🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-2787 ‼

Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of service on the schroot service for all users that may start a schroot session.

📖 Read

via "National Vulnerability Database".

535 views14:36

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-38791 ‼

In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock.

📖 Read

via "National Vulnerability Database".

4.16K views22:31

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-38792 ‼

The exotel (aka exotel-py) package in PyPI as of 0.1.6 includes a code execution backdoor inserted by a third party.

📖 Read

via "National Vulnerability Database".

605 views22:31

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-38794 ‼

Zaver through 2020-12-15 allows directory traversal via the GET /.. substring.

📖 Read

via "National Vulnerability Database".

627 views22:31

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-3016 ‼

Use After Free in GitHub repository vim/vim prior to 9.0.0285.

📖 Read

via "National Vulnerability Database".

534 views14:32

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-36705 ‼

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /stocks/manage_waste.php.

📖 Read

via "National Vulnerability Database".

456 views00:33

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-36708 ‼

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /student/bookdetails.php.

📖 Read

via "National Vulnerability Database".

459 views00:33

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-36707 ‼

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /librarian/bookdetails.php.

📖 Read

via "National Vulnerability Database".

424 views00:33

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-36706 ‼

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /stocks/manage_stockout.php.

📖 Read

via "National Vulnerability Database".

377 views00:33

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-36704 ‼

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /librarian/studentdetails.php.

📖 Read

via "National Vulnerability Database".

356 views00:33

🛡 Cybersecurity & Privacy 🛡 - News

🕴 Microsoft 365 Empowers Business Users to Shoot Themselves in the Foot 🕴

Citizen development allows users to design creative solutions for immediate problems, but it requires training and oversight to avoid security holes.

📖 Read

via "Dark Reading".

Dark Reading

Edge Articles

👍1

330 views04:26

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-38511 ‼

TOTOLINK A810R V5.9c.4050_B20190424 was discovered to contain a command injection vulnerability via the component downloadFile.cgi.

📖 Read

via "National Vulnerability Database".

👍1

288 views05:33

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-36573 ‼

A cross-site scripting (XSS) vulnerability in Pagekit CMS v1.0.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Markdown text box under /blog/post/edit.

📖 Read

via "National Vulnerability Database".

255 views05:33

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-36615 ‼

TOTOLINK A3000RU V4.1.2cu.5185_B20201128 was discovered to contain a hardcoded password for root at /etc/shadow.sample.

📖 Read

via "National Vulnerability Database".

236 views05:33

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-36613 ‼

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a hardcoded password for root at /etc/shadow.sample.

📖 Read

via "National Vulnerability Database".

221 views05:33

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-36610 ‼

TOTOLINK A720R V4.1.5cu.532_B20210610 was discovered to contain a hardcoded password for root at /etc/shadow.sample.

📖 Read

via "National Vulnerability Database".

215 views05:33

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-38510 ‼

Tenda_TX9pro V22.03.02.10 was discovered to contain a buffer overflow via the component httpd/SetNetControlList.

📖 Read

via "National Vulnerability Database".

217 views05:33

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-36614 ‼

TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a hardcoded password for root at /etc/shadow.sample.

📖 Read

via "National Vulnerability Database".

237 views05:33

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-36611 ‼

TOTOLINK A800R V4.1.2cu.5137_B20200730 was discovered to contain a hardcoded password for root at /etc/shadow.sample.

📖 Read

via "National Vulnerability Database".

242 views05:33

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-34668 ‼

NVFLARE, versions prior to 2.1.4, contains a vulnerability that deserialization of Untrusted Data due to Pickle usage may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity.

📖 Read

via "National Vulnerability Database".

287 views05:33

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-36616 ‼

TOTOLINK A810R V4.1.2cu.5182_B20201026 and V5.9c.4050_B20190424 was discovered to contain a hardcoded password for root at /etc/shadow.sample.

📖 Read

via "National Vulnerability Database".

373 views05:33

About

Blog

Apps

Platform