‼ CVE-2022-21210 ‼
📖 Read
via "National Vulnerability Database".
An SQL injection vulnerability exists in the AssetActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40424 ‼
📖 Read
via "National Vulnerability Database".
An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B_03 of Webroot Secure Anywhere 21.4. A specially-crafted executable can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability. An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B_03 of Webroot Secure Anywhere 21.4. The GetProcessCommandLine IOCTL request could cause an out-of-bounds read in the device driver WRCore_x64. An attacker can issue an ioctl to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21945 ‼
📖 Read
via "National Vulnerability Database".
Two heap-based buffer overflow vulnerabilities exist in the TIFF parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities. Placeholder📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21946 ‼
📖 Read
via "National Vulnerability Database".
Two heap-based buffer overflow vulnerabilities exists in the JPEG-JFIF lossless Huffman image parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities. Placeholder📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21949 ‼
📖 Read
via "National Vulnerability Database".
An improper array index validation vulnerability exists in the JPEG-JFIF Scan header parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to an out-of-bounds write and potential code exectuion. An attacker can provide a malicious file to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40400 ‼
📖 Read
via "National Vulnerability Database".
An out-of-bounds read vulnerability exists in the RS-274X aperture macro outline primitive functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit d7f42a9a). A specially-crafted Gerber file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40405 ‼
📖 Read
via "National Vulnerability Database".
A denial of service vulnerability exists in the cgiserver.cgi Upgrade API functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40398 ‼
📖 Read
via "National Vulnerability Database".
An out-of-bounds write vulnerability exists in the parse_raster_data functionality of Accusoft ImageGear 19.10. A specially-crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44355 ‼
📖 Read
via "National Vulnerability Database".
Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44366 ‼
📖 Read
via "National Vulnerability Database".
Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44356 ‼
📖 Read
via "National Vulnerability Database".
Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27848 ‼
📖 Read
via "National Vulnerability Database".
Authenticated (admin+ user) Stored Cross-Site Scripting (XSS) in Modern Events Calendar Lite (WordPress plugin) <= 6.5.1📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21154 ‼
📖 Read
via "National Vulnerability Database".
An integer overflow vulnerability exists in the fltSaveCMP functionality of Leadtools 22. A specially-crafted BMP file can lead to an integer overflow, that in turn causes a buffer overflow. An attacker can provide a malicious BMP file to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22968 ‼
📖 Read
via "National Vulnerability Database".
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44394 ‼
📖 Read
via "National Vulnerability Database".
Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
🕴 greymatter.io Closes $7.1 Million Series A to Meet Rising Need for Its Enterprise Microservices Platform 🕴
📖 Read
via "Dark Reading".
Elsewhere Partners invests in proven service mesh and API management innovator as it grows team and breaks into new markets.📖 Read
via "Dark Reading".
Dark Reading
greymatter.io Closes $7.1 Million Series A to Meet Rising Need for Its Enterprise Microservices Platform
Elsewhere Partners invests in proven service mesh and API management innovator as it grows team and breaks into new markets.
🕴 Kaspersky Relocates Cyberthreat-Related Data Processing for Users in Latin America and Middle East to Switzerland 🕴
📖 Read
via "Dark Reading".
Also, it re-certifies its data services by TÜV AUSTRIA.📖 Read
via "Dark Reading".
Dark Reading
Kaspersky Relocates Cyberthreat-Related Data Processing for Users in Latin America and Middle East to Switzerland
Also, it re-certifies its data services by TÃœV AUSTRIA.
‼ CVE-2022-24853 ‼
📖 Read
via "National Vulnerability Database".
Metabase is an open source business intelligence and analytics application. Metabase has a proxy to load arbitrary URLs for JSON maps as part of our GeoJSON support. While we do validation to not return contents of arbitrary URLs, there is a case where a particularly crafted request could result in file access on windows, which allows enabling an `NTLM relay attack`, potentially allowing an attacker to receive the system password hash. If you use Windows and are on this version of Metabase, please upgrade immediately. The following patches (or greater versions) are available: 0.42.4 and 1.42.4, 0.41.7 and 1.41.7, 0.40.8 and 1.40.8.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24849 ‼
📖 Read
via "National Vulnerability Database".
DisCatSharp is a Discord API wrapper for .NET. Users of versions 9.8.5, 9.8.6, 9.9.0 and previously published prereleases of 10.0.0 who have used either one of the two `RequireDisCatSharpDeveloperAttribute`s or the `BaseDiscordClient.LibraryDeveloperTeam` have potentially had their bot token sent to a web server not affiliated with Discord. This server is owned and operated by DisCatSharp's development team. The tokens were not logged, yet it is still advisable to reset the tokens of potentially affected bots. 9.9.1 has been released to patch the issue for the current stable release and the current 10.0.0 prereleases are also no longer affected. Users unable to upgrade should remove all uses of the two `RequireDisCatSharpDeveloperAttribute`s and all direct calls to `BaseDiscordClient.LibraryDeveloperTeam`.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24855 ‼
📖 Read
via "National Vulnerability Database".
Metabase is an open source business intelligence and analytics application. In affected versions Metabase ships with an internal development endpoint `/_internal` that can allow for cross site scripting (XSS) attacks, potentially leading to phishing attempts with malicious links that could lead to account takeover. Users are advised to either upgrade immediately, or block access in your firewall to `/_internal` endpoints for Metabase. The following patches (or greater versions) are available: 0.42.4 and 1.42.4, 0.41.7 and 1.41.7, 0.40.8 and 1.40.8.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24846 ‼
📖 Read
via "National Vulnerability Database".
GeoWebCache is a tile caching server implemented in Java. The GeoWebCache disk quota mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. While in GeoWebCache the JNDI strings are provided via local configuration file, in GeoServer a user interface is provided to perform the same, that can be accessed remotely, and requires admin-level login to be used. These lookup are unrestricted in scope and can lead to code execution. The lookups are going to be restricted in GeoWebCache 1.21.0, 1.20.2, 1.19.3.📖 Read
via "National Vulnerability Database".