‼ CVE-2022-24418 ‼
📖 Read
via "National Vulnerability Database".
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29091 ‼
📖 Read
via "National Vulnerability Database".
Dell Unity, Dell UnityVSA, and Dell UnityXT versions prior to 5.2.0.0.5.173 contain a Reflected Cross-Site Scripting Vulnerability in Unisphere GUI. An Unauthenticated Remote Attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27777 ‼
📖 Read
via "National Vulnerability Database".
A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30473 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC Series Router AC18_V15.03.05.19(6318) has a stack-based buffer overflow vulnerability in function form_fast_setting_wifi_set📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29082 ‼
📖 Read
via "National Vulnerability Database".
Dell EMC NetWorker versions 19.1.x, 19.1.0.x, 19.1.1.x, 19.2.x, 19.2.0.x, 19.2.1.x 19.3.x, 19.3.0.x, 19.4.x, 19.4.0.x, 19.5.x,19.5.0.x, 19.6 and 19.6.0.1 and 19.6.0.2 contain an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port 5671 which could allow remote attackers to spoof certificates.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26865 ‼
📖 Read
via "National Vulnerability Database".
Dell Support Assist OS Recovery versions before 5.5.2 contain an Authentication Bypass vulnerability. An unauthenticated attacker with physical access to the system may exploit this vulnerability by bypassing OS Recovery authentication in order to run arbitrary code on the system as Administrator.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30787 ‼
📖 Read
via "National Vulnerability Database".
An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21831 ‼
📖 Read
via "National Vulnerability Database".
A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24414 ‼
📖 Read
via "National Vulnerability Database".
Dell EMC CloudLink 7.1.3 and all earlier versions, Auth Token is exposed in GET requests. These request parameters can get logged in reverse proxies and server logs. Attackers may potentially use these tokens to access CloudLink server. Tokens should not be used in request URL to avoid such attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30500 ‼
📖 Read
via "National Vulnerability Database".
Jfinal cms 5.1.0 is vulnerable to SQL Injection.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30783 ‼
📖 Read
via "National Vulnerability Database".
An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33014 ‼
📖 Read
via "National Vulnerability Database".
An attacker can gain VxWorks Shell after login due to hard-coded credentials on a KUKA KR C4 control software for versions prior to 8.7 or any product running KSS.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24417 ‼
📖 Read
via "National Vulnerability Database".
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30495 ‼
📖 Read
via "National Vulnerability Database".
In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR - Broken Access Control allowing attackers to change the admin password(vertical privilege escalation)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26857 ‼
📖 Read
via "National Vulnerability Database".
Dell OpenManage Enterprise Versions 3.8.3 and prior contain an improper authorization vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass blocked functionalities and perform unauthorized actions.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1261 ‼
📖 Read
via "National Vulnerability Database".
Matrikon, a subsidary of Honeywell Matrikon OPC Server (all versions) is vulnerable to a condition where a low privileged user allowed to connect to the OPC server to use the functions of the IPersisFile to execute operating system processes with system-level privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30476 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetFirewallCfg request.📖 Read
via "National Vulnerability Database".
🕴 Twitter Fined $150M for Security Data Misuse 🕴
📖 Read
via "Dark Reading".
Twitter is charged with using emails and phone numbers ostensibly collected for account security to sell targeted ads.📖 Read
via "Dark Reading".
Dark Reading
Twitter Fined $150M for Security Data Misuse
Twitter is charged with using emails and phone numbers ostensibly collected for account security to sell targeted ads.
‼ CVE-2022-26727 ‼
📖 Read
via "National Vulnerability Database".
This issue was addressed with improved entitlements. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. A malicious application may be able to modify protected parts of the file system.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26736 ‼
📖 Read
via "National Vulnerability Database".
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26701 ‼
📖 Read
via "National Vulnerability Database".
A race condition was addressed with improved locking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.📖 Read
via "National Vulnerability Database".