‼ CVE-2022-33943 ‼
📖 Read
via "National Vulnerability Database".
Authenticated (contributor or higher user role) Cross-Site Scripting (XSS) vulnerability in Nico Amarilla's BxSlider WP plugin <= 2.0.0 at WordPress.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35672 ‼
📖 Read
via "National Vulnerability Database".
Adobe Acrobat Reader version 22.001.20085 (and earlier), 20.005.30314 (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35669 ‼
📖 Read
via "National Vulnerability Database".
Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 20.005.30334 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
🕴 Multiple Windows, Adobe Zero-Days Anchor Knotweed Commercial Spyware 🕴
📖 Read
via "Dark Reading".
Microsoft flagged the company's Subzero tool set as on offer to unscrupulous governments and shady business interests.📖 Read
via "Dark Reading".
Dark Reading
Multiple Windows, Adobe Zero-Days Anchor Knotweed Commercial Spyware
Microsoft flagged the company's Subzero tool set as on offer to unscrupulous governments and shady business interests.
‼ CVE-2022-34120 ‼
📖 Read
via "National Vulnerability Database".
Barangay Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the module editing function at /pages/activity/activity.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34121 ‼
📖 Read
via "National Vulnerability Database".
Cuppa CMS v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the component /templates/default/html/windows/right.php.📖 Read
via "National Vulnerability Database".
âš Critical Samba bug could let anyone become Domain Admin – patch now! âš
📖 Read
via "Naked Security".
It's a serious bug... but there's a fix for it, so you know exactly what to do!📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
‼ CVE-2020-6998 ‼
📖 Read
via "National Vulnerability Database".
The connection establishment algorithm found in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior does not sufficiently manage its control flow during execution, creating an infinite loop. This may allow an attacker to send specially crafted CIP packet requests to a controller, which may cause denial-of-service conditions in communications with other products.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36949 ‼
📖 Read
via "National Vulnerability Database".
In Veritas NetBackup OpsCenter, an attacker with local access to a NetBackup OpsCenter server could potentially escalate their privileges. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38410 ‼
📖 Read
via "National Vulnerability Database".
AVEVA Software Platform Common Services (PCS) Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search path element, which may allow an attacker control to one or more locations in the search path.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36946 ‼
📖 Read
via "National Vulnerability Database".
nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36951 ‼
📖 Read
via "National Vulnerability Database".
In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may compromise the host by exploiting an incorrectly patched vulnerability. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35911 ‼
📖 Read
via "National Vulnerability Database".
On Patlite NH-FB series devices through 1.46, remote attackers can cause a denial of service by omitting the query string.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36952 ‼
📖 Read
via "National Vulnerability Database".
In Veritas NetBackup OpsCenter, a hard-coded credential exists that could be used to exploit the underlying VxSS subsystem. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38417 ‼
📖 Read
via "National Vulnerability Database".
VISAM VBASE version 11.6.0.6 is vulnerable to improper access control via the web-remote endpoint, which may allow an unauthenticated user viewing access to folders and files in the directory listing.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36953 ‼
📖 Read
via "National Vulnerability Database".
In Veritas NetBackup OpsCenter, certain endpoints could allow an unauthenticated remote attacker to gain sensitive information. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36954 ‼
📖 Read
via "National Vulnerability Database".
In Veritas NetBackup OpsCenter, under specific conditions, an authenticated remote attacker may be able to create or modify OpsCenter user accounts. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36956 ‼
📖 Read
via "National Vulnerability Database".
In Veritas NetBackup, the NetBackup Client allows arbitrary command execution from any remote host that has access to a valid host-id NetBackup certificate/private key from the same domain. The affects 9.0.x through 9.0.0.1 and 9.1.x through 9.1.0.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36950 ‼
📖 Read
via "National Vulnerability Database".
In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may be able to perform remote command execution through a Java classloader manipulation. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36948 ‼
📖 Read
via "National Vulnerability Database".
In Veritas NetBackup OpsCenter, a DOM XSS attack can occur. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42537 ‼
📖 Read
via "National Vulnerability Database".
VISAM VBASE version 11.6.0.6 processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.📖 Read
via "National Vulnerability Database".