‼ CVE-2021-43154 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability exists in CMS Made Simple 2.2.15 via the Name field in an Add Category action in moduleinterface.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24847 ‼
📖 Read
via "National Vulnerability Database".
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can happen while configuring data stores with data sources located in JNDI, or while setting up the disk quota mechanism. In order to perform any of the above changes, the attack needs to have obtained admin rights and use either the GeoServer GUI, or its REST API. The lookups are going to be restricted in GeoServer 2.21.0, 2.20.4, 1.19.6. Users unable to upgrade should restrict access to the `geoserver/web` and `geoserver/rest` via a firewall and ensure that the GeoWebCache is not remotely accessible.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24843 ‼
📖 Read
via "National Vulnerability Database".
Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Gin-vue-admin 2.50 has arbitrary file read vulnerability due to a lack of parameter validation. This has been resolved in version 2.5.1. There are no known workarounds for this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1350 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in Ghostscript 9.55.0. This vulnerability affects the function chunk_free_object of the file gsmchunk.c. The manipulation with a malicious file leads to a memory corruption. The attack can be initiated remotely but requires user interaction. The exploit has been disclosed to the public as a POC and may be used. It is recommended to apply the patches to fix this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1279 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the encryption implementation of EBICS messages in the open source librairy ebics-java/ebics-java-client allows an attacker sniffing network traffic to decrypt EBICS payloads. This issue affects: ebics-java/ebics-java-client versions prior to 1.2.📖 Read
via "National Vulnerability Database".
👍2
⚠ US cryptocurrency coder gets 5 years for North Korea sanctions busting ⚠
📖 Read
via "Naked Security".
Cryptocurrency expert didn't take "No" for an answer when the US authorities said he couldn't pursue cryptocoin opps in North Korea.📖 Read
via "Naked Security".
Naked Security
US cryptocurrency coder gets 5 years for North Korea sanctions busting
Cryptocurrency expert didn’t take “No” for an answer when the US authorities said he couldn’t pursue cryptocoin opps in North Korea.
🤔1
⚠ S3 Ep78: Darkweb hydra, Ruby, quantum computing, and a robot revolution [Podcast] ⚠
📖 Read
via "Naked Security".
Latest episode - listen now!📖 Read
via "Naked Security".
Naked Security
S3 Ep78: Darkweb hydra, Ruby, quantum computing, and a robot revolution [Podcast]
Latest episode – listen now!
👍1
‼ CVE-2022-27445 ‼
📖 Read
via "National Vulnerability Database".
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43289 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into an arbitrary directory of a GoCD server, but does not control the filename.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27451 ‼
📖 Read
via "National Vulnerability Database".
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-27452 ‼
📖 Read
via "National Vulnerability Database".
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27446 ‼
📖 Read
via "National Vulnerability Database".
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27457 ‼
📖 Read
via "National Vulnerability Database".
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26507 ‼
📖 Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the same as any of: CVE-2021-21810, CVE-2021-21811, CVE-2021-21812, CVE-2021-21815, CVE-2021-21825, CVE-2021-21826, CVE-2021-21828, CVE-2021-21829, or CVE-2021-21830. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43287 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in ThoughtWorks GoCD before 21.3.0. The business continuity add-on, which is enabled by default, leaks all secrets known to the GoCD server to unauthenticated attackers.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27448 ‼
📖 Read
via "National Vulnerability Database".
There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27456 ‼
📖 Read
via "National Vulnerability Database".
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43288 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker in control of a GoCD Agent can plant malicious JavaScript into a failed Job Report.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27458 ‼
📖 Read
via "National Vulnerability Database".
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27444 ‼
📖 Read
via "National Vulnerability Database".
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43290 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into a directory of a GoCD server. They can control the filename but the directory is placed inside of a directory that they can't control.📖 Read
via "National Vulnerability Database".