βΌ CVE-2022-35115 βΌ
π Read
via "National Vulnerability Database".
IceWarp WebClient DC2 - Update 2 Build 9 (13.0.2.9) was discovered to contain a SQL injection vulnerability via the search parameter at /webmail/server/webmail.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38463 βΌ
π Read
via "National Vulnerability Database".
ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38132 βΌ
π Read
via "National Vulnerability Database".
Command injection vulnerability in Linksys MR8300 router while Registration to DDNS Service. By specifying username and password, an attacker connected to the router's web interface can execute arbitrary OS commands. The username and password fields are not sanitized correctly and are used as URL construction arguments, allowing URL redirection to an arbitrary server, downloading an arbitrary script file, and eventually executing the file in the device. This issue affects: Linksys MR8300 Router 1.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36945 βΌ
π Read
via "National Vulnerability Database".
The Remote Keyless Entry (RKE) receiving unit on certain Mazda vehicles through 2020 allows remote attackers to perform unlock operations and force a resynchronization after capturing three consecutive valid key-fob signals over the radio, aka a RollBack attack. The attacker retains the ability to unlock indefinitely.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25903 βΌ
π Read
via "National Vulnerability Database".
The package opcua from 0.0.0 are vulnerable to Denial of Service (DoS) via the ExtensionObjects and Variants objects, when it allows unlimited nesting levels, which could result in a stack overflow even if the message size is less than the maximum allowed.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24375 βΌ
π Read
via "National Vulnerability Database".
The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38089 βΌ
π Read
via "National Vulnerability Database".
Stored cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows a remote authenticated attacker to inject an arbitrary script.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37333 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability in the Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows remote authenticated attackers to execute arbitrary SQL commands.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37305 βΌ
π Read
via "National Vulnerability Database".
The Remote Keyless Entry (RKE) receiving unit on certain Honda vehicles through 2018 allows remote attackers to perform unlock operations and force a resynchronization after capturing five consecutive valid RKE signals over the radio, aka a RollBack attack. The attacker retains the ability to unlock indefinitely.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38080 βΌ
π Read
via "National Vulnerability Database".
Reflected cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows a remote authenticated attacker to inject an arbitrary script.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37418 βΌ
π Read
via "National Vulnerability Database".
The Remote Keyless Entry (RKE) receiving unit on certain Nissan, Kia, and Hyundai vehicles through 2017 allows remote attackers to perform unlock operations and force a resynchronization after capturing two consecutive valid key fob signals over the radio, aka a RollBack attack. The attacker retains the ability to unlock indefinitely.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38078 βΌ
π Read
via "National Vulnerability Database".
Movable Type XMLRPC API provided by Six Apart Ltd. contains a command injection vulnerability. Sending a specially crafted message by POST method to Movable Type XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products and versions are as follows: Movable Type 7 r.5202 and earlier, Movable Type Advanced 7 r.5202 and earlier, Movable Type 6.8.6 and earlier, Movable Type Advanced 6.8.6 and earlier, Movable Type Premium 1.52 and earlier, and Movable Type Premium Advanced 1.52 and earlier. Note that all versions of Movable Type 4.0 or later including unsupported (End-of-Life, EOL) versions are also affected by this vulnerability.π Read
via "National Vulnerability Database".
ποΈ Stop, press: Fragmented vendor ecosystem leaves media industry increasingly vulnerable to software supply chain threats ποΈ
π Read
via "The Daily Swig".
New study highlights the myriad cyber defense challenges faced by media companies in 2022π Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Stop, press: Fragmented vendor ecosystem leaves media industry increasingly vulnerable to software supply chain threats
New study highlights the myriad cyber defense challenges faced by media companies in 2022
π1
π MIMEDefang Email Scanner 3.1 π
π Read
via "Packet Storm Security".
MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with the Sendmail 8.11 and newer "Milter" API, which makes it more flexible and efficient than procmail-based approaches.π Read
via "Packet Storm Security".
Packetstormsecurity
MIMEDefang Email Scanner 3.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2022-36633 βΌ
π Read
via "National Vulnerability Database".
Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in place of a token and sent to a user in a social engineering attack. This is fully unauthenticated attack utilizing the trusted teleport server to deliver the payload.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33172 βΌ
π Read
via "National Vulnerability Database".
de.fac2 1.34 allows bypassing the User Presence protection mechanism when there is malware on the victim's PC.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37153 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Artica Proxy 4.30.000000. There is a XSS vulnerability via the password parameter in /fw.login.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27812 βΌ
π Read
via "National Vulnerability Database".
Flooding SNS firewall 3.7.0 to 3.7.26 with udp or icmp randomizing the source through an internal to internal or external to internal interfaces will lead the firewall to overwork. It will consume 100% CPU, 100 RAM and won't be available and can crash.π Read
via "National Vulnerability Database".
π1
β Twitter Whistleblower Complaint: The TL;DR Version β
π Read
via "Threat Post".
Twitter is blasted for security and privacy lapses by the companyβs former head of security who alleges the social media giantβs actions amount to a national security risk.π Read
via "Threat Post".
Threat Post
Twitter Whistleblower Complaint: The TL;DR Version
Twitter is blasted for security and privacy lapses by the companyβs former head of security who alleges the social media giantβs actions amount to a national security risk.
βΌ CVE-2021-0887 βΌ
π Read
via "National Vulnerability Database".
In PVRSRVBridgeHeapCfgHeapConfigName, there is a possible leak of kernel heap content due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-236848817π Read
via "National Vulnerability Database".
βΌ CVE-2021-0891 βΌ
π Read
via "National Vulnerability Database".
An unprivileged app can trigger PowerVR driver to return an uninitialized heap memory causing information disclosure.Product: AndroidVersions: Android SoCAndroid ID: A-236849490π Read
via "National Vulnerability Database".