🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-32030 ‼

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function formSetQosBand.

📖 Read

via "National Vulnerability Database".

125 views20:39

‼ CVE-2022-0167 ‼

An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not disabling the Autocomplete attribute of fields related to sensitive information making it possible to be retrieved under certain conditions.

📖 Read

via "National Vulnerability Database".

125 views20:39

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-32043 ‼

Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAccessCodeInfo.

📖 Read

via "National Vulnerability Database".

125 views20:39

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-32037 ‼

Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAPCfg.

📖 Read

via "National Vulnerability Database".

123 views20:40

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-32044 ‼

TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the password parameter in the function FUN_00413f80.

📖 Read

via "National Vulnerability Database".

124 views20:40

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-32040 ‼

Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetCfm.

📖 Read

via "National Vulnerability Database".

129 views20:40

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-22367 ‼

IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 could disclose sensitive database information to a local user in plain text. IBM X-Force ID: 221008.

📖 Read

via "National Vulnerability Database".

145 views20:40

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-32051 ‼

TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc, week, sTime, eTime parameters in the function FUN_004133c4.

📖 Read

via "National Vulnerability Database".

152 views20:40

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-31604 ‼

NVFLARE, versions prior to 2.1.2, contains a vulnerability in its PKI implementation module, where The CA credentials are transported via pickle and no safe deserialization. The deserialization of Untrusted Data may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity.

📖 Read

via "National Vulnerability Database".

167 views20:40

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-32049 ‼

TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the url parameter in the function FUN_00418540.

📖 Read

via "National Vulnerability Database".

179 views20:40

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-32036 ‼

Tenda M3 V1.0.0.12 was discovered to contain multiple stack overflow vulnerabilities via the ssidList, storeName, and trademark parameters in the function formSetStoreWeb.

📖 Read

via "National Vulnerability Database".

200 views20:40

🛡 Cybersecurity & Privacy 🛡 - News

🕴 ICYMI: A Microsoft Warning, Follina, Atlassian, and More 🕴

Dark Reading's digest of the other don't-miss stories of the week, including YouTube account takeovers and a sad commentary on cyber-pro hopelessness.

📖 Read

via "Dark Reading".

Dark Reading

ICYMI: A Microsoft Warning, Follina, Atlassian, and More

Dark Reading's digest of the other don't-miss stories of the week, including YouTube account takeovers and a sad commentary on cyber-pro hopelessness.

218 views21:44

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-25876 ‼

The package link-preview-js before 2.1.16 are vulnerable to Server-side Request Forgery (SSRF) which allows attackers to send arbitrary requests to the local network and read the response. This is due to flawed DNS rebinding protection.

📖 Read

via "National Vulnerability Database".

191 views22:39

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-32095 ‼

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at orders.php.

📖 Read

via "National Vulnerability Database".

174 views22:39

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-25900 ‼

All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of git.

📖 Read

via "National Vulnerability Database".

168 views22:39

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-31943 ‼

MCMS v5.2.8 was discovered to contain an arbitrary file upload vulnerability.

📖 Read

via "National Vulnerability Database".

157 views22:39

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-32082 ‼

MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc.

📖 Read

via "National Vulnerability Database".

152 views22:39

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-32085 ‼

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor.

📖 Read

via "National Vulnerability Database".

148 views22:39

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-32384 ‼

Tenda AC23 v16.03.07.44 was discovered to contain a stack overflow via the security_5g parameter in the function formWifiBasicSet.

📖 Read

via "National Vulnerability Database".

155 views22:39

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-32089 ‼

MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level.

📖 Read

via "National Vulnerability Database".

162 views22:39

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-32094 ‼

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at doctorlogin.php.

📖 Read

via "National Vulnerability Database".

166 views22:39

About

Blog

Apps

Platform