🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-32081

MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc.

📖 Read

via "National Vulnerability Database".
173 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-32084

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.

📖 Read

via "National Vulnerability Database".
192 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-32083

MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker.

📖 Read

via "National Vulnerability Database".
204 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-25896

This affects the package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed.

📖 Read

via "National Vulnerability Database".
221 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-32420

College Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via /College/admin/teacher.php. This vulnerability is exploited via a crafted PHP file.

📖 Read

via "National Vulnerability Database".
238 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-32088

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort.

📖 Read

via "National Vulnerability Database".
284 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-32093

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at adminlogin.php.

📖 Read

via "National Vulnerability Database".
348 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-32087

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args.

📖 Read

via "National Vulnerability Database".
389 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-32091

MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc.

📖 Read

via "National Vulnerability Database".
454 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-28200

NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool, where a local user with elevated privileges can read and write beyond intended bounds in SMRAM, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components.

📖 Read

via "National Vulnerability Database".
487 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-28200

NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool, where a local user with elevated privileges can read and write beyond intended bounds in SMRAM, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components.

📖 Read

via "National Vulnerability Database".
533 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-33014

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

📖 Read

via "National Vulnerability Database".
477 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-33016

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

📖 Read

via "National Vulnerability Database".
546 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-2284

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.

📖 Read

via "National Vulnerability Database".
603 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-33015

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

📖 Read

via "National Vulnerability Database".
694 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-2287

Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.

📖 Read

via "National Vulnerability Database".
702 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-2288

Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.

📖 Read

via "National Vulnerability Database".
634 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-2289

Use After Free in GitHub repository vim/vim prior to 9.0.

📖 Read

via "National Vulnerability Database".
646 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-33971

Authentication bypass by capture-replay vulnerability exists in Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, and Machine automation controller NJ series all models V 1.48 and earlier, which may allow an adjacent attacker who can analyze the communication between the controller and the specific software used by OMRON internally to cause a denial-of-service (DoS) condition or execute a malicious program.

📖 Read

via "National Vulnerability Database".
567 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-32284

Use of insufficiently random values vulnerability exists in Vnet/IP communication module VI461 of YOKOGAWA Wide Area Communication Router (WAC Router) AW810D, which may allow a remote attacker to cause denial-of-service (DoS) condition by sending a specially crafted packet.

📖 Read

via "National Vulnerability Database".
👍1
492 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-33948

HOME SPOT CUBE2 V102 contains an OS command injection vulnerability due to improper processing of data received from DHCP server. An adjacent attacker may execute an arbitrary OS command on the product if a malicious DHCP server is placed on the WAN side of the product.

📖 Read

via "National Vulnerability Database".
436 views