βΌ CVE-2021-44167 βΌ
π Read
via "National Vulnerability Database".
An incorrect permission assignment for critical resource vulnerability [CWE-732] in FortiClient for Linux version 6.0.8 and below, 6.2.9 and below, 6.4.7 and below, 7.0.2 and below may allow an unauthenticated attacker to access sensitive information in log files and directories via symbolic links.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-27656 βΌ
π Read
via "National Vulnerability Database".
The Web administration UI of SAP Web Dispatcher and the Internet Communication Manager (ICM) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1622 βΌ
π Read
via "National Vulnerability Database".
LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28214 βΌ
π Read
via "National Vulnerability Database".
During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon event logs. This Information Disclosure could cause a high impact on systemsΓ’β¬β’ Confidentiality, Integrity, and Availability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29977 βΌ
π Read
via "National Vulnerability Database".
There is an assertion failure error in stbi__jpeg_huff_decode, stb_image.h:1894 in libsixel img2sixel 1.8.6. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted JPEG file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28774 βΌ
π Read
via "National Vulnerability Database".
Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be restricted.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29898 βΌ
π Read
via "National Vulnerability Database".
On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the configuration file uploader in the WebUI to execute arbitrary code with root privileges on the OS due to an improper validation of an integrity check value in all versions of the firmware.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29009 βΌ
π Read
via "National Vulnerability Database".
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0 allows attackers to bypass authentication.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29610 βΌ
π Read
via "National Vulnerability Database".
SAP NetWeaver Application Server ABAP allows an authenticated attacker to upload malicious files and delete (theme) data, which could result in Stored Cross-Site Scripting (XSS) attack.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28077 βΌ
π Read
via "National Vulnerability Database".
Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Admin panel via the $_GET['s'] parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29008 βΌ
π Read
via "National Vulnerability Database".
An insecure direct object reference (IDOR) vulnerability in the viewid parameter of Bus Pass Management System v1.0 allows attackers to access sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1623 βΌ
π Read
via "National Vulnerability Database".
LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29932 βΌ
π Read
via "National Vulnerability Database".
The HTTP Server in PRIMEUR SPAZIO 2.5.1.954 (File Transfer) allows an unauthenticated attacker to obtain sensitive data (related to the content of transferred files) via a crafted HTTP request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29611 βΌ
π Read
via "National Vulnerability Database".
SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29006 βΌ
π Read
via "National Vulnerability Database".
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0 allows attackers to bypass authentication.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28078 βΌ
π Read
via "National Vulnerability Database".
Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Admin panel via the $_GET['page'] parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29897 βΌ
π Read
via "National Vulnerability Database".
On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the traceroute utility integrated in the WebUI to execute arbitrary code with root privileges on the OS due to an improper input validation in all versions of the firmware.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29978 βΌ
π Read
via "National Vulnerability Database".
There is a floating point exception error in sixel_encoder_do_resize, encoder.c:633 in libsixel img2sixel 1.8.6. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted JPEG file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29007 βΌ
π Read
via "National Vulnerability Database".
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Dairy Farm Shop Management System v1.0 allows attackers to bypass authentication.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29613 βΌ
π Read
via "National Vulnerability Database".
Due to insufficient input validation, SAP Employee Self Service allows an authenticated attacker with user privileges to alter employee number. On successful exploitation, the attacker can view personal details of other users causing a limited impact on confidentiality of the application.π Read
via "National Vulnerability Database".
π΄ Quantum Ransomware Strikes Quickly, How to Prepare and Recover π΄
π Read
via "Dark Reading".
NYC-area cybersecurity expert shares the anatomy of a Quantum Ransomware attack and how to prevent, detect and recover from a ransomware attack, in a new article from eMazzanti Technologies.π Read
via "Dark Reading".
Darkreading
Quantum Ransomware Strikes Quickly, How to Prepare and Recover
NYC-area cybersecurity expert shares the anatomy of a Quantum Ransomware attack and how to prevent, detect and recover from a ransomware attack, in a new article from eMazzanti Technologies.