โผ CVE-2022-38665 โผ
๐ Read
via "National Vulnerability Database".
Jenkins CollabNet Plugins Plugin 2.0.8 and earlier stores a RabbitMQ password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-36341 โผ
๐ Read
via "National Vulnerability Database".
Authenticated (subscriber+) plugin settings change leading to Stored Cross-Site Scripting (XSS) vulnerability in Akash soni's AS รขโฌโ Create Pinterest Pinboard Pages plugin <= 1.0 at WordPress.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-37112 โผ
๐ Read
via "National Vulnerability Database".
BlueCMS 1.6 has SQL injection in line 55 of admin/model.php๐ Read
via "National Vulnerability Database".
โผ CVE-2022-37111 โผ
๐ Read
via "National Vulnerability Database".
BlueCMS 1.6 has SQL injection in line 132 of admin/article.php๐ Read
via "National Vulnerability Database".
โผ CVE-2022-38172 โผ
๐ Read
via "National Vulnerability Database".
ServiceNow through San Diego Patch 3 allows XSS via the name field during creation of a new dashboard for the Performance Analytics dashboard.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-1513 โผ
๐ Read
via "National Vulnerability Database".
A potential vulnerability was reported in Lenovo PCManager prior to version 5.0.10.4191 that may allow code execution when visiting a specially crafted website.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-35115 โผ
๐ Read
via "National Vulnerability Database".
IceWarp WebClient DC2 - Update 2 Build 9 (13.0.2.9) was discovered to contain a SQL injection vulnerability via the search parameter at /webmail/server/webmail.php.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-38463 โผ
๐ Read
via "National Vulnerability Database".
ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-38132 โผ
๐ Read
via "National Vulnerability Database".
Command injection vulnerability in Linksys MR8300 router while Registration to DDNS Service. By specifying username and password, an attacker connected to the router's web interface can execute arbitrary OS commands. The username and password fields are not sanitized correctly and are used as URL construction arguments, allowing URL redirection to an arbitrary server, downloading an arbitrary script file, and eventually executing the file in the device. This issue affects: Linksys MR8300 Router 1.0.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-36945 โผ
๐ Read
via "National Vulnerability Database".
The Remote Keyless Entry (RKE) receiving unit on certain Mazda vehicles through 2020 allows remote attackers to perform unlock operations and force a resynchronization after capturing three consecutive valid key-fob signals over the radio, aka a RollBack attack. The attacker retains the ability to unlock indefinitely.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-25903 โผ
๐ Read
via "National Vulnerability Database".
The package opcua from 0.0.0 are vulnerable to Denial of Service (DoS) via the ExtensionObjects and Variants objects, when it allows unlimited nesting levels, which could result in a stack overflow even if the message size is less than the maximum allowed.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-24375 โผ
๐ Read
via "National Vulnerability Database".
The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-38089 โผ
๐ Read
via "National Vulnerability Database".
Stored cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows a remote authenticated attacker to inject an arbitrary script.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-37333 โผ
๐ Read
via "National Vulnerability Database".
SQL injection vulnerability in the Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows remote authenticated attackers to execute arbitrary SQL commands.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-37305 โผ
๐ Read
via "National Vulnerability Database".
The Remote Keyless Entry (RKE) receiving unit on certain Honda vehicles through 2018 allows remote attackers to perform unlock operations and force a resynchronization after capturing five consecutive valid RKE signals over the radio, aka a RollBack attack. The attacker retains the ability to unlock indefinitely.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-38080 โผ
๐ Read
via "National Vulnerability Database".
Reflected cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows a remote authenticated attacker to inject an arbitrary script.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-37418 โผ
๐ Read
via "National Vulnerability Database".
The Remote Keyless Entry (RKE) receiving unit on certain Nissan, Kia, and Hyundai vehicles through 2017 allows remote attackers to perform unlock operations and force a resynchronization after capturing two consecutive valid key fob signals over the radio, aka a RollBack attack. The attacker retains the ability to unlock indefinitely.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-38078 โผ
๐ Read
via "National Vulnerability Database".
Movable Type XMLRPC API provided by Six Apart Ltd. contains a command injection vulnerability. Sending a specially crafted message by POST method to Movable Type XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products and versions are as follows: Movable Type 7 r.5202 and earlier, Movable Type Advanced 7 r.5202 and earlier, Movable Type 6.8.6 and earlier, Movable Type Advanced 6.8.6 and earlier, Movable Type Premium 1.52 and earlier, and Movable Type Premium Advanced 1.52 and earlier. Note that all versions of Movable Type 4.0 or later including unsupported (End-of-Life, EOL) versions are also affected by this vulnerability.๐ Read
via "National Vulnerability Database".
๐๏ธ Stop, press: Fragmented vendor ecosystem leaves media industry increasingly vulnerable to software supply chain threats ๐๏ธ
๐ Read
via "The Daily Swig".
New study highlights the myriad cyber defense challenges faced by media companies in 2022๐ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Stop, press: Fragmented vendor ecosystem leaves media industry increasingly vulnerable to software supply chain threats
New study highlights the myriad cyber defense challenges faced by media companies in 2022
๐1
๐ MIMEDefang Email Scanner 3.1 ๐
๐ Read
via "Packet Storm Security".
MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with the Sendmail 8.11 and newer "Milter" API, which makes it more flexible and efficient than procmail-based approaches.๐ Read
via "Packet Storm Security".
Packetstormsecurity
MIMEDefang Email Scanner 3.1 โ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
โผ CVE-2022-36633 โผ
๐ Read
via "National Vulnerability Database".
Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in place of a token and sent to a user in a social engineering attack. This is fully unauthenticated attack utilizing the trusted teleport server to deliver the payload.๐ Read
via "National Vulnerability Database".