βΌ CVE-2022-26819 βΌ
π Read
via "National Vulnerability Database".
Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28113 βΌ
π Read
via "National Vulnerability Database".
An issue in upload.csp of FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows attackers to write files and reset the user passwords without having a valid session cookie.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44486 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can manipulate the value of a function pointer used in op_write in sr_port/op_write.c in order to gain control of the flow of execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26917 βΌ
π Read
via "National Vulnerability Database".
Windows Fax Compose Form Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26916, CVE-2022-26918.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24479 βΌ
π Read
via "National Vulnerability Database".
Connected User Experiences and Telemetry Elevation of Privilege Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44497 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, can cause the bounds of a for loop to be miscalculated, which leads to a use after free condition a pointer is pushed into previously free memory by the loop.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24481 βΌ
π Read
via "National Vulnerability Database".
Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24521.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21983 βΌ
π Read
via "National Vulnerability Database".
Win32 Stream Enumeration Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24534.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44482 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of input validation in calls to do_verify in sr_unix/do_verify.c allows attackers to attempt to jump to a NULL pointer by corrupting a function pointer.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26811 βΌ
π Read
via "National Vulnerability Database".
Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829.π Read
via "National Vulnerability Database".
π Friday Five 4/15 π
π Read
via "".
In this weekβs Friday Five, catch up on the latest attacks from Russian and North Korean hackers, a shocking report on businessesβ willingness to prioritize security, why consumers are caring less about their own security, and more!π Read
via "".
Digital Guardian
Friday Five 4/15
In this weekβs Friday Five, catch up on the latest attacks from Russian and North Korean hackers, a shocking report on businessesβ willingness to prioritize security, why consumers are caring less about their own security, and more!
βΌ CVE-2022-27427 βΌ
π Read
via "National Vulnerability Database".
A zero-code remote code injection vulnerability via configuration.php in Chamilo LMS v1.11.13 allows attackers to upload arbitrary code in the form of a new plugin.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29072 βΌ
π Read
via "National Vulnerability Database".
7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27423 βΌ
π Read
via "National Vulnerability Database".
Chamilo LMS v1.11.13 was discovered to contain a SQL injection vulnerability via the blog_id parameter at /blog/blog.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27426 βΌ
π Read
via "National Vulnerability Database".
A Server-Side Request Forgery (SSRF) in Chamilo LMS v1.11.13 allows attackers to enumerate the internal network and execute arbitrary system commands via a crafted Phar file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27422 βΌ
π Read
via "National Vulnerability Database".
A reflected cross-site scripting (XSS) vulnerability in Chamilo LMS v1.11.13 allows attackers to execute arbitrary web scripts or HTML via user interaction with a crafted URL.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24279 βΌ
π Read
via "National Vulnerability Database".
The package madlib-object-utils before 0.1.8 are vulnerable to Prototype Pollution via the setValue method, as it allows an attacker to merge object prototypes into it. *Note:* This vulnerability derives from an incomplete fix of [CVE-2020-7701](https://security.snyk.io/vuln/SNYK-JS-MADLIBOBJECTUTILS-598676)π Read
via "National Vulnerability Database".
βΌ CVE-2022-27425 βΌ
π Read
via "National Vulnerability Database".
Chamilo LMS v1.11.13 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /blog/blog.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27421 βΌ
π Read
via "National Vulnerability Database".
Chamilo LMS v1.11.13 lacks validation on the user modification form, allowing attackers to escalate privileges to Platform Admin.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29281 βΌ
π Read
via "National Vulnerability Database".
Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clicking on a link. There is improper validation of the file URI scheme. A hyperlink to an SMB share could lead to execution of an arbitrary program (or theft of NTLM credentials via an SMB relay attack, because the application resolves UNC paths).π Read
via "National Vulnerability Database".
π΄ Google Emergency Update Fixes Chrome Zero-Day π΄
π Read
via "Dark Reading".
Google patches a critical flaw in its Chrome browser, bringing its count of zero-day vulnerabilities fixed in 2022 to four.π Read
via "Dark Reading".
Dark Reading
Google Emergency Update Fixes Chrome Zero-Day
Google patches a critical flaw in its Chrome browser, bringing its count of zero-day vulnerabilities fixed in 2022 to four.