‼ CVE-2022-28677 ‼
📖 Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16663.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22131 ‼
📖 Read
via "National Vulnerability Database".
A improper validation of certificate with host mismatch in Fortinet FortiTokenAndroid version 5.0.3 and below, Fortinet FortiTokeniOS version 5.2.0 and below, Fortinet FortiTokenWinApp version 4.0.3 and below allows attacker to retrieve information disclosed via man-in-the-middle attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28679 ‼
📖 Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16861.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28678 ‼
📖 Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16805.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26117 ‼
📖 Read
via "National Vulnerability Database".
An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28669 ‼
📖 Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16420.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28681 ‼
📖 Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the deletePages method. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16825.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22445 ‼
📖 Read
via "National Vulnerability Database".
An attacker that gains service access to the FSP (POWER9 only) or gains admin authority to a partition can compromise partition firmware.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26120 ‼
📖 Read
via "National Vulnerability Database".
Multiple improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerabilities [CWE-89] in FortiADC management interface 7.0.0 through 7.0.1, 5.0.0 through 6.2.2 may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28683 ‼
📖 Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the deletePages method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16828.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28670 ‼
📖 Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of AcroForms. Crafted data in an AcroForm can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16523.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29790 ‼
📖 Read
via "National Vulnerability Database".
IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 203440.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34875 ‼
📖 Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of ADBC objects. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16981.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34873 ‼
📖 Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16777.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28680 ‼
📖 Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16821.📖 Read
via "National Vulnerability Database".
🔏 Expect Log4j to be Exploited "For Years to Come," CSRB Says 🔏
📖 Read
via "".
A new report, the first from DHS' Cyber Safety Review Board, includes recommendations to investigate and address the Log4j vulnerability.📖 Read
via "".
🕴 FBI: Beware of Scam Cryptocurrency Investment Apps 🕴
📖 Read
via "Dark Reading".
Law enforcement estimates campaign has already bilked cryptocurrency investors out of $42.7 million.📖 Read
via "Dark Reading".
Dark Reading
FBI: Beware of Scam Cryptocurrency Investment Apps
Law enforcement estimates campaign has already bilked cryptocurrency investors out of $42.7 million.
🕴 Retbleed Fixed in Linux Kernel, Patch Delayed 🕴
📖 Read
via "Dark Reading".
Linus Torvalds says Retbleed has been addressed in the Linux kernel, but code complexity means the release will be delayed by a week to give more time for testing.📖 Read
via "Dark Reading".
Dark Reading
Retbleed Fixed in Linux Kernel, Patch Delayed
Linus Torvalds says Retbleed has been addressed in the Linux kernel, but code complexity means the release will be delayed by a week to give more time for testing.
👍1
‼ CVE-2022-34033 ‼
📖 Read
via "National Vulnerability Database".
HTMLDoc v1.9.15 was discovered to contain a heap overflow via (write_header) /htmldoc/htmldoc/html.cxx:273.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34030 ‼
📖 Read
via "National Vulnerability Database".
Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_djb_hash at src/njs_djb_hash.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34032 ‼
📖 Read
via "National Vulnerability Database".
Nginx NJS v0.7.5 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c.📖 Read
via "National Vulnerability Database".