βΌ CVE-2014-3658 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2014-3516 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23744 βΌ
π Read
via "National Vulnerability Database".
ZoneAlarm Anti-Bad-Stuff before version 15.8.109.18436 allow an attacker to do really bad stuff when the user aims a light-saber to the ZoneAlarm UI.π Read
via "National Vulnerability Database".
βΌ CVE-2015-5236 βΌ
π Read
via "National Vulnerability Database".
It was discovered that the IcedTea-Web used codebase attribute of the <applet> tag on the HTML page that hosts Java applet in the Same Origin Policy (SOP) checks. As the specified codebase does not have to match the applet's actual origin, this allowed malicious site to bypass SOP via spoofed codebase value.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46825 βΌ
π Read
via "National Vulnerability Database".
Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy with the same web server, the attacker can send crafted HTTP requests and cause the proxy to forward web server responses to unintended clients. Severity/CVSSv3: High / 8.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:Nπ Read
via "National Vulnerability Database".
βΌ CVE-2014-3588 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2014-0024 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2014-2887 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2014-1926 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.π Read
via "National Vulnerability Database".
π΄ China's Tonto Team APT Ramps Up Spy Operations Against Russia π΄
π Read
via "Dark Reading".
In a significant spike of activity, the state-sponsored group is going after intelligence on Russian government agencies.π Read
via "Dark Reading".
Dark Reading
China's Tonto Team APT Ramps Up Spy Operations Against Russia
In a significant spike of activity, the state-sponsored group is going after intelligence on Russian government agencies.
π΄ Fortress Information Security Sponsors Open Web Application Security Project To Work on Industry-Wide Software Bill of Materials Standards π΄
π Read
via "Dark Reading".
.π Read
via "Dark Reading".
Dark Reading
Fortress Information Security Sponsors Open Web Application Security Project To Work on Industry-Wide Software Bill of Materialsβ¦
βΌ CVE-2022-31135 βΌ
π Read
via "National Vulnerability Database".
Akashi is an open source server implementation of the Attorney Online video game based on the Ace Attorney universe. Affected versions of Akashi are subject to a denial of service attack. An attacker can use a specially crafted evidence packet to make an illegal modification, causing a server crash. This can be used to mount a denial-of-service exploit. Users are advised to upgrade. There is no known workaround for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31136 βΌ
π Read
via "National Vulnerability Database".
Bookwyrm is an open source social reading and reviewing program. Versions of Bookwyrm prior to 0.4.1 did not properly sanitize html being rendered to users. Unprivileged users are able to inject scripts into user profiles, book descriptions, and statuses. These vulnerabilities may be exploited as cross site scripting attacks on users viewing these fields. Users are advised to upgrade to version 0.4.1. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31133 βΌ
π Read
via "National Vulnerability Database".
HumHub is an Open Source Enterprise Social Network. Affected versions of HumHub are vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. For exploitation, the attacker would need a permission to administer the Spaces feature. The names of individual "spaces" are not properly escaped and so an attacker with sufficient privilege could insert malicious javascript into a space name and exploit system users who visit that space. It is recommended that the HumHub is upgraded to 1.11.4, 1.10.5. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32056 βΌ
π Read
via "National Vulnerability Database".
Online Accreditation Management v1.0 was discovered to contain a SQL injection vulnerability via the USERNAME parameter at process.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32054 βΌ
π Read
via "National Vulnerability Database".
Tenda AC10 US_AC10V1.0RTL_V15.03.06.26_multi_TD01 was discovered to contain a remote code execution (RCE) vulnerability via the lanIp parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2015-5298 βΌ
π Read
via "National Vulnerability Database".
The Google Login Plugin (versions 1.0 and 1.1) allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps domain through client-side request modification.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32055 βΌ
π Read
via "National Vulnerability Database".
Inout Homestay v2.2 was discovered to contain a SQL injection vulnerability via the guests parameter at /index.php?page=search/rentals.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28889 βΌ
π Read
via "National Vulnerability Database".
In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. Druid 0.23.0 and later prevent clickjacking using the Content-Security-Policy header.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31121 βΌ
π Read
via "National Vulnerability Database".
Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. A fix has been added in commit 0f1835949 which checks for missing consensus messages and returns an error to the consensus client should the message be missing. Users are advised to upgrade to versions 2.2.7 or v2.4.5. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31645 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in glFTPd 2.11a that allows remote attackers to cause a denial of service via exceeding the connection limit.π Read
via "National Vulnerability Database".