‼ CVE-2022-36216 ‼
📖 Read
via "National Vulnerability Database".
DedeCMS v5.7.94 - v5.7.97 was discovered to contain a remote code execution vulnerability in member_toadmin.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35147 ‼
📖 Read
via "National Vulnerability Database".
DoraCMS v2.18 and earlier allows attackers to bypass login authentication via a crafted HTTP request.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2335 ‼
📖 Read
via "National Vulnerability Database".
A crafted HTTP packet with a -1 content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23765 ‼
📖 Read
via "National Vulnerability Database".
This vulnerability occured by sending a malicious POST request to a specific page while logged in random user from some family of IPTIME NAS. Remote attackers can steal root privileges by changing the password of the root through a POST request.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35121 ‼
📖 Read
via "National Vulnerability Database".
Novel-Plus v3.6.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /service/impl/BookServiceImpl.java.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35516 ‼
📖 Read
via "National Vulnerability Database".
DedeCMS v5.7.93 - v5.7.96 was discovered to contain a remote code execution vulnerability in login.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2338 ‼
📖 Read
via "National Vulnerability Database".
Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack. The default the administration interface is accessible via plaintext HTTP protocol, facilitating the attack. The HTTP request may contain the session cookie in the request, which may be captured for use in authenticating to the server.📖 Read
via "National Vulnerability Database".
⚠ Apple patches double zero-day in browser and kernel – update now! ⚠
📖 Read
via "Naked Security".
Double 0-day exploits - one in WebKit (to break in) and the other in the kernel (to take over). Patch now!📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
‼ CVE-2022-35151 ‼
📖 Read
via "National Vulnerability Database".
kkFileView v4.1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28751 ‼
📖 Read
via "National Vulnerability Database".
The Zoom Client for Meetings for MacOS (Standard and for IT Admin) before version 5.11.3 contains a vulnerability in the package signature validation during the update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2868 ‼
📖 Read
via "National Vulnerability Database".
libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2867 ‼
📖 Read
via "National Vulnerability Database".
libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28752 ‼
📖 Read
via "National Vulnerability Database".
Zoom Rooms for Conference Rooms for Windows versions before 5.11.0 are susceptible to a Local Privilege Escalation vulnerability. A local low-privileged malicious user could exploit this vulnerability to escalate their privileges to the SYSTEM user.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2022-2869 ‼
📖 Read
via "National Vulnerability Database".
libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation.📖 Read
via "National Vulnerability Database".
🕴 Google Cloud Adds Curated Detection to Chronicle 🕴
📖 Read
via "Dark Reading".
The curated detection feature for Chronicle SecOps Suite provides security teams with actionable insights on cloud threats and Windows-based attacks from Google Cloud Threat Intelligence Team.📖 Read
via "Dark Reading".
Dark Reading
Google Cloud Adds Curated Detection to Chronicle
The curated detection feature for Chronicle SecOps Suite provides security teams with actionable insights on cloud threats and Windows-based attacks from Google Cloud Threat Intelligence Team.
‼ CVE-2022-35198 ‼
📖 Read
via "National Vulnerability Database".
Contract Management System v2.0 contains a weak default password which gives attackers to access database connection information.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33311 ‼
📖 Read
via "National Vulnerability Database".
Browse restriction bypass vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Address Book via unspecified vectors.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2876 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in SourceCodester Student Management System. Affected is an unknown function of the file index.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-206634 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35154 ‼
📖 Read
via "National Vulnerability Database".
Shopro Mall System v1.3.8 was discovered to contain a SQL injection vulnerability via the value parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29891 ‼
📖 Read
via "National Vulnerability Database".
Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Custom App via unspecified vectors.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35166 ‼
📖 Read
via "National Vulnerability Database".
libjpeg commit 842c7ba was discovered to contain an infinite loop via the component JPEG::ReadInternal.📖 Read
via "National Vulnerability Database".