βΌ CVE-2022-28906 βΌ
π Read
via "National Vulnerability Database".
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the langtype parameter in /setting/setLanguageCfg.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26988 βΌ
π Read
via "National Vulnerability Database".
TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MntAte` function. Local users could get remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28915 βΌ
π Read
via "National Vulnerability Database".
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a command injection vulnerability via the admuser and admpass parameters in /goform/setSysAdm.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29323 βΌ
π Read
via "National Vulnerability Database".
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the MAC parameter in /goform/editassignment.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29328 βΌ
π Read
via "National Vulnerability Database".
D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a stack overflow via the function checkvalidupgrade.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29321 βΌ
π Read
via "National Vulnerability Database".
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the lanip parameter in /goform/setNetworkLan.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29324 βΌ
π Read
via "National Vulnerability Database".
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the proto parameter in /goform/form2IPQoSTcAdd.π Read
via "National Vulnerability Database".
β Colonial Pipeline facing $1,000,000 fine for poor recovery plans β
π Read
via "Naked Security".
How good is your cybersecurity? Are you making the same mistakes as lots of other people? Here's some real-life advice...π Read
via "Naked Security".
Naked Security
Colonial Pipeline facing $1,000,000 fine for poor recovery plans
How good is your cybersecurity? Are you making the same mistakes as lots of other people? Hereβs some real-life adviceβ¦
π΄ Lincoln College Set to Close After Crippling Cyberattack π΄
π Read
via "Dark Reading".
COVID-19 and a December 2021 cyberattack combined to put the future of Abraham Lincoln's namesake college in peril.π Read
via "Dark Reading".
Darkreading
Lincoln College Set to Close After Crippling Cyberattack
COVID-19 and a December 2021 cyberattack combined to put the future of Abraham Lincoln's namesake college in peril.
βΌ CVE-2021-39024 βΌ
π Read
via "National Vulnerability Database".
IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213862.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22774 βΌ
π Read
via "National Vulnerability Database".
The DOM XML parser and SAX XML parser components of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center, TIBCO Managed File Transfer Command Center, TIBCO Managed File Transfer Internet Server, and TIBCO Managed File Transfer Internet Server contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute XML External Entity (XXE) attacks on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center: versions 8.3.1 and below, TIBCO Managed File Transfer Command Center: versions 8.4.0 and 8.4.1, TIBCO Managed File Transfer Internet Server: versions 8.3.1 and below, and TIBCO Managed File Transfer Internet Server: versions 8.4.0 and 8.4.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1649 βΌ
π Read
via "National Vulnerability Database".
Null pointer dereference in libr/bin/format/mach0/mach0.c in radareorg/radare2 in GitHub repository radareorg/radare2 prior to 5.7.0. It is likely to be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/476.html).π Read
via "National Vulnerability Database".
βΌ CVE-2022-22454 βΌ
π Read
via "National Vulnerability Database".
IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.π Read
via "National Vulnerability Database".
π΄ US Pledges to Help Ukraine Keep the Internet and Lights On π΄
π Read
via "Dark Reading".
US State Department outlines coordinated government effort to provide Ukraine with cybersecurity intelligence, expertise, and resources amid invasion.π Read
via "Dark Reading".
Darkreading
US Pledges to Help Ukraine Keep the Internet and Lights On
US State Department outlines coordinated government effort to provide Ukraine with cybersecurity intelligence, expertise, and resources amid invasion.
βΌ CVE-2022-24466 βΌ
π Read
via "National Vulnerability Database".
Windows Hyper-V Security Feature Bypass Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20006 βΌ
π Read
via "National Vulnerability Database".
In several functions of KeyguardServiceWrapper.java and related files,, there is a possible way to briefly view what's under the lockscreen due to a race condition. This could lead to local escalation of privilege if a Guest user is enabled, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-151095871π Read
via "National Vulnerability Database".
βΌ CVE-2022-1453 βΌ
π Read
via "National Vulnerability Database".
The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-util.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to and including 9.2.5.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29129 βΌ
π Read
via "National Vulnerability Database".
Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141.π Read
via "National Vulnerability Database".
π€―1
βΌ CVE-2022-20115 βΌ
π Read
via "National Vulnerability Database".
In broadcastServiceStateChanged of TelephonyRegistry.java, there is a possible way to learn base station information without location permission due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-210118427π Read
via "National Vulnerability Database".
βΌ CVE-2022-20008 βΌ
π Read
via "National Vulnerability Database".
In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216481035References: Upstream kernelπ Read
via "National Vulnerability Database".
βΌ CVE-2022-26930 βΌ
π Read
via "National Vulnerability Database".
Windows Remote Access Connection Manager Information Disclosure Vulnerability.π Read
via "National Vulnerability Database".