‼ CVE-2020-1691 ‼
📖 Read
via "National Vulnerability Database".
In Moodle 3.8, messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored cross-site scripting.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36840 ‼
📖 Read
via "National Vulnerability Database".
DLL hijacking vulnerability in Samsung Update Setup prior to version 2.2.9.50 allows attackers to execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2497 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. A malicious maintainer could exfiltrate an integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34769 ‼
📖 Read
via "National Vulnerability Database".
Michlol - rashim web interface Insecure direct object references (IDOR). First of all, the attacker needs to login. After he performs log into the system there are some functionalities that the specific user is not allowed to perform. However all the attacker needs to do in order to achieve his goals is to change the value of the ptMsl parameter and then the attacker can access sensitive data that he not supposed to access because its belong to another user.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2459 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for email invited members to join a project even after the Group Owner has enabled the setting to prevent members from being added to projects in a group, if the invite was sent before the setting was enabled.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33732 ‼
📖 Read
via "National Vulnerability Database".
Improper access control vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows local attackers to scan and connect to PC by unprotected binder call.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33734 ‼
📖 Read
via "National Vulnerability Database".
Sensitive information exposure in onCharacteristicChanged in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46676 ‼
📖 Read
via "National Vulnerability Database".
A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the transactional maps name field.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33725 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability using PendingIntent in Knox VPN prior to SMR Aug-2022 Release 1 allows attackers to access content providers with system privilege.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-10204 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.📖 Read
via "National Vulnerability Database".
🕴 What Worries Security Teams About the Cloud? 🕴
📖 Read
via "Dark Reading".
What issues are cybersecurity professionals concerned about in 2022? You tell us!📖 Read
via "Dark Reading".
Dark Reading
What Worries Security Teams About the Cloud?
What issues are cybersecurity professionals concerned about in 2022? You tell us!
‼ CVE-2022-24013 ‼
📖 Read
via "National Vulnerability Database".
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the gpio_ctrl binary.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24009 ‼
📖 Read
via "National Vulnerability Database".
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the confsrv binary.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24024 ‼
📖 Read
via "National Vulnerability Database".
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the rtk_ate binary.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27633 ‼
📖 Read
via "National Vulnerability Database".
An information disclosure vulnerability exists in the confctl_get_guest_wlan functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to information disclosure. An attacker can send packets to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27185 ‼
📖 Read
via "National Vulnerability Database".
A denial of service vulnerability exists in the confctl_set_master_wlan functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-23103 ‼
📖 Read
via "National Vulnerability Database".
A stack-based buffer overflow vulnerability exists in the confsrv confctl_set_app_language functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21201 ‼
📖 Read
via "National Vulnerability Database".
A stack-based buffer overflow vulnerability exists in the confers ucloud_add_node_new functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29886 ‼
📖 Read
via "National Vulnerability Database".
An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. A specially-crafted OLE file can lead to a heap buffer overflow, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24021 ‼
📖 Read
via "National Vulnerability Database".
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the online_process binary.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24016 ‼
📖 Read
via "National Vulnerability Database".
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the mesh_status_check binary.📖 Read
via "National Vulnerability Database".