‼ CVE-2022-36505 ‼
📖 Read
via "National Vulnerability Database".
H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function EDitusergroup.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37069 ‼
📖 Read
via "National Vulnerability Database".
H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateSnat.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36516 ‼
📖 Read
via "National Vulnerability Database".
H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function ap_version_check.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36501 ‼
📖 Read
via "National Vulnerability Database".
H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function UpdateSnat.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37820 ‼
📖 Read
via "National Vulnerability Database".
Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the ddnsEn parameter in the function formSetSysToolDDNS.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36458 ‼
📖 Read
via "National Vulnerability Database".
TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the command parameter in the function setTracerouteCfg.📖 Read
via "National Vulnerability Database".
🕴 ReasonLabs Launches Free Online Security Tool to Power Secure Web Experience for Millions of Global Users 🕴
📖 Read
via "Dark Reading".
Online Security autonomously blocks malicious URLs, extensions, ad trackers, and pop-ups 24/7, protecting consumers from complex and rapidly evolving cyber threats online.📖 Read
via "Dark Reading".
Dark Reading
ReasonLabs Launches Free Online Security Tool to Power Secure Web Experience for Millions of Global Users
Online Security autonomously blocks malicious URLs, extensions, ad trackers, and pop-ups 24/7, protecting consumers from complex and rapidly evolving cyber threats online.
‼ CVE-2022-37161 ‼
📖 Read
via "National Vulnerability Database".
Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS) via SVG file upload.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37238 ‼
📖 Read
via "National Vulnerability Database".
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the currentRequest parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37159 ‼
📖 Read
via "National Vulnerability Database".
Claroline 13.5.7 and prior is vulnerable to Remote code execution via arbitrary file upload.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37160 ‼
📖 Read
via "National Vulnerability Database".
Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with administrative rights by opening an SVG file as an administrator user.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37162 ‼
📖 Read
via "National Vulnerability Database".
Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS). An attacker can obtain javascript code execution by adding arbitrary javascript code in the 'Location' field of a calendar event.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37158 ‼
📖 Read
via "National Vulnerability Database".
RuoYi v3.8.3 has a Weak password vulnerability in the management system.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37292 ‼
📖 Read
via "National Vulnerability Database".
Tenda AX12 V22.03.01.21_CN is vulnerable to Buffer Overflow. This overflow is triggered in the sub_42FDE4 function, which satisfies the request of the upper-level interface function sub_430124, that is, handles the post request under /goform/SetIpMacBind.📖 Read
via "National Vulnerability Database".
❌ Cybercriminals Are Selling Access to Chinese Surveillance Cameras ❌
📖 Read
via "Threat Post".
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.📖 Read
via "Threat Post".
Threat Post
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
🕴 Twilio Hackers Scarf 10K Okta Credentials in Sprawling Supply Chain Attack 🕴
📖 Read
via "Dark Reading".
The "0ktapus" cyberattackers set up a well-planned spear-phishing effort that affected at least 130 orgs beyond Twilio and Cloudflare, including Digital Ocean and Mailchimp.📖 Read
via "Dark Reading".
Dark Reading
Twilio Hackers Scarf 10K Okta Credentials in Sprawling Supply Chain Attack
The "0ktapus" cyberattackers set up a well-planned spear-phishing effort that affected at least 130 orgs beyond Twilio and Cloudflare, including Digital Ocean, DoorDash and Mailchimp.
‼ CVE-2022-2991 ‼
📖 Read
via "National Vulnerability Database".
A heap-based buffer overflow was found in the Linux kernel's LightNVM subsystem. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. This vulnerability allows a local attacker to escalate privileges and execute arbitrary code in the context of the kernel. The attacker must first obtain the ability to execute high-privileged code on the target system to exploit this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42521 ‼
📖 Read
via "National Vulnerability Database".
There is a NULL pointer dereference vulnerability in VTK, and it lies in IO/Infovis/vtkXMLTreeReader.cxx. The vendor didn't check the return value of libxml2 API 'xmlDocGetRootElement', and try to dereference it. It is unsafe as the return value can be NULL and that NULL pointer dereference may crash the application.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2959 ‼
📖 Read
via "National Vulnerability Database".
A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring(). The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the system or escalate their privileges on the system.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32745 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2255 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing.📖 Read
via "National Vulnerability Database".