‼ CVE-2022-2869 ‼
📖 Read
via "National Vulnerability Database".
libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation.📖 Read
via "National Vulnerability Database".
🕴 Google Cloud Adds Curated Detection to Chronicle 🕴
📖 Read
via "Dark Reading".
The curated detection feature for Chronicle SecOps Suite provides security teams with actionable insights on cloud threats and Windows-based attacks from Google Cloud Threat Intelligence Team.📖 Read
via "Dark Reading".
Dark Reading
Google Cloud Adds Curated Detection to Chronicle
The curated detection feature for Chronicle SecOps Suite provides security teams with actionable insights on cloud threats and Windows-based attacks from Google Cloud Threat Intelligence Team.
‼ CVE-2022-35198 ‼
📖 Read
via "National Vulnerability Database".
Contract Management System v2.0 contains a weak default password which gives attackers to access database connection information.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33311 ‼
📖 Read
via "National Vulnerability Database".
Browse restriction bypass vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Address Book via unspecified vectors.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2876 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in SourceCodester Student Management System. Affected is an unknown function of the file index.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-206634 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35154 ‼
📖 Read
via "National Vulnerability Database".
Shopro Mall System v1.3.8 was discovered to contain a SQL injection vulnerability via the value parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29891 ‼
📖 Read
via "National Vulnerability Database".
Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Custom App via unspecified vectors.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35166 ‼
📖 Read
via "National Vulnerability Database".
libjpeg commit 842c7ba was discovered to contain an infinite loop via the component JPEG::ReadInternal.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32583 ‼
📖 Read
via "National Vulnerability Database".
Operation restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Scheduler via unspecified vectors.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30070 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in HestiaCP before v1.3.5. Attackers are able to arbitrarily install packages due to values taken from the pgk [] parameter in the update request being transmitted to the operating system's package manager.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32283 ‼
📖 Read
via "National Vulnerability Database".
Browse restriction bypass vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Cabinet via unspecified vectors.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35153 ‼
📖 Read
via "National Vulnerability Database".
FusionPBX 5.0.1 was discovered to contain a command injection vulnerability via /fax/fax_send.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30604 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25986 ‼
📖 Read
via "National Vulnerability Database".
Browse restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Scheduler.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28715 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32453 ‼
📖 Read
via "National Vulnerability Database".
HTTP header injection vulnerability in Cybozu Office 10.0.0 to 10.8.5 may allow a remote attacker to obtain and/or alter the data of the product via unspecified vectors.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30693 ‼
📖 Read
via "National Vulnerability Database".
Information disclosure vulnerability in the system configuration of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to obtain the data of the product via unspecified vectors.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29487 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35164 ‼
📖 Read
via "National Vulnerability Database".
LibreDWG v0.12.4.4608 & commit f2dea29 was discovered to contain a heap use-after-free via bit_copy_chain.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35173 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Nginx NJS v0.7.5. The JUMP offset for a break instruction was not set to a correct offset during code generation, leading to a segmentation violation.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32544 ‼
📖 Read
via "National Vulnerability Database".
Operation restriction bypass vulnerability in Project of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Project via unspecified vectors.📖 Read
via "National Vulnerability Database".