, Database Theft Scheme
Former DHS employees targeted confidential, proprietary software and personally identifying information (PII) for hundreds of thousands of federal employees.
โผ CVE-2022-27528 โผ
๐ Read
via "National Vulnerability Database".
A maliciously crafted DWFX and SKP files in Autodesk Navisworks 2022 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-24837 โผ
๐ Read
via "National Vulnerability Database".
HedgeDoc is an open-source, web-based, self-hosted, collaborative markdown editor. Images uploaded with HedgeDoc version 1.9.1 and later have an enumerable filename after the upload, resulting in potential information leakage of uploaded documents. This is especially relevant for private notes and affects all upload backends, except Lutim and imgur. This issue is patched in version 1.9.3 by replacing the filename generation with UUIDv4. If you cannot upgrade to HedgeDoc 1.9.3, it is possible to block POST requests to `/uploadimage`, which will disable future uploads.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-27577 โผ
๐ Read
via "National Vulnerability Database".
The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer. These forged packets could compromise services on the MSC800. SICK has released a new firmware version of the SICK MSC800 and recommends updating to the newest version.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-27840 โผ
๐ Read
via "National Vulnerability Database".
Improper access control vulnerability in SamsungRecovery prior to version 8.1.43.0 allows local attckers to delete arbitrary files as SamsungRecovery permission.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-24829 โผ
๐ Read
via "National Vulnerability Database".
Garden is an automation platform for Kubernetes development and testing. In versions prior to 0.12.39 multiple endpoints did not require authentication. In some operating modes this allows for an attacker to gain access to the application erroneously. The configuration is leaked through the /api endpoint on the local server that is responsible for serving the Garden dashboard. At the moment, this server is accessible to 0.0.0.0 which makes it accessible to anyone on the same network (or anyone on the internet if they are on a public, static IP). This may lead to the ability to compromise credentials, secrets or environment variables. Users are advised to upgrade to version 0.12.39 as soon as possible. Users unable to upgrade should use a firewall blocking access to port 9777 from all untrusted network machines.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-27824 โผ
๐ Read
via "National Vulnerability Database".
Improper size check of in sapefd_parse_meta_DESCRIPTION function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file๐ Read
via "National Vulnerability Database".
โผ CVE-2022-1193 โผ
๐ Read
via "National Vulnerability Database".
Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, 10.8 prior to 14.8.5, and 10.9 prior to 14.9.2 allows a malicious actor to obtain details of the latest commit in a private project via Merge Requests under certain circumstances๐ Read
via "National Vulnerability Database".
โผ CVE-2022-20069 โผ
๐ Read
via "National Vulnerability Database".
In preloader (usb), there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160425; Issue ID: ALPS06160425.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-1161 โผ
๐ Read
via "National Vulnerability Database".
An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, allowing an attacker to change one and not the other.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-26099 โผ
๐ Read
via "National Vulnerability Database".
Null pointer dereference vulnerability in parser_infe function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds read by remote attackers.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-28776 โผ
๐ Read
via "National Vulnerability Database".
Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4 allows attacker to install applications from Galaxy Store without user interactions.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-27841 โผ
๐ Read
via "National Vulnerability Database".
Improper exception handling in Samsung Pass prior to version 3.7.07.5 allows physical attacker to view the screen that is previously running without authentication๐ Read
via "National Vulnerability Database".
โผ CVE-2022-27833 โผ
๐ Read
via "National Vulnerability Database".
Improper input validation in DSP driver prior to SMR Apr-2022 Release 1 allows out-of-bounds write by integer overflow.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-27821 โผ
๐ Read
via "National Vulnerability Database".
Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via crafted image file.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-28779 โผ
๐ Read
via "National Vulnerability Database".
Uncontrolled search path element vulnerability in Samsung Android USB Driver windows installer program prior to version 1.7.50 allows attacker to execute arbitrary code.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-27844 โผ
๐ Read
via "National Vulnerability Database".
Arbitrary File Read vulnerability in WPvivid Team Migration, Backup, Staging รขโฌโ WPvivid (WordPress plugin) versions <= 0.9.70๐ Read
via "National Vulnerability Database".
โผ CVE-2022-27574 โผ
๐ Read
via "National Vulnerability Database".
Improper input validation vulnerability in parser_iloc and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attacker.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-27568 โผ
๐ Read
via "National Vulnerability Database".
Heap-based buffer overflow vulnerability in parser_iloc function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.๐ Read
via "National Vulnerability Database".