‼ CVE-2022-23764 ‼
📖 Read
via "National Vulnerability Database".
The vulnerability causing from insufficient verification procedures for downloaded files during WebCube update. Remote attackers can bypass this verification logic to update both digitally signed and unauthorized files, enabling remote code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1069 ‼
📖 Read
via "National Vulnerability Database".
A crafted HTTP packet with a large content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23747 ‼
📖 Read
via "National Vulnerability Database".
In Sony Xperia series 1, 5, and Pro, an out of bound memory access can occur due to lack of validation of the number of frames being passed during music playback.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26639 ‼
📖 Read
via "National Vulnerability Database".
This vulnerability is caused by the lack of validation of input values for specific functions if WISA Smart Wing CMS. Remote attackers can use this vulnerability to leak all files in the server without logging in system.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2334 ‼
📖 Read
via "National Vulnerability Database".
The application searches for a library dll that is not found. If an attacker can place a dll with this name, then the attacker can leverage it to execute arbitrary code on the targeted Softing Secure Integration Server V1.22.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-14394 ‼
📖 Read
via "National Vulnerability Database".
An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36215 ‼
📖 Read
via "National Vulnerability Database".
DedeBIZ v6 was discovered to contain a remote code execution vulnerability in sys_info.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36216 ‼
📖 Read
via "National Vulnerability Database".
DedeCMS v5.7.94 - v5.7.97 was discovered to contain a remote code execution vulnerability in member_toadmin.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35147 ‼
📖 Read
via "National Vulnerability Database".
DoraCMS v2.18 and earlier allows attackers to bypass login authentication via a crafted HTTP request.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2335 ‼
📖 Read
via "National Vulnerability Database".
A crafted HTTP packet with a -1 content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23765 ‼
📖 Read
via "National Vulnerability Database".
This vulnerability occured by sending a malicious POST request to a specific page while logged in random user from some family of IPTIME NAS. Remote attackers can steal root privileges by changing the password of the root through a POST request.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35121 ‼
📖 Read
via "National Vulnerability Database".
Novel-Plus v3.6.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /service/impl/BookServiceImpl.java.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35516 ‼
📖 Read
via "National Vulnerability Database".
DedeCMS v5.7.93 - v5.7.96 was discovered to contain a remote code execution vulnerability in login.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2338 ‼
📖 Read
via "National Vulnerability Database".
Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack. The default the administration interface is accessible via plaintext HTTP protocol, facilitating the attack. The HTTP request may contain the session cookie in the request, which may be captured for use in authenticating to the server.📖 Read
via "National Vulnerability Database".
⚠ Apple patches double zero-day in browser and kernel – update now! ⚠
📖 Read
via "Naked Security".
Double 0-day exploits - one in WebKit (to break in) and the other in the kernel (to take over). Patch now!📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
‼ CVE-2022-35151 ‼
📖 Read
via "National Vulnerability Database".
kkFileView v4.1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28751 ‼
📖 Read
via "National Vulnerability Database".
The Zoom Client for Meetings for MacOS (Standard and for IT Admin) before version 5.11.3 contains a vulnerability in the package signature validation during the update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2868 ‼
📖 Read
via "National Vulnerability Database".
libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2867 ‼
📖 Read
via "National Vulnerability Database".
libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28752 ‼
📖 Read
via "National Vulnerability Database".
Zoom Rooms for Conference Rooms for Windows versions before 5.11.0 are susceptible to a Local Privilege Escalation vulnerability. A local low-privileged malicious user could exploit this vulnerability to escalate their privileges to the SYSTEM user.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2022-2869 ‼
📖 Read
via "National Vulnerability Database".
libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation.📖 Read
via "National Vulnerability Database".