‼ CVE-2022-22774 ‼
📖 Read
via "National Vulnerability Database".
The DOM XML parser and SAX XML parser components of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center, TIBCO Managed File Transfer Command Center, TIBCO Managed File Transfer Internet Server, and TIBCO Managed File Transfer Internet Server contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute XML External Entity (XXE) attacks on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center: versions 8.3.1 and below, TIBCO Managed File Transfer Command Center: versions 8.4.0 and 8.4.1, TIBCO Managed File Transfer Internet Server: versions 8.3.1 and below, and TIBCO Managed File Transfer Internet Server: versions 8.4.0 and 8.4.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1649 ‼
📖 Read
via "National Vulnerability Database".
Null pointer dereference in libr/bin/format/mach0/mach0.c in radareorg/radare2 in GitHub repository radareorg/radare2 prior to 5.7.0. It is likely to be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/476.html).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22454 ‼
📖 Read
via "National Vulnerability Database".
IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.📖 Read
via "National Vulnerability Database".
🕴 US Pledges to Help Ukraine Keep the Internet and Lights On 🕴
📖 Read
via "Dark Reading".
US State Department outlines coordinated government effort to provide Ukraine with cybersecurity intelligence, expertise, and resources amid invasion.📖 Read
via "Dark Reading".
Darkreading
US Pledges to Help Ukraine Keep the Internet and Lights On
US State Department outlines coordinated government effort to provide Ukraine with cybersecurity intelligence, expertise, and resources amid invasion.
‼ CVE-2022-24466 ‼
📖 Read
via "National Vulnerability Database".
Windows Hyper-V Security Feature Bypass Vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20006 ‼
📖 Read
via "National Vulnerability Database".
In several functions of KeyguardServiceWrapper.java and related files,, there is a possible way to briefly view what's under the lockscreen due to a race condition. This could lead to local escalation of privilege if a Guest user is enabled, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-151095871📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1453 ‼
📖 Read
via "National Vulnerability Database".
The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-util.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to and including 9.2.5.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29129 ‼
📖 Read
via "National Vulnerability Database".
Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141.📖 Read
via "National Vulnerability Database".
🤯1
‼ CVE-2022-20115 ‼
📖 Read
via "National Vulnerability Database".
In broadcastServiceStateChanged of TelephonyRegistry.java, there is a possible way to learn base station information without location permission due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-210118427📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20008 ‼
📖 Read
via "National Vulnerability Database".
In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216481035References: Upstream kernel📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26930 ‼
📖 Read
via "National Vulnerability Database".
Windows Remote Access Connection Manager Information Disclosure Vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1442 ‼
📖 Read
via "National Vulnerability Database".
The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe, Mailchimp, Hubspot, HelpScout, reCAPTCHA and many more, in versions up to and including 2.1.3.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20004 ‼
📖 Read
via "National Vulnerability Database".
In checkSlicePermission of SliceManagerService.java, it is possible to access any slice URI due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-179699767📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20009 ‼
📖 Read
via "National Vulnerability Database".
In various functions of the USB gadget subsystem, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-213172319References: Upstream kernel📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39670 ‼
📖 Read
via "National Vulnerability Database".
In setStream of WallpaperManager.java, there is a possible way to cause a permanent DoS due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-204087139📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23270 ‼
📖 Read
via "National Vulnerability Database".
Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21972.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29131 ‼
📖 Read
via "National Vulnerability Database".
Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20005 ‼
📖 Read
via "National Vulnerability Database".
In validateApkInstallLocked of PackageInstallerSession.java, there is a way to force a mismatch between running code and a parsed APK . This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-219044664📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26927 ‼
📖 Read
via "National Vulnerability Database".
Windows Graphics Component Remote Code Execution Vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29115 ‼
📖 Read
via "National Vulnerability Database".
Windows Fax Service Remote Code Execution Vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29127 ‼
📖 Read
via "National Vulnerability Database".
BitLocker Security Feature Bypass Vulnerability.📖 Read
via "National Vulnerability Database".