βΌ CVE-2022-25759 βΌ
π Read
via "National Vulnerability Database".
The package convert-svg-core before 0.6.2 are vulnerable to Remote Code Injection via sending an SVG file containing the payload.π Read
via "National Vulnerability Database".
π΄ Understanding Proposed SEC Rules Through an ESG Lens π΄
π Read
via "Dark Reading".
Cyber threats are putting environmental, social, and governance discussions at the forefront of board meetings and C-suite discussions around the globe.π Read
via "Dark Reading".
Dark Reading
Understanding Proposed SEC Rules Through an ESG Lens
Cyber threats are putting environmental, social, and governance discussions at the forefront of board meetings and C-suite discussions around the globe.
βΌ CVE-2022-34113 βΌ
π Read
via "National Vulnerability Database".
An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34112 βΌ
π Read
via "National Vulnerability Database".
An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34114 βΌ
π Read
via "National Vulnerability Database".
Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36408 βΌ
π Read
via "National Vulnerability Database".
PrestaShop 1.6.0.10 through 1.7.x before 1.7.8.2 allows remote attackers to execute arbitrary code, aka a "previously unknown vulnerability chain" related to SQL injection, as exploited in the wild in July 2022.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34115 βΌ
π Read
via "National Vulnerability Database".
Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId.π Read
via "National Vulnerability Database".
β Office macro security: on-again-off-again feature now BACK ON AGAIN! β
π Read
via "Naked Security".
20 years to turn it on, then 20 weeks to turn it off, then just 2 weeks to turn it back on again. That's progress!π Read
via "Naked Security".
Naked Security
Office macro security: on-again-off-again feature now BACK ON AGAIN!
20 years to turn it on, then 20 weeks to turn it off, then just 2 weeks to turn it back on again. Thatβs progress!
βΌ CVE-2022-1141 βΌ
π Read
via "National Vulnerability Database".
Use after free in File Manager in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific user gesture.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1143 βΌ
π Read
via "National Vulnerability Database".
Heap buffer overflow in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific input into DevTools.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1142 βΌ
π Read
via "National Vulnerability Database".
Heap buffer overflow in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific input into DevTools.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1144 βΌ
π Read
via "National Vulnerability Database".
Use after free in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific input into DevTools.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36415 βΌ
π Read
via "National Vulnerability Database".
A DLL hijacking vulnerability exists in the uninstaller in Scooter Beyond Compare 1.8a through 4.4.2 before 4.4.3 when installed via the EXE installer. The uninstaller attempts to load DLLs out of a Windows Temp folder. If a standard user places malicious DLLs in the C:\Windows\Temp\ folder, and then the uninstaller is run as SYSTEM, the DLLs will execute with elevated privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36414 βΌ
π Read
via "National Vulnerability Database".
There is an elevation of privilege breakout vulnerability in the Windows EXE installer in Scooter Beyond Compare 4.2.0 through 4.4.2 before 4.4.3. Affected versions allow a logged-in user to run applications with elevated privileges via the Clipboard Compare tray app after installation.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1135 βΌ
π Read
via "National Vulnerability Database".
Use after free in Shopping Cart in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via standard feature user interaction.π Read
via "National Vulnerability Database".
βΌ CVE-2018-25045 βΌ
π Read
via "National Vulnerability Database".
Django REST framework (aka django-rest-framework) before 3.9.1 allows XSS because the default DRF Browsable API view templates disable autoescaping.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1146 βΌ
π Read
via "National Vulnerability Database".
Inappropriate implementation in Resource Timing in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1129 βΌ
π Read
via "National Vulnerability Database".
Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1137 βΌ
π Read
via "National Vulnerability Database".
Inappropriate implementation in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to leak potentially sensitive information via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1125 βΌ
π Read
via "National Vulnerability Database".
Use after free in Portals in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1128 βΌ
π Read
via "National Vulnerability Database".
Inappropriate implementation in Web Share API in Google Chrome on Windows prior to 100.0.4896.60 allowed an attacker on the local network segment to leak cross-origin data via a crafted HTML page.π Read
via "National Vulnerability Database".