βΌ CVE-2022-28269 βΌ
π Read
via "National Vulnerability Database".
Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability in the processing of Annotation objects that could result in a memory leak in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28240 βΌ
π Read
via "National Vulnerability Database".
Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29845 βΌ
π Read
via "National Vulnerability Database".
In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read the contents of a local file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28245 βΌ
π Read
via "National Vulnerability Database".
Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29846 βΌ
π Read
via "National Vulnerability Database".
In Progress Ipswitch WhatsUp Gold 16.1 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to obtain the WhatsUp Gold installation serial number.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30449 βΌ
π Read
via "National Vulnerability Database".
Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in room.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30062 βΌ
π Read
via "National Vulnerability Database".
ftcms <=2.1 was discovered to be vulnerable to Arbitrary File Read via tp.phpπ Read
via "National Vulnerability Database".
βΌ CVE-2022-30057 βΌ
π Read
via "National Vulnerability Database".
Shopwind <=v3.4.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30448 βΌ
π Read
via "National Vulnerability Database".
Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a File upload vulnerability in treatmentrecord.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28255 βΌ
π Read
via "National Vulnerability Database".
Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30063 βΌ
π Read
via "National Vulnerability Database".
ftcms <=2.1 was discovered to be vulnerable to code execution attacks .π Read
via "National Vulnerability Database".
βΌ CVE-2022-30453 βΌ
π Read
via "National Vulnerability Database".
ShopWind <= 3.4.2 has a RCE vulnerability in Database.phpπ Read
via "National Vulnerability Database".
βΌ CVE-2022-30060 βΌ
π Read
via "National Vulnerability Database".
ftcms <=2.1 was discovered to be vulnerable to Arbitrary File Write via admin/controllers/tp.phpπ Read
via "National Vulnerability Database".
π΄ PlainID Debuts Authorization-as-a-Service Platform π΄
π Read
via "Dark Reading".
Platform powered by policy-based access control (PBAC).π Read
via "Dark Reading".
Darkreading
PlainID Debuts Authorization-as-a-Service Platform
Platform powered by policy-based access control (PBAC).
βΌ CVE-2022-30557 βΌ
π Read
via "National Vulnerability Database".
Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29596 βΌ
π Read
via "National Vulnerability Database".
MicroStrategy Enterprise Manager 2022 allows authentication bypass by triggering a login failure and then entering the Uid=/../../../../../../../../../../../windows/win.ini%00.jpg&Pwd=_any_password_&ConnMode=1&3054=Login substring for directory traversal.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29855 βΌ
π Read
via "National Vulnerability Database".
Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.π Read
via "National Vulnerability Database".
β Novel βNerbianβ Trojan Uses Advanced Anti-Detection Tricks β
π Read
via "Threat Post".
The stealthy, feature-rich malware has multistage evasion tactics to fly under the radar of security analysis, researchers at Proofpoint have found.π Read
via "Threat Post".
Threat Post
Novel βNerbianβ Trojan Uses Advanced Anti-Detection Tricks
The stealthy, feature-rich malware has multistage evasion tactics to fly under the radar of security analysis, researchers at Proofpoint have found.
βοΈ DEA Investigating Breach of Law Enforcement Data Portal βοΈ
π Read
via "Krebs on Security".
The U.S. Drug Enforcement Administration (DEA) says it is investigating reports that hackers gained unauthorized access to an agency portal that taps into 16 different federal law enforcement databases. KrebsOnSecurity has learned the alleged compromise is tied to a cybercrime and online harassment community that routinely impersonates police and government officials to harvest personal information on their targets.π Read
via "Krebs on Security".
Krebs on Security
DEA Investigating Breach of Law Enforcement Data Portal
The U.S. Drug Enforcement Administration (DEA) says it is investigating reports that hackers gained unauthorized access to an agency portal that taps into 16 different federal law enforcement databases. KrebsOnSecurity has learned the alleged compromise isβ¦
π΄ On Air With Dark Reading News Desk at Black Hat Asia 2022 π΄
π Read
via "Dark Reading".
This year's Black Hat Asia is hybrid, with some sessions broadcast on the virtual platform and others live on stage in Singapore. News Desk is available on-demand with prerecorded interviews.π Read
via "Dark Reading".
Darkreading
On the Air With Dark Reading News Desk at Black Hat Asia 2022
This year's Black Hat Asia is hybrid, with some sessions broadcast on the virtual platform and others live on stage in Singapore. News Desk is available on-demand with prerecorded interviews.
βΌ CVE-2022-1674 βΌ
π Read
via "National Vulnerability Database".
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input.π Read
via "National Vulnerability Database".