βΌ CVE-2021-46811 βΌ
π Read
via "National Vulnerability Database".
HwSEServiceAPP has a vulnerability in permission management. Successful exploitation of this vulnerability may cause disclosure of the Card Production Life Cycle (CPLC) information.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23168 βΌ
π Read
via "National Vulnerability Database".
The attacker could get access to the database. The SQL injection is in the username parameter at the login panel: username: admin'--π Read
via "National Vulnerability Database".
βΌ CVE-2021-41446 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29455 βΌ
π Read
via "National Vulnerability Database".
DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elementor's Elementor Website Builder plugin <= 3.5.5 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46815 βΌ
π Read
via "National Vulnerability Database".
Configuration defects in the secure OS module. Successful exploitation of this vulnerability can affect availability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28217 βΌ
π Read
via "National Vulnerability Database".
Some part of SAP NetWeaver (EP Web Page Composer) does not sufficiently validate an XML document accepted from an untrusted source, which allows an adversary to exploit unprotected XML parking at endpoints, and a possibility to conduct SSRF attacks that could compromise systemΓ’β¬β’s Availability by causing system to crash.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46812 βΌ
π Read
via "National Vulnerability Database".
The Device Manager has a vulnerability in multi-device interaction. Successful exploitation of this vulnerability may affect data integrity.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31055 βΌ
π Read
via "National Vulnerability Database".
kCTF is a Kubernetes-based infrastructure for capture the flag (CTF) competitions. Prior to version 1.6.0, the kctf cluster set-src-ip-ranges was broken and allowed traffic from any IP. The problem has been patched in v1.6.0. As a workaround, those who want to test challenges privately can mark them as `public: false` and use `kctf chal debug port-forward` to connect.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23169 βΌ
π Read
via "National Vulnerability Database".
attacker needs to craft a SQL payload. the vulnerable parameter is "agentid" must be authenticated to the admin panel.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41447 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23167 βΌ
π Read
via "National Vulnerability Database".
Attacker crafts a GET request to: /mobile/downloadfile.aspx? Filename =../.. /windows/boot.ini the LFI is UNAUTHENTICATED.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41448 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41453 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31754 βΌ
π Read
via "National Vulnerability Database".
Logical defects in code implementation in some products. Successful exploitation of this vulnerability may affect the availability of some features.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31752 βΌ
π Read
via "National Vulnerability Database".
Missing authorization vulnerability in the system components. Successful exploitation of this vulnerability will affect confidentiality.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31760 βΌ
π Read
via "National Vulnerability Database".
Dialog boxes can still be displayed even if the screen is locked in carrier-customized USSD services. Successful exploitation of this vulnerability may affect data integrity and confidentiality.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31761 βΌ
π Read
via "National Vulnerability Database".
Configuration defects in the secure OS module. Successful exploitation of this vulnerability will affect confidentiality.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31753 βΌ
π Read
via "National Vulnerability Database".
The voice wakeup module has a vulnerability of using externally-controlled format strings. Successful exploitation of this vulnerability may affect system availability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31757 βΌ
π Read
via "National Vulnerability Database".
The setting module has a vulnerability of improper use of APIs. Successful exploitation of this vulnerability may affect data confidentiality.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41452 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.π Read
via "National Vulnerability Database".
π΄ Exposed Travis CI API Leaves All Free-Tier Users Open to Attack π΄
π Read
via "Dark Reading".
Public Travis CI logs loaded with GitHub, AWS, Docker Hub account tokens, and other sensitive data could be leveraged for lateral cloud attacks.π Read
via "Dark Reading".
Dark Reading
Exposed Travis CI API Leaves All Free-Tier Users Open to Attack
Public Travis CI logs loaded with GitHub, AWS, Docker Hub account tokens, and other sensitive data could be leveraged for lateral cloud attacks.