βΌ CVE-2022-2619 βΌ
π Read
via "National Vulnerability Database".
Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2624 βΌ
π Read
via "National Vulnerability Database".
Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2804 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Zoo Management System. It has been classified as critical. Affected is an unknown function of the file /pages/apply_vacancy.php. The manipulation of the argument filename leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-206250 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35953 βΌ
π Read
via "National Vulnerability Database".
BookWyrm is a social network for tracking your reading, talking about books, writing reviews, and discovering what to read next. Some links in BookWyrm may be vulnerable to tabnabbing, a form of phishing that gives attackers an opportunity to redirect a user to a malicious site. The issue was patched in version 0.4.5.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35942 βΌ
π Read
via "National Vulnerability Database".
Improper input validation on the `contains` LoopBack filter may allow for arbitrary SQL injection. When the extended filter property `contains` is permitted to be interpreted by the Postgres connector, it is possible to inject arbitrary SQL which may affect the confidentiality and integrity of data stored on the connected database. A patch was released in version 5.5.1. This affects users who does any of the following: - Connect to the database via the DataSource with `allowExtendedProperties: true` setting OR - Uses the connector's CRUD methods directly OR - Uses the connector's other methods to interpret the LoopBack filter. Users who are unable to upgrade should do the following if applicable: - Remove `allowExtendedProperties: true` DataSource setting - Add `allowExtendedProperties: false` DataSource setting - When passing directly to the connector functions, manually sanitize the user input for the `contains` LoopBack filter beforehand.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35949 βΌ
π Read
via "National Vulnerability Database".
undici is an HTTP/1.1 client, written from scratch for Node.js.`undici` is vulnerable to SSRF (Server-side Request Forgery) when an application takes in **user input** into the `path/pathname` option of `undici.request`. If a user specifies a URL such as `http://127.0.0.1` or `//127.0.0.1` ```js const undici = require("undici") undici.request({origin: "http://example.com", pathname: "//127.0.0.1"}) ``` Instead of processing the request as `http://example.org//127.0.0.1` (or `http://example.org/http://127.0.0.1` when `http://127.0.0.1 is used`), it actually processes the request as `http://127.0.0.1/` and sends it to `http://127.0.0.1`. If a developer passes in user input into `path` parameter of `undici.request`, it can result in an _SSRF_ as they will assume that the hostname cannot change, when in actual fact it can change because the specified path parameter is combined with the base URL. This issue was fixed in `undici@5.8.1`. The best workaround is to validate user input before passing it to the `undici.request` call.π Read
via "National Vulnerability Database".
π΄ Cybercriminals Weaponizing Ransomware Data For BEC Attacks π΄
π Read
via "Dark Reading".
Attacked once, victimized multiple times: Data marketplaces are making it easier for threat actors to find and use data exfiltrated during ransomware attacks in follow-up attacks.π Read
via "Dark Reading".
Dark Reading
Cybercriminals Weaponizing Ransomware Data for BEC Attacks
Attacked once, victimized multiple times: Data marketplaces are making it easier for threat actors to find and use data exfiltrated during ransomware attacks in follow-up attacks.
βΌ CVE-2022-36006 βΌ
π Read
via "National Vulnerability Database".
Arvados is an open source platform for managing, processing, and sharing genomic and other large scientific and biomedical data. A remote code execution (RCE) vulnerability in the Arvados Workbench allows authenticated attackers to execute arbitrary code via specially crafted JSON payloads. This exists in all versions up to 2.4.1 and is fixed in 2.4.2. This vulnerability is specific to the Ruby on Rails Workbench application (Γ’β¬ΕWorkbench 1Γ’β¬οΏ½). We do not believe any other Arvados components, including the TypesScript browser-based Workbench application (Γ’β¬ΕWorkbench 2Γ’β¬οΏ½) or API Server, are vulnerable to this attack. For versions of Arvados earlier than 2.4.2: remove the Ruby-based "Workbench 1" app ("apt-get remove arvados-workbench") from your installation as a workaround.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35948 βΌ
π Read
via "National Vulnerability Database".
undici is an HTTP/1.1 client, written from scratch for Node.js.`=< undici@5.8.0` users are vulnerable to _CRLF Injection_ on headers when using unsanitized input as request headers, more specifically, inside the `content-type` header. Example: ``` import { request } from 'undici' const unsanitizedContentTypeInput = 'application/json\r\n\r\nGET /foo2 HTTP/1.1' await request('http://localhost:3000, { method: 'GET', headers: { 'content-type': unsanitizedContentTypeInput }, }) ``` The above snippet will perform two requests in a single `request` API call: 1) `http://localhost:3000/` 2) `http://localhost:3000/foo2` This issue was patched in Undici v5.8.1. Sanitize input when sending content-type headers using user input as a workaround.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37400 βΌ
π Read
via "National Vulnerability Database".
Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where the required initialization vector for encryption was always the same which weakens the security of the encryption making them vulnerable if an attacker has access to the user's configuration data. This issue affects: Apache OpenOffice versions prior to 4.1.13. Reference: CVE-2022-26306 - LibreOfficeπ Read
via "National Vulnerability Database".
βΌ CVE-2022-2378 βΌ
π Read
via "National Vulnerability Database".
The Easy Student Results WordPress plugin through 2.2.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scriptingπ Read
via "National Vulnerability Database".
βΌ CVE-2022-38223 βΌ
π Read
via "National Vulnerability Database".
There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It can be triggered by sending a crafted HTML file to the w3m binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2822 βΌ
π Read
via "National Vulnerability Database".
An attacker can freely brute force username and password and can takeover any account. An attacker could easily guess user passwords and gain access to user and administrative accounts.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35958 βΌ
π Read
via "National Vulnerability Database".
Discourse is a 100% open source discussion platform. A malicious user can use the invitation system to spam arbitrary email addresses by sending them invitation emails in some cases. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are currently no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2314 βΌ
π Read
via "National Vulnerability Database".
The VR Calendar WordPress plugin through 2.2.2 lets any user execute arbitrary PHP functions on the site.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2384 βΌ
π Read
via "National Vulnerability Database".
The Digital Publications by Supsystic WordPress plugin before 1.7.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2812 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in SourceCodester Guest Management System. This vulnerability affects unknown code of the file index.php. The manipulation of the argument username/pass leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-206398 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2116 βΌ
π Read
via "National Vulnerability Database".
The Contact Form DB WordPress plugin before 1.8.0 does not sanitise and escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scriptingπ Read
via "National Vulnerability Database".
βΌ CVE-2022-36007 βΌ
π Read
via "National Vulnerability Database".
Venice is a Clojure inspired sandboxed Lisp dialect with excellent Java interoperability. A partial path traversal issue exists within the functions `load-file` and `load-resource`. These functions can be limited to load files from a list of load paths. Assuming Venice has been configured with the load paths: `[ "/Users/foo/resources" ]` When passing **relative** paths to these two vulnerable functions everything is fine: `(load-resource "test.png")` => loads the file "/Users/foo/resources/test.png" `(load-resource "../resources-alt/test.png")` => rejected, outside the load path When passing **absolute** paths to these two vulnerable functions Venice may return files outside the configured load paths: `(load-resource "/Users/foo/resources/test.png")` => loads the file "/Users/foo/resources/test.png" `(load-resource "/Users/foo/resources-alt/test.png")` => loads the file "/Users/foo/resources-alt/test.png" !!! The latter call suffers from the _Partial Path Traversal_ vulnerability. This issueΓ’β¬β’s scope is limited to absolute paths whose name prefix matches a load path. E.g. for a load-path `"/Users/foo/resources"`, the actor can cause loading a resource also from `"/Users/foo/resources-alt"`, but not from `"/Users/foo/images"`. Versions of Venice before and including v1.10.17 are affected by this issue. Upgrade to Venice >= 1.10.18, if you are on a version < 1.10.18. There are currently no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35954 βΌ
π Read
via "National Vulnerability Database".
The GitHub Actions ToolKit provides a set of packages to make creating actions easier. The `core.exportVariable` function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write untrusted values to the `GITHUB_ENV` file may cause the path or other environment variables to be modified without the intention of the workflow or action author. Users should upgrade to `@actions/core v1.9.1`. If you are unable to upgrade the `@actions/core` package, you can modify your action to ensure that any user input does not contain the delimiter `_GitHubActionsFileCommandDelimeter_` before calling `core.exportVariable`.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2381 βΌ
π Read
via "National Vulnerability Database".
The E Unlocked - Student Result WordPress plugin through 1.0.4 is lacking CSRF and validation when uploading the School logo, which could allow attackers to make a logged in admin upload arbitrary files, such as PHP via a CSRF attackπ Read
via "National Vulnerability Database".