‼ CVE-2022-27864 ‼
📖 Read
via "National Vulnerability Database".
A Double Free vulnerability allows remote attackers to execute arbitrary code through DesignReview.exe application on PDF files within affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22280 ‼
📖 Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and earlier versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2323 ‼
📖 Read
via "National Vulnerability Database".
Improper neutralization of special elements used in a user input allows an authenticated malicious user to perform remote code execution in the host system. This vulnerability impacts SonicWall Switch 1.1.1.0-2s and earlier versions📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36447 ‼
📖 Read
via "National Vulnerability Database".
An inflation issue was discovered in Chia Network CAT1 Standard 1.0.0. Previously minted tokens minted on the Chia blockchain using the CAT1 standard can be inflated to an arbitrary extent by any holder of any amount of the token. The total amount of the token can be increased as high as the malicious actor pleases. This is true for every CAT1 on the Chia blockchain regardless of issuance rules. This attack is auditable on chain, so maliciously altered coins can potentially be marked by off-chain observers as malicious.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27866 ‼
📖 Read
via "National Vulnerability Database".
A maliciously crafted TIFF file when consumed through DesignReview.exe application can be forced to read beyond allocated boundaries when parsing the TIFF file. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2324 ‼
📖 Read
via "National Vulnerability Database".
Improperly Implemented Security Check vulnerability in the SonicWall Hosted Email Security leads to bypass of Capture ATP security service in the appliance. This vulnerability impacts 10.0.17.7319 and earlier versions📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36336 ‼
📖 Read
via "National Vulnerability Database".
A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an updated Spyware pattern. Customers who are up-to-date on detection patterns are not required to take any additional steps to mitigate this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35234 ‼
📖 Read
via "National Vulnerability Database".
Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and cause a crash on an affected machine.📖 Read
via "National Vulnerability Database".
🤔1
‼ CVE-2022-30083 ‼
📖 Read
via "National Vulnerability Database".
EllieGrid Android Application version 3.4.1 is vulnerable to Code Injection. The application appears to evaluate user input as code (remote).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33158 ‼
📖 Read
via "National Vulnerability Database".
Trend Micro VPN Proxy Pro version 5.2.1026 and below contains a vulnerability involving some overly permissive folders in a key directory which could allow a local attacker to obtain privilege escalation on an affected system.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27785 ‼
📖 Read
via "National Vulnerability Database".
HCL Commerce's Remote Store server could allow a local attacker to obtain sensitive personal information. The vulnerability requires the victim to first perform a particular operation on the website.📖 Read
via "National Vulnerability Database".
🗓️ CompleteFTP path traversal flaw allowed attackers to delete server files 🗓️
📖 Read
via "The Daily Swig".
Security issue fixed in version 22.1.1 of file transfer software📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
CompleteFTP path traversal flaw allowed attackers to delete server files
Security issue fixed in version 22.1.1 of file transfer software
❌ Securing Your Move to the Hybrid Cloud ❌
📖 Read
via "Threat Post".
Infosec expert Rani Osnat lays out security challenges and offers hope for organizations migrating their IT stack to the private and public cloud environments.📖 Read
via "Threat Post".
Threat Post
Securing Your Move to the Hybrid Cloud
Infosec expert Rani Osnat lays out security challenges and offers hope for organizations migrating their IT stack to the private and public cloud environments.
🕴 For Big Tech, Neutrality Is Not an Option — and Never Really Was 🕴
📖 Read
via "Dark Reading".
Tech companies play a vital role in global communication, which has profound effects on how politics, policies, and human rights issues play out.📖 Read
via "Dark Reading".
Dark Reading
For Big Tech, Neutrality Is Not an Option — and Never Really Was
Tech companies play a vital role in global communication, which has profound effects on how politics, policies, and human rights issues play out.
‼ CVE-2022-2241 ‼
📖 Read
via "National Vulnerability Database".
The Featured Image from URL (FIFU) WordPress plugin before 4.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of validation, sanitisation and escaping in some of them, it could also lead to Stored XSS issues📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1324 ‼
📖 Read
via "National Vulnerability Database".
The Event Timeline WordPress plugin through 1.1.5 does not sanitize and escape Timeline Text, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2245 ‼
📖 Read
via "National Vulnerability Database".
The Counter Box WordPress plugin before 1.2.1 is lacking CSRF check when activating and deactivating counters, which could allow attackers to make a logged in admin perform such actions via CSRF attacks📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2171 ‼
📖 Read
via "National Vulnerability Database".
The Progressive License WordPress plugin through 1.1.0 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the settings, this could lead to Stored XSS issue which will be triggered in the frontend as well.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1950 ‼
📖 Read
via "National Vulnerability Database".
The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1585 ‼
📖 Read
via "National Vulnerability Database".
The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire site, including sensitive files like wp-config.php.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-2181 ‼
📖 Read
via "National Vulnerability Database".
The Advanced WordPress Reset WordPress plugin before 1.6 does not escape some generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting📖 Read
via "National Vulnerability Database".