βΌ CVE-2014-1926 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.π Read
via "National Vulnerability Database".
π΄ China's Tonto Team APT Ramps Up Spy Operations Against Russia π΄
π Read
via "Dark Reading".
In a significant spike of activity, the state-sponsored group is going after intelligence on Russian government agencies.π Read
via "Dark Reading".
Dark Reading
China's Tonto Team APT Ramps Up Spy Operations Against Russia
In a significant spike of activity, the state-sponsored group is going after intelligence on Russian government agencies.
π΄ Fortress Information Security Sponsors Open Web Application Security Project To Work on Industry-Wide Software Bill of Materials Standards π΄
π Read
via "Dark Reading".
.π Read
via "Dark Reading".
Dark Reading
Fortress Information Security Sponsors Open Web Application Security Project To Work on Industry-Wide Software Bill of Materialsβ¦
βΌ CVE-2022-31135 βΌ
π Read
via "National Vulnerability Database".
Akashi is an open source server implementation of the Attorney Online video game based on the Ace Attorney universe. Affected versions of Akashi are subject to a denial of service attack. An attacker can use a specially crafted evidence packet to make an illegal modification, causing a server crash. This can be used to mount a denial-of-service exploit. Users are advised to upgrade. There is no known workaround for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31136 βΌ
π Read
via "National Vulnerability Database".
Bookwyrm is an open source social reading and reviewing program. Versions of Bookwyrm prior to 0.4.1 did not properly sanitize html being rendered to users. Unprivileged users are able to inject scripts into user profiles, book descriptions, and statuses. These vulnerabilities may be exploited as cross site scripting attacks on users viewing these fields. Users are advised to upgrade to version 0.4.1. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31133 βΌ
π Read
via "National Vulnerability Database".
HumHub is an Open Source Enterprise Social Network. Affected versions of HumHub are vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. For exploitation, the attacker would need a permission to administer the Spaces feature. The names of individual "spaces" are not properly escaped and so an attacker with sufficient privilege could insert malicious javascript into a space name and exploit system users who visit that space. It is recommended that the HumHub is upgraded to 1.11.4, 1.10.5. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32056 βΌ
π Read
via "National Vulnerability Database".
Online Accreditation Management v1.0 was discovered to contain a SQL injection vulnerability via the USERNAME parameter at process.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32054 βΌ
π Read
via "National Vulnerability Database".
Tenda AC10 US_AC10V1.0RTL_V15.03.06.26_multi_TD01 was discovered to contain a remote code execution (RCE) vulnerability via the lanIp parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2015-5298 βΌ
π Read
via "National Vulnerability Database".
The Google Login Plugin (versions 1.0 and 1.1) allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps domain through client-side request modification.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32055 βΌ
π Read
via "National Vulnerability Database".
Inout Homestay v2.2 was discovered to contain a SQL injection vulnerability via the guests parameter at /index.php?page=search/rentals.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28889 βΌ
π Read
via "National Vulnerability Database".
In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. Druid 0.23.0 and later prevent clickjacking using the Content-Security-Policy header.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31121 βΌ
π Read
via "National Vulnerability Database".
Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. A fix has been added in commit 0f1835949 which checks for missing consensus messages and returns an error to the consensus client should the message be missing. Users are advised to upgrade to versions 2.2.7 or v2.4.5. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31645 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in glFTPd 2.11a that allows remote attackers to cause a denial of service via exceeding the connection limit.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32058 βΌ
π Read
via "National Vulnerability Database".
An infinite loop in the function httpRpmPass of TP-Link TL-WR741N/TL-WR742N V1/V2/V3_130415 allows attackers to cause a Denial of Service (DoS) via a crafted packet.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44791 βΌ
π Read
via "National Vulnerability Database".
In Apache Druid 0.22.1 and earlier, certain specially-crafted links result in unescaped URL parameters being sent back in HTML responses. This makes it possible to execute reflected XSS attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32449 βΌ
π Read
via "National Vulnerability Database".
TOTOLINK EX300_V2 V4.0.3c.7484 was discovered to contain a command injection vulnerability via the langType parameter in the setLanguageCfg function. This vulnerability is exploitable via a crafted MQTT data packet.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34592 βΌ
π Read
via "National Vulnerability Database".
Wavlink WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability via the function obtw. This vulnerability allows attackers to execute arbitrary commands via a crafted POST request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33098 βΌ
π Read
via "National Vulnerability Database".
Magnolia CMS v6.2.19 was discovered to contain a cross-site scripting (XSS) vulnerability via the Edit Contact function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35283 βΌ
π Read
via "National Vulnerability Database".
SQL Injection vulnerability in product_admin.php in atoms183 CMS 1.0, allows attackers to execute arbitrary commands via the Name, Fname, and ID parameters to search.php.π Read
via "National Vulnerability Database".
βΌ CVE-2019-19159 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33680 βΌ
π Read
via "National Vulnerability Database".
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33638, CVE-2022-33639.π Read
via "National Vulnerability Database".