‼ CVE-2022-30168 ‼
📖 Read
via "National Vulnerability Database".
Microsoft Photos App Remote Code Execution Vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29143 ‼
📖 Read
via "National Vulnerability Database".
Microsoft SQL Server Remote Code Execution Vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31072 ‼
📖 Read
via "National Vulnerability Database".
Octokit is a Ruby toolkit for the GitHub API. Versions 4.23.0 and 4.24.0 of the octokit gem were published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to `-rw-rw-rw-` (i.e. 0666) instead of `rw-r--r--` (i.e. 0644). This means everyone who is not the owner (Group and Public) with access to the instance where this release had been installed could modify the world-writable files from this gem. This issue is patched in Octokit 4.25.0. Two workarounds are available. Users can use the previous version of the gem, v4.22.0. Alternatively, users can modify the file permissions manually until they are able to upgrade to the latest version.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30159 ‼
📖 Read
via "National Vulnerability Database".
Microsoft Office Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-30171, CVE-2022-30172.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30131 ‼
📖 Read
via "National Vulnerability Database".
Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30139 ‼
📖 Read
via "National Vulnerability Database".
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30141, CVE-2022-30143, CVE-2022-30146, CVE-2022-30149, CVE-2022-30153, CVE-2022-30161.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30189 ‼
📖 Read
via "National Vulnerability Database".
Windows Autopilot Device Management and Enrollment Client Spoofing Vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30549 ‼
📖 Read
via "National Vulnerability Database".
Out-of-bounds read vulnerability exists in V-Server v4.0.11.0 and earlier and V-Server Lite v4.0.13.0 and earlier, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30538 ‼
📖 Read
via "National Vulnerability Database".
Out-of-bounds write vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30546 ‼
📖 Read
via "National Vulnerability Database".
Out-of-bounds read vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30533 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in Modern Events Calendar Lite versions prior to 6.3.0 allows remote an authenticated attacker to inject an arbitrary script via unspecified vectors.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2017-20052 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in Python 2.7.13. This vulnerability affects unknown code of the component pgAdmin4. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31626 ‼
📖 Read
via "National Vulnerability Database".
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2017-20051 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in InnoSetup Installer. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to uncontrolled search path. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31625 ‼
📖 Read
via "National Vulnerability Database".
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.📖 Read
via "National Vulnerability Database".
🗓️ Business email platform Zimbra patches memcached injection flaw that imperils user credentials 🗓️
📖 Read
via "The Daily Swig".
Attackers could also potentially gain access to various internal services, researcher warns📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Business email platform Zimbra patches memcached injection flaw that imperils user credentials
Attackers could also potentially gain access to various internal services, researcher warns
❌ Facebook Messenger Scam Duped Millions ❌
📖 Read
via "Threat Post".
One well crafted phishing message sent via Facebook Messenger ensnared 10 million Facebook users and counting.📖 Read
via "Threat Post".
Threat Post
Facebook Messenger Scam Duped Millions
One well crafted phishing message sent via Facebook Messenger ensnared 10 million Facebook users and counting.
❌ Ransomware Risk in Healthcare Endangers Patients ❌
📖 Read
via "Threat Post".
Ryan Witt, Proofpoint's Healthcare Cybersecurity Leader, examines the impact of ransomware on patient care.📖 Read
via "Threat Post".
Threat Post
Ransomware Risk in Healthcare Endangers Patients
Ryan Witt, Proofpoint's Healthcare Cybersecurity Leader, examines the impact of ransomware on patient care.
❌ State-Sponsored Phishing Attack Targeted Israeli Military Officials ❌
📖 Read
via "Threat Post".
Analysts have uncovered an Iran-linked APT sending malicious emails to top Israeli government officials.📖 Read
via "Threat Post".
Threat Post
State-Sponsored Phishing Attack Targeted Israeli Military Officials
Analysts have uncovered an Iran-linked APT sending malicious emails to top Israeli government officials.
‼ CVE-2021-41411 ‼
📖 Read
via "National Vulnerability Database".
drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2098 ‼
📖 Read
via "National Vulnerability Database".
Weak Password Requirements in GitHub repository kromitgmbh/titra prior to 0.78.1.📖 Read
via "National Vulnerability Database".