‼ CVE-2022-2142 ‼
📖 Read
via "National Vulnerability Database".
The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2143 ‼
📖 Read
via "National Vulnerability Database".
The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34520 ‼
📖 Read
via "National Vulnerability Database".
Radare2 v5.7.2 was discovered to contain a NULL pointer dereference via the function r_bin_file_xtr_load_buffer at bin/bfile.c. This vulnerability allows attackers to cause a Denial of Service (DOS) via a crafted binary file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34502 ‼
📖 Read
via "National Vulnerability Database".
Radare2 v5.7.0 was discovered to contain a heap buffer overflow via the function consume_encoded_name_new at format/wasm/wasm.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted binary file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34501 ‼
📖 Read
via "National Vulnerability Database".
The bin-collection package in PyPI before v0.1 included a code execution backdoor inserted by a third party.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2470 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.21.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2137 ‼
📖 Read
via "National Vulnerability Database".
The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose information📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1655 ‼
📖 Read
via "National Vulnerability Database".
An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack. Horizon session cookies are created without the HttpOnly flag despite HorizonSecureCookies being set to true in the environmental files, possibly leading to a loss of confidentiality and integrity.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2139 ‼
📖 Read
via "National Vulnerability Database".
The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2138 ‼
📖 Read
via "National Vulnerability Database".
The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34981 ‼
📖 Read
via "National Vulnerability Database".
The PyCrowdTangle package in PyPI before v0.0.1 included a code execution backdoor inserted by a third party.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34500 ‼
📖 Read
via "National Vulnerability Database".
The bin-collect package in PyPI before v0.1 included a code execution backdoor inserted by a third party.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34503 ‼
📖 Read
via "National Vulnerability Database".
QPDF v8.4.2 was discovered to contain a heap buffer overflow via the function QPDF::processXRefStream. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34983 ‼
📖 Read
via "National Vulnerability Database".
The scu-captcha package in PyPI v0.0.1 to v0.0.4 included a code execution backdoor inserted by a third party.📖 Read
via "National Vulnerability Database".
🕴 Thales Expands Cybersecurity Portfolio With OneWelcome Acquisition 🕴
📖 Read
via "Dark Reading".
With more staff working remotely, identity, authentication, and access have never been more important.📖 Read
via "Dark Reading".
Dark Reading
Thales Expands Cybersecurity Portfolio With OneWelcome Acquisition
With more staff working remotely, identity, authentication, and access have never been more important.
🕴 Phishing Bonanza: Social Engineering Savvy Skyrockets as Malicious Actors Cash In 🕴
📖 Read
via "Dark Reading".
The ever-evolving threat from phishing is growing more sophisticated as attackers design high-pressure situations and leverage ever-more-convincing social engineering tactics to increase their success rates.📖 Read
via "Dark Reading".
Dark Reading
Phishing Bonanza: Social-Engineering Savvy Skyrockets as Malicious Actors Cash In
The ever-evolving threat from phishing is growing more sophisticated as attackers design high-pressure situations and leverage ever-more-convincing social engineering tactics to increase their success rates.
🕴 Snowballing Ransomware Variants Highlight Growing Threat to VMware ESXi Environments 🕴
📖 Read
via "Dark Reading".
Luna, Black Basta add to rapidly growing list of malware tools targeted at virtual machines deployed on VMware's bare-metal hypervisor technology.📖 Read
via "Dark Reading".
Dark Reading
Snowballing Ransomware Variants Highlight Growing Threat to VMware ESXi Environments
Luna, Black Basta add to rapidly growing list of malware tools targeted at virtual machines deployed on VMware's bare-metal hypervisor technology.
‼ CVE-2017-20143 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in Itech Movie Portal Script 7.36. This issue affects some unknown processing of the file /film-rating.php. The manipulation of the argument v leads to sql injection (Error). The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.📖 Read
via "National Vulnerability Database".
‼ CVE-2017-20139 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in Itech Movie Portal Script 7.36. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /show_news.php. The manipulation of the argument id with the input AND (SELECT 1222 FROM(SELECT COUNT(*),CONCAT(0x71786b7a71,(SELECT (ELT(1222=1222,1))),0x717a627871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) leads to sql injection (Error). The attack can be launched remotely. The exploit has been disclosed to the public and may be used.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0978 ‼
📖 Read
via "National Vulnerability Database".
Use after free in ANGLE in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29495 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 4.1.11 at WordPress allows an attacker to update plugin settings.📖 Read
via "National Vulnerability Database".