‼ CVE-2022-20324 ‼
📖 Read
via "National Vulnerability Database".
In Framework, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-187042120📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20273 ‼
📖 Read
via "National Vulnerability Database".
In Bluetooth, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-206478022📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35561 ‼
📖 Read
via "National Vulnerability Database".
A stack overflow vulnerability exists in /goform/WifiMacFilterSet in Tenda W6 V1.0.0.9(4122) version, which can be exploited by attackers to cause a denial of service (DoS) via the index parameter.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-20283 ‼
📖 Read
via "National Vulnerability Database".
In Bluetooth, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-233069336📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-20282 ‼
📖 Read
via "National Vulnerability Database".
In AppWidget, there is a possible way to start an activity from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-204083104📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-20329 ‼
📖 Read
via "National Vulnerability Database".
In Wifi, there is a possible way to enable Wifi without permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-183410556📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-20332 ‼
📖 Read
via "National Vulnerability Database".
In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-180019130📖 Read
via "National Vulnerability Database".
👍1
❌ Feds: Zeppelin Ransomware Resurfaces with New Compromise, Encryption Tactics ❌
📖 Read
via "Threat Post".
The CISA has seen a resurgence of the malware targeting a range of verticals and critical infrastructure organizations by exploiting RDP, firewall vulnerabilities.📖 Read
via "Threat Post".
Threat Post
Feds: Zeppelin Ransomware Resurfaces with New Compromise, Encryption Tactics
The CISA has seen a resurgence of the malware targeting a range of verticals and critical infrastructure organizations by exploiting RDP, firewall vulnerabilities.
‼ CVE-2022-35589 ‼
📖 Read
via "National Vulnerability Database".
A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_time" Parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35932 ‼
📖 Read
via "National Vulnerability Database".
Nextcloud Talk is a video and audio conferencing app for Nextcloud. Prior to versions 12.2.7, 13.0.7, and 14.0.3, password protected conversations are susceptible to brute force attacks if the attacker has the link/conversation token. It is recommended that the Nextcloud Talk application is upgraded to 12.2.7, 13.0.7 or 14.0.3. There are currently no known workarounds available apart from not having password protected conversations.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35585 ‼
📖 Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "start_date" Parameter📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42750 ‼
📖 Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to inject arbitrary JavaScript within the title of a rule node.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35587 ‼
📖 Read
via "National Vulnerability Database".
A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_date" Parameter📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35590 ‼
📖 Read
via "National Vulnerability Database".
A cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "end_date" Parameter📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42751 ‼
📖 Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to inject arbitrary JavaScript within the description of a rule node.📖 Read
via "National Vulnerability Database".
🕴 Software Supply Chain Chalks Up a Security Win With New Crypto Effort 🕴
📖 Read
via "Dark Reading".
GitHub, the owner of the Node Package Manager (npm), proposes cryptographically linking source code and JavaScript packages in an effort to shore up supply chain security.📖 Read
via "Dark Reading".
Dark Reading
Software Supply Chain Chalks Up a Security Win With New Crypto Effort
GitHub, the owner of the Node Package Manager (npm), proposes cryptographically linking source code and JavaScript packages in an effort to shore up supply chain security.
‼ CVE-2022-2797 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in SourceCodester Student Information System. Affected by this vulnerability is an unknown functionality of the file /admin/students/view_student.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The identifier VDB-206245 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29118 ‼
📖 Read
via "National Vulnerability Database".
An out-of-bounds read vulnerability exists when parsing a specially crafted file in Esri ArcReader 10.8.1 (and earlier) which allow an unauthenticated attacker to induce an information disclosure issue in the context of the current user.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29112 ‼
📖 Read
via "National Vulnerability Database".
An out-of-bounds read vulnerability exists when parsing a specially crafted file in Esri ArcReader 10.8.1 (and earlier) which allow an unauthenticated attacker to induce an information disclosure issue in the context of the current user.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29117 ‼
📖 Read
via "National Vulnerability Database".
A use-after-free vulnerability when parsing a specially crafted file in Esri ArcReader 10.8.1 (and earlier) allows an unauthenticated attacker to achieve arbitrary code execution in the context of the current user.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35980 ‼
📖 Read
via "National Vulnerability Database".
OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. Versions 2.0.0.0 and 2.1.0.0 of the security plugin are affected by an information disclosure vulnerability. Requests to an OpenSearch cluster configured with advanced access control features document level security (DLS), field level security (FLS), and/or field masking will not be filtered when the query's search pattern matches an aliased index. OpenSearch Dashboards creates an alias to `.kibana` by default, so filters with the index pattern of `*` to restrict access to documents or fields will not be applied. This issue allows requests to access sensitive information when customer have acted to restrict access that specific information. OpenSearch 2.2.0, which is compatible with OpenSearch Security 2.2.0.0, contains the fix for this issue. There is no recommended work around.📖 Read
via "National Vulnerability Database".