βΌ CVE-2022-23342 βΌ
π Read
via "National Vulnerability Database".
The Hyland Onbase Application Server releases prior to 20.3.58.1000 and OnBase releases 21.1.1.1000 through 21.1.15.1000 are vulnerable to a username enumeration vulnerability. An attacker can obtain valid users based on the response returned for invalid and valid users by sending a POST login request to the /mobilebroker/ServiceToBroker.svc/Json/Connect endpoint. This can lead to user enumeration against the underlying Active Directory integrated systems.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27870 βΌ
π Read
via "National Vulnerability Database".
A maliciously crafted TGA file in Autodesk AutoCAD 2023 may be used to write beyond the allocated buffer while parsing TGA file. This vulnerability may be exploited to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32973 βΌ
π Read
via "National Vulnerability Database".
An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31786 βΌ
π Read
via "National Vulnerability Database".
IdeaLMS 2022 allows reflected Cross Site Scripting (XSS) via the IdeaLMS/Class/Assessment/ PATH_INFO.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29774 βΌ
π Read
via "National Vulnerability Database".
iSpyConnect iSpy v7.2.2.0 is vulnerable to path traversal.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27869 βΌ
π Read
via "National Vulnerability Database".
A maliciously crafted TIFF file in Autodesk AutoCAD 2023 can be forced to read and write beyond allocated boundaries when parsing the TIFF file. This vulnerability can be exploited to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27868 βΌ
π Read
via "National Vulnerability Database".
A maliciously crafted CAT file in Autodesk AutoCAD 2023 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33055 βΌ
π Read
via "National Vulnerability Database".
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/trains/manage_train.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33049 βΌ
π Read
via "National Vulnerability Database".
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/?page=user/manage_user.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33048 βΌ
π Read
via "National Vulnerability Database".
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/reservations/view_details.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32974 βΌ
π Read
via "National Vulnerability Database".
An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29775 βΌ
π Read
via "National Vulnerability Database".
iSpyConnect iSpy v7.2.2.0 allows attackers to bypass authentication via a crafted URL.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1665 βΌ
π Read
via "National Vulnerability Database".
A set of pre-production kernel packages of Red Hat Enterprise Linux for IBM Power architecture can be booted by the grub in Secure Boot mode even though it shouldn't. These kernel builds don't have the secure boot lockdown patches applied to it and can bypass the secure boot validations, allowing the attacker to load another non-trusted code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31478 βΌ
π Read
via "National Vulnerability Database".
The UserTakeOver plugin before 4.0.1 for ILIAS allows an attacker to list all users via the search function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33995 βΌ
π Read
via "National Vulnerability Database".
A path traversal issue in entry attachments in Devolutions Remote Desktop Manager before 2022.2 allows attackers to create or overwrite files in an arbitrary location.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33056 βΌ
π Read
via "National Vulnerability Database".
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/schedules/manage_schedule.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34008 βΌ
π Read
via "National Vulnerability Database".
Comodo Antivirus 12.2.2.8012 has a quarantine flaw that allows privilege escalation. To escalate privilege, a low-privileged attacker can use an NTFS directory junction to restore a malicious DLL from quarantine into the System32 folder.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2068 βΌ
π Read
via "National Vulnerability Database".
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).π Read
via "National Vulnerability Database".
ποΈ Single largest disclosure for vulnerabilities in industrial control security reveals 56 flaws ποΈ
π Read
via "The Daily Swig".
Scores of security issues in industrial control systems unveiledπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Single largest disclosure for vulnerabilities in industrial control security reveals 56 flaws
Scores of security issues in industrial control systems unveiled
π΄ Why Financial Institutions Must Double Down on Open Source Investments π΄
π Read
via "Dark Reading".
Open source is here to stay, and it's imperative that CIOs have a mature, open source engagement strategy, across consumption, contribution, and funding as a pillar of digital transformation.π Read
via "Dark Reading".
Dark Reading
Why Financial Institutions Must Double Down on Open Source Investments
Open source is here to stay, and it's imperative that CIOs have a mature, open source engagement strategy, across consumption, contribution, and funding as a pillar of digital transformation.
βΌ CVE-2021-40511 βΌ
π Read
via "National Vulnerability Database".
OBDA systemsΓ’β¬β’ Mastro 1.0 is vulnerable to XML Entity Expansion (aka Γ’β¬Εbillion laughsΓ’β¬οΏ½) attack allowing denial of service.π Read
via "National Vulnerability Database".