βΌ CVE-2022-32293 βΌ
π Read
via "National Vulnerability Database".
In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36359 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35620 βΌ
π Read
via "National Vulnerability Database".
D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remote code execution (RCE) vulnerability via the function binary.soapcgi_main.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35619 βΌ
π Read
via "National Vulnerability Database".
D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remote code execution (RCE) vulnerability via the function ssdpcgi_main.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27484 βΌ
π Read
via "National Vulnerability Database".
A unverified password change in Fortinet FortiADC version 6.2.0 through 6.2.3, 6.1.x, 6.0.x, 5.x.x allows an authenticated attacker to bypass the Old Password check in the password change form via a crafted HTTP request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34973 βΌ
π Read
via "National Vulnerability Database".
D-Link DIR820LA1_FW106B02 was discovered to contain a buffer overflow via the nextPage parameter at ping.ccp.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32292 βΌ
π Read
via "National Vulnerability Database".
In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34974 βΌ
π Read
via "National Vulnerability Database".
D-Link DIR810LA1_FW102B22 was discovered to contain a command injection vulnerability via the Ping_addr function.π Read
via "National Vulnerability Database".
β Post-quantum cryptography β new algorithm βgone in 60 minutesβ β
π Read
via "Naked Security".
And THIS is why you don't knit your own home-made encryption algorithms and hope no one looks at them.π Read
via "Naked Security".
Naked Security
Post-quantum cryptography β new algorithm βgone in 60 minutesβ
And THIS is why you donβt knit your own home-made encryption algorithms and hope no one looks at them.
π΄ Cyberattackers Drain Nearly $6M From Solana Crypto Wallets π΄
π Read
via "Dark Reading".
So far, the ongoing attack has impacted nearly 8,000 Solana hot wallets.π Read
via "Dark Reading".
Dark Reading
Cyberattackers Drain Nearly $6M From Solana Crypto Wallets
So far, the ongoing attack has impacted nearly 8,000 Solana hot wallets.
π΄ Zero-Day Defense: Tips for Defusing the Threat π΄
π Read
via "Dark Reading".
Because they leave so little time to patch and defuse, zero-day threats require a proactive, multilayered approach based on zero trust.π Read
via "Dark Reading".
Dark Reading
Zero-Day Defense: Tips for Defusing the Threat
Because they leave so little time to patch and defuse, zero-day threats require a proactive, multilayered approach based on zero trust.
βΌ CVE-2022-2272 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to bypass authentication on affected installations of Sante PACS Server 3.0.4. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the login endpoint. When parsing the username element, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17331.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35865 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It! 20.21.2.109. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authorization of HTTP requests. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-16709.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-35866 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to bypass authentication on affected installations of Vinchin Backup and Recovery 6.5.0.17561. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the MySQL server. The server uses a hard-coded password for the administrator user. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17139.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28668 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.9.2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16679.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28684 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of DevExpress. Authentication is required to exploit this vulnerability. The specific flaw exists within the SafeBinaryFormatter library. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-16710.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37396 βΌ
π Read
via "National Vulnerability Database".
In JetBrains Rider before 2022.2 Trust and Open Project dialog could be bypassed, leading to local code executionπ Read
via "National Vulnerability Database".
βΌ CVE-2022-35867 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows local attackers to escalate privileges on affected installations of xhyve. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the e1000 virtual device. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-15056.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34871 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of poller resources. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-16335.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35864 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It! 20.21.02.109. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetPopupSubQueryDetails endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-16690.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34872 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of Virtual Metrics. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-16336.π Read
via "National Vulnerability Database".