‼ CVE-2022-37223 ‼
📖 Read
via "National Vulnerability Database".
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/role/list.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35278 ‼
📖 Read
via "National Vulnerability Database".
In Apache ActiveMQ Artemis prior to 2.24.0, an attacker could show malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue.📖 Read
via "National Vulnerability Database".
🔏 FBI Warns Proxies, Configurations Seen in More Credential Stuffing Attacks 🔏
📖 Read
via "".
Attackers are using proxies and configurations to mask and automate credential stuffing attacks on US companies, the FBI warns.📖 Read
via "".
‼ CVE-2021-23177 ‼
📖 Read
via "National Vulnerability Database".
An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to change the ACL of a file on the system and gain more privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3763 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in the Red Hat AMQ Broker management console in version 7.8 where an existing user is able to access some limited information even when the role the user is assigned to should not be allow access to the management console. The main impact is to confidentiality as this flaw means some role bindings are incorrectly checked, some privileged meta information such as queue names and configuration details are disclosed but the impact is limited as not all information is accessible and there is no affect to integrity.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3714 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a networked service to determine if the page has been merged.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20316 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of the share.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3800 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3839 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28882 ‼
📖 Read
via "National Vulnerability Database".
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. This eventually leads to scanning engine crash. The exploit can be triggered remotely by an attacker.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2946 ‼
📖 Read
via "National Vulnerability Database".
Use After Free in GitHub repository vim/vim prior to 9.0.0245.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34658 ‼
📖 Read
via "National Vulnerability Database".
Multiple Authenticated (contributor+) Persistent Cross-Site Scripting (XSS) vulnerabilities in W3 Eden Download Manager plugin <= 3.2.48 at WordPress.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35235 ‼
📖 Read
via "National Vulnerability Database".
Authenticated (admin+) Arbitrary File Read vulnerability in XplodedThemes WPide plugin <= 2.6 at WordPress.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35726 ‼
📖 Read
via "National Vulnerability Database".
Broken Authentication vulnerability in yotuwp Video Gallery plugin <= 1.3.4.5 at WordPress.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29476 ‼
📖 Read
via "National Vulnerability Database".
Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in 8 Degree Themes otification Bar for WordPress plugin <= 1.1.8 at WordPress.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36285 ‼
📖 Read
via "National Vulnerability Database".
Authenticated Arbitrary File Upload vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3701 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in ansible-runner where the default temporary files configuration in ansible-2.0.0 are written to world R/W locations. This flaw allows an attacker to pre-create the directory, resulting in reading private information or forcing ansible-runner to write files as the legitimate user in a place they did not expect. The highest threat from this vulnerability is to confidentiality and integrity.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3724 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36288 ‼
📖 Read
via "National Vulnerability Database".
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in W3 Eden Download Manager plugin <= 3.2.48 at WordPress.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34648 ‼
📖 Read
via "National Vulnerability Database".
Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3670 ‼
📖 Read
via "National Vulnerability Database".
MaxQueryDuration not honoured in Samba AD DC LDAP📖 Read
via "National Vulnerability Database".