🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-32044 ‼

TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the password parameter in the function FUN_00413f80.

📖 Read

via "National Vulnerability Database".

124 views20:40

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-32040 ‼

Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetCfm.

📖 Read

via "National Vulnerability Database".

129 views20:40

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-22367 ‼

IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 could disclose sensitive database information to a local user in plain text. IBM X-Force ID: 221008.

📖 Read

via "National Vulnerability Database".

145 views20:40

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-32051 ‼

TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc, week, sTime, eTime parameters in the function FUN_004133c4.

📖 Read

via "National Vulnerability Database".

152 views20:40

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-31604 ‼

NVFLARE, versions prior to 2.1.2, contains a vulnerability in its PKI implementation module, where The CA credentials are transported via pickle and no safe deserialization. The deserialization of Untrusted Data may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity.

📖 Read

via "National Vulnerability Database".

167 views20:40

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-32049 ‼

TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the url parameter in the function FUN_00418540.

📖 Read

via "National Vulnerability Database".

179 views20:40

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-32036 ‼

Tenda M3 V1.0.0.12 was discovered to contain multiple stack overflow vulnerabilities via the ssidList, storeName, and trademark parameters in the function formSetStoreWeb.

📖 Read

via "National Vulnerability Database".

200 views20:40

🛡 Cybersecurity & Privacy 🛡 - News

🕴 ICYMI: A Microsoft Warning, Follina, Atlassian, and More 🕴

Dark Reading's digest of the other don't-miss stories of the week, including YouTube account takeovers and a sad commentary on cyber-pro hopelessness.

📖 Read

via "Dark Reading".

Dark Reading

ICYMI: A Microsoft Warning, Follina, Atlassian, and More

Dark Reading's digest of the other don't-miss stories of the week, including YouTube account takeovers and a sad commentary on cyber-pro hopelessness.

218 views21:44

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-25876 ‼

The package link-preview-js before 2.1.16 are vulnerable to Server-side Request Forgery (SSRF) which allows attackers to send arbitrary requests to the local network and read the response. This is due to flawed DNS rebinding protection.

📖 Read

via "National Vulnerability Database".

191 views22:39

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-32095 ‼

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at orders.php.

📖 Read

via "National Vulnerability Database".

174 views22:39

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-25900 ‼

All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of git.

📖 Read

via "National Vulnerability Database".

168 views22:39

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-31943 ‼

MCMS v5.2.8 was discovered to contain an arbitrary file upload vulnerability.

📖 Read

via "National Vulnerability Database".

157 views22:39

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-32082 ‼

MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc.

📖 Read

via "National Vulnerability Database".

152 views22:39

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-32085 ‼

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor.

📖 Read

via "National Vulnerability Database".

148 views22:39

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-32384 ‼

Tenda AC23 v16.03.07.44 was discovered to contain a stack overflow via the security_5g parameter in the function formWifiBasicSet.

📖 Read

via "National Vulnerability Database".

155 views22:39

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-32089 ‼

MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level.

📖 Read

via "National Vulnerability Database".

162 views22:39

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-32094 ‼

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at doctorlogin.php.

📖 Read

via "National Vulnerability Database".

166 views22:39

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-25758 ‼

All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service (ReDoS) via the loadAnnotation() function, due to the usage of insecure regex.

📖 Read

via "National Vulnerability Database".

164 views22:39

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-25898 ‼

The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT signature with non Base64URL encoding special characters or number escaped characters may be validated as valid by mistake. Workaround: Validate JWS or JWT signature if it has Base64URL and dot safe string before executing JWS.verify() or JWS.verifyJWT() method.

📖 Read

via "National Vulnerability Database".

173 views22:40

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-32081 ‼

MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc.

📖 Read

via "National Vulnerability Database".

173 views22:40

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-32084 ‼

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.

📖 Read

via "National Vulnerability Database".

192 views22:40

About

Blog

Apps

Platform