βΌ CVE-2021-46825 βΌ
π Read
via "National Vulnerability Database".
Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy with the same web server, the attacker can send crafted HTTP requests and cause the proxy to forward web server responses to unintended clients. Severity/CVSSv3: High / 8.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:Nπ Read
via "National Vulnerability Database".
βΌ CVE-2014-3588 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2014-0024 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2014-2887 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2014-1926 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.π Read
via "National Vulnerability Database".
π΄ China's Tonto Team APT Ramps Up Spy Operations Against Russia π΄
π Read
via "Dark Reading".
In a significant spike of activity, the state-sponsored group is going after intelligence on Russian government agencies.π Read
via "Dark Reading".
Dark Reading
China's Tonto Team APT Ramps Up Spy Operations Against Russia
In a significant spike of activity, the state-sponsored group is going after intelligence on Russian government agencies.
π΄ Fortress Information Security Sponsors Open Web Application Security Project To Work on Industry-Wide Software Bill of Materials Standards π΄
π Read
via "Dark Reading".
.π Read
via "Dark Reading".
Dark Reading
Fortress Information Security Sponsors Open Web Application Security Project To Work on Industry-Wide Software Bill of Materialsβ¦
βΌ CVE-2022-31135 βΌ
π Read
via "National Vulnerability Database".
Akashi is an open source server implementation of the Attorney Online video game based on the Ace Attorney universe. Affected versions of Akashi are subject to a denial of service attack. An attacker can use a specially crafted evidence packet to make an illegal modification, causing a server crash. This can be used to mount a denial-of-service exploit. Users are advised to upgrade. There is no known workaround for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31136 βΌ
π Read
via "National Vulnerability Database".
Bookwyrm is an open source social reading and reviewing program. Versions of Bookwyrm prior to 0.4.1 did not properly sanitize html being rendered to users. Unprivileged users are able to inject scripts into user profiles, book descriptions, and statuses. These vulnerabilities may be exploited as cross site scripting attacks on users viewing these fields. Users are advised to upgrade to version 0.4.1. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31133 βΌ
π Read
via "National Vulnerability Database".
HumHub is an Open Source Enterprise Social Network. Affected versions of HumHub are vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. For exploitation, the attacker would need a permission to administer the Spaces feature. The names of individual "spaces" are not properly escaped and so an attacker with sufficient privilege could insert malicious javascript into a space name and exploit system users who visit that space. It is recommended that the HumHub is upgraded to 1.11.4, 1.10.5. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32056 βΌ
π Read
via "National Vulnerability Database".
Online Accreditation Management v1.0 was discovered to contain a SQL injection vulnerability via the USERNAME parameter at process.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32054 βΌ
π Read
via "National Vulnerability Database".
Tenda AC10 US_AC10V1.0RTL_V15.03.06.26_multi_TD01 was discovered to contain a remote code execution (RCE) vulnerability via the lanIp parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2015-5298 βΌ
π Read
via "National Vulnerability Database".
The Google Login Plugin (versions 1.0 and 1.1) allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps domain through client-side request modification.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32055 βΌ
π Read
via "National Vulnerability Database".
Inout Homestay v2.2 was discovered to contain a SQL injection vulnerability via the guests parameter at /index.php?page=search/rentals.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28889 βΌ
π Read
via "National Vulnerability Database".
In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. Druid 0.23.0 and later prevent clickjacking using the Content-Security-Policy header.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31121 βΌ
π Read
via "National Vulnerability Database".
Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. A fix has been added in commit 0f1835949 which checks for missing consensus messages and returns an error to the consensus client should the message be missing. Users are advised to upgrade to versions 2.2.7 or v2.4.5. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31645 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in glFTPd 2.11a that allows remote attackers to cause a denial of service via exceeding the connection limit.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32058 βΌ
π Read
via "National Vulnerability Database".
An infinite loop in the function httpRpmPass of TP-Link TL-WR741N/TL-WR742N V1/V2/V3_130415 allows attackers to cause a Denial of Service (DoS) via a crafted packet.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44791 βΌ
π Read
via "National Vulnerability Database".
In Apache Druid 0.22.1 and earlier, certain specially-crafted links result in unescaped URL parameters being sent back in HTML responses. This makes it possible to execute reflected XSS attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32449 βΌ
π Read
via "National Vulnerability Database".
TOTOLINK EX300_V2 V4.0.3c.7484 was discovered to contain a command injection vulnerability via the langType parameter in the setLanguageCfg function. This vulnerability is exploitable via a crafted MQTT data packet.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34592 βΌ
π Read
via "National Vulnerability Database".
Wavlink WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability via the function obtw. This vulnerability allows attackers to execute arbitrary commands via a crafted POST request.π Read
via "National Vulnerability Database".