βΌ CVE-2022-2317 βΌ
π Read
via "National Vulnerability Database".
The Simple Membership WordPress plugin before 4.1.3 allows user to change their membership at the registration stage due to insufficient checking of a user supplied parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2260 βΌ
π Read
via "National Vulnerability Database".
The GiveWP WordPress plugin before 2.21.3 does not have CSRF in place when exporting data, and does not validate the exporting parameters such as dates, which could allow attackers to make a logged in admin DoS the web server via a CSRF attack as the plugin will try to retrieve data from the database many times which leads to overwhelm the target's CPU.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2278 βΌ
π Read
via "National Vulnerability Database".
The Featured Image from URL (FIFU) WordPress plugin before 4.0.1 does not validate, sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)π Read
via "National Vulnerability Database".
βΌ CVE-2022-0598 βΌ
π Read
via "National Vulnerability Database".
The Login with phone number WordPress plugin through 1.3.7 do not sanitise and escape plugin settings which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2273 βΌ
π Read
via "National Vulnerability Database".
The Simple Membership WordPress plugin before 4.1.3 does not properly validate the membership_level parameter when editing a profile, allowing members to escalate to a higher membership level by using a crafted POST request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1906 βΌ
π Read
via "National Vulnerability Database".
The Copyright Proof WordPress plugin through 4.16 does not sanitise and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting when a specific setting is enabled.π Read
via "National Vulnerability Database".
ποΈ βYou get respect for owning what happenedβ β SolarWindsβ CISO on the legacy and lessons of Sunburst ποΈ
π Read
via "The Daily Swig".
Security chief counts new build system and greater intel sharing among positive legacies of watershed cyber-attackπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
βYou get respect for owning what happenedβ β SolarWindsβ CISO on the legacy and lessons of Sunburst
Security chief counts new build system and greater intel sharing among positive legacies of watershed cyber-attack
π1
β How to celebrate SysAdmin Day! β
π Read
via "Naked Security".
I've just popped in to wish you all/The best SysAdmin Day!π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2022-36343 βΌ
π Read
via "National Vulnerability Database".
Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in ideasToCode Enable SVG, WebP & ICO Upload plugin <= 1.0.1 at WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21789 βΌ
π Read
via "National Vulnerability Database".
In audio ipi, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478101; Issue ID: ALPS06478101.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26433 βΌ
π Read
via "National Vulnerability Database".
In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138400; Issue ID: ALPS07138400.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26436 βΌ
π Read
via "National Vulnerability Database".
In emi mpu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07023666; Issue ID: ALPS07023666.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26445 βΌ
π Read
via "National Vulnerability Database".
In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420088; Issue ID: GN20220420088.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26431 βΌ
π Read
via "National Vulnerability Database".
In mailbox, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032553; Issue ID: ALPS07032553.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21792 βΌ
π Read
via "National Vulnerability Database".
In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07085410; Issue ID: ALPS07085410.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21791 βΌ
π Read
via "National Vulnerability Database".
In camera isp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478059; Issue ID: ALPS06478059.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34567 βΌ
π Read
via "National Vulnerability Database".
An issue in \Roaming\Mango\Plugins of University of Texas Multi-image Analysis GUI (Mango) 4.1 allows attackers to escalate privileges via crafted plugins.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2509 βΌ
π Read
via "National Vulnerability Database".
A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30699 βΌ
π Read
via "National Vulnerability Database".
NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation information is expired. Upon receiving the delayed answer containing the delegation information, Unbound overwrites the now expired entries. This action can be repeated when the delegation information is about to expire making the rogue delegation information ever-updating. From version 1.16.2 on, Unbound stores the start time for a query and uses that to decide if the cached delegation information can be overwritten.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36301 βΌ
π Read
via "National Vulnerability Database".
BF-OS version 3.x up to and including 3.83 do not enforce strong passwords which may allow a remote attacker to brute-force the device password.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26428 βΌ
π Read
via "National Vulnerability Database".
In video codec, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06521260; Issue ID: ALPS06521260.π Read
via "National Vulnerability Database".