βΌ CVE-2022-28994 βΌ
π Read
via "National Vulnerability Database".
Small HTTP Server version 3.06 suffers from a remote buffer overflow vulnerability via long GET request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1249 βΌ
π Read
via "National Vulnerability Database".
A NULL pointer dereference flaw was found in pesign's cms_set_pw_data() function of the cms_common.c file. The function fails to handle the NULL pwdata invocation from daemon.c, which leads to an explicit NULL dereference and crash on all attempts to daemonize pesign.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29451 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) leading to Arbitrary File Upload vulnerability in Rara One Click Demo Import plugin <= 1.2.9 on WordPress allows attackers to trick logged-in admin users into uploading dangerous files into /wp-content/uploads/ directory.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-1195 βΌ
π Read
via "National Vulnerability Database".
A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early.π Read
via "National Vulnerability Database".
βΌ CVE-2021-4207 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0984 βΌ
π Read
via "National Vulnerability Database".
Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29856 βΌ
π Read
via "National Vulnerability Database".
A hardcoded cryptographic key in Automation360 22 allows an attacker to decrypt exported RPA packages.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1048 βΌ
π Read
via "National Vulnerability Database".
A use-after-free flaw was found in the Linux kernelΓ’β¬β’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3982 βΌ
π Read
via "National Vulnerability Database".
Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issue. An attacker, with low privilege permissions, may take advantage of the way CAP_SYS_NICE is currently implemented and eventually load code to increase its process scheduler priority leading to possible DoS of other services running in the same machine.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1015 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29934 βΌ
π Read
via "National Vulnerability Database".
USU Oracle Optimization before 5.17.5 lacks Polkit authentication, which allows smartcollector users to achieve root access via pkexec. NOTE: this is not an Oracle Corporation product.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0985 βΌ
π Read
via "National Vulnerability Database".
Insufficient capability checks could allow users with the moodle/site:uploadusers capability to delete users, without having the necessary moodle/user:delete capability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1402 βΌ
π Read
via "National Vulnerability Database".
ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition.π Read
via "National Vulnerability Database".
βΌ CVE-2021-4206 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1403 βΌ
π Read
via "National Vulnerability Database".
ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds write condition.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43938 βΌ
π Read
via "National Vulnerability Database".
Elcomplus SmartPTT SCADA Server is vulnerable to an unauthenticated user can request various files from the server without any authentication or authorization.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36207 βΌ
π Read
via "National Vulnerability Database".
Under certain circumstances improper privilege management in Metasys ADS/ADX/OAS servers versions 10 and 11 could allow an authenticated user to elevate their privileges to administrator.π Read
via "National Vulnerability Database".
π΄ Cloudflare Flags Largest HTTPS DDoS Attack It's Ever Recorded π΄
π Read
via "Dark Reading".
This scale of this month's encrypted DDoS attack over HTTPS suggests a well-resourced operation, analysts say.π Read
via "Dark Reading".
Dark Reading
Cloudflare Flags Largest HTTPS DDoS Attack It's Ever Recorded
This scale of this month's encrypted DDoS attack over HTTPS suggests a well-resourced operation, analysts say.
βΌ CVE-2022-1543 βΌ
π Read
via "National Vulnerability Database".
Improper handling of Length parameter in GitHub repository erudika/scoold prior to 1.49.4. When the text size is large enough the service results in a momentary outage in a production environment. That can lead to memory corruption on the server.π Read
via "National Vulnerability Database".
π΄ Critical Vulnerabilities Leave Some Network-Attached Storage Devices Open to Attack π΄
π Read
via "Dark Reading".
QNAP and Synology say flaws in the Netatalk fileserver allow remote code execution and information disclosure.π Read
via "Dark Reading".
Dark Reading
Critical Vulnerabilities Leave Some Network-Attached Storage Devices Open to Attack
QNAP and Synology say flaws in the Netatalk fileserver allow remote code execution and information disclosure.
βΌ CVE-2022-25854 βΌ
π Read
via "National Vulnerability Database".
This affects the package @yaireo/tagify before 4.9.8. The package is used for rendering UI components inside the input or text fields, and an attacker can pass a malicious placeholder value to it to fire the XSS payload.π Read
via "National Vulnerability Database".