βΌ CVE-2022-1381 βΌ
π Read
via "National Vulnerability Database".
global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote executionπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1383 βΌ
π Read
via "National Vulnerability Database".
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.8. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1382 βΌ
π Read
via "National Vulnerability Database".
NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of making the radare2 crash, thus affecting the availability of the system.π Read
via "National Vulnerability Database".
ποΈ XSS vulnerability in open source tool PrivateBin patched ποΈ
π Read
via "The Daily Swig".
Flaw allowed malicious JavaScript to be embedded in an SVG fileπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
XSS vulnerability in open source tool PrivateBin patched
Flaw allowed malicious JavaScript to be embedded in an SVG file
β Cyberattackers Put the Pedal to the Medal: Podcast β
π Read
via "Threat Post".
Fortinet's Derek Manky discusses the exponential increase in the speed that attackers weaponize fresh vulnerabilities, where botnets and offensive automation fit in, and the ramifications for security teams.π Read
via "Threat Post".
π΄ Strength in Unity: Why It's Especially Important to Strengthen Your Supply Chain Now π΄
π Read
via "Dark Reading".
The ongoing war in Ukraine means that defenses are only as good and as strong as those with whom we partner.π Read
via "Dark Reading".
Dark Reading
Strength in Unity: Why It's Especially Important to Strengthen Your Supply Chain Now
The ongoing war in Ukraine means that defenses are only as good and as strong as those with whom we partner.
π1
βΌ CVE-2022-28810 βΌ
π Read
via "National Vulnerability Database".
Zoho ManageEngine ADSelfService Plus before 6122 allows an authenticated user to achieve remote code execution via executable CMD.EXE input in a password field, This only occurs if a certain password sync feature is enabled that uses passwords as script arguments.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27908 βΌ
π Read
via "National Vulnerability Database".
Zoho ManageEngine OpManager before 125588 (and before 125603) is vulnerable to authenticated SQL Injection in the Inventory Reports module.π Read
via "National Vulnerability Database".
π1
π AIEngine 2.1.0 π
π Read
via "Packet Storm Security".
AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.π Read
via "Packet Storm Security".
Packetstormsecurity
AIEngine 2.1.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2022-26631 βΌ
π Read
via "National Vulnerability Database".
Automatic Question Paper Generator v1.0 contains a Time-Based Blind SQL injection vulnerability via the id GET parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26665 βΌ
π Read
via "National Vulnerability Database".
An Insecure Direct Object Reference issue exists in the Tyler Odyssey platform before 17.1.20. This may allow an external party to access sensitive case records.π Read
via "National Vulnerability Database".
π΄ Name That Toon: Helping Hands π΄
π Read
via "Dark Reading".
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.π Read
via "Dark Reading".
Dark Reading
Name That Toon: Helping Hands
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
βΌ CVE-2020-28607 βΌ
π Read
via "National Vulnerability Database".
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_face() set_halfedge().π Read
via "National Vulnerability Database".
βΌ CVE-2020-28634 βΌ
π Read
via "National Vulnerability Database".
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->next().π Read
via "National Vulnerability Database".
βΌ CVE-2020-13567 βΌ
π Read
via "National Vulnerability Database".
Multiple SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2020-28622 βΌ
π Read
via "National Vulnerability Database".
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_edge() eh->incident_sface().π Read
via "National Vulnerability Database".
π1
βΌ CVE-2020-25163 βΌ
π Read
via "National Vulnerability Database".
A remote attacker with write access to PI ProcessBook files could inject code that is imported into OSIsoft PI Vision 2020 versions prior to 3.5.0. Unauthorized information disclosure, modification, or deletion is also possible if a victim views or interacts with the infected display. This vulnerability affects PI System data and other data accessible with victimΓ’β¬β’s user permissions.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28633 βΌ
π Read
via "National Vulnerability Database".
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->prev().π Read
via "National Vulnerability Database".
βΌ CVE-2021-23284 βΌ
π Read
via "National Vulnerability Database".
Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to Stored Cross-site Scripting vulnerability. This issue affects: Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) all version 1.5.0plus205 and prior versions.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28602 βΌ
π Read
via "National Vulnerability Database".
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_vertex() Halfedge_of[].π Read
via "National Vulnerability Database".
βΌ CVE-2022-27529 βΌ
π Read
via "National Vulnerability Database".
A maliciously crafted PICT, BMP, PSD or TIF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 may be used to write beyond the allocated buffer while parsing PICT, BMP, PSD or TIF file. This vulnerability may be exploited to execute arbitrary code.π Read
via "National Vulnerability Database".