‼ CVE-2020-35525 ‼
📖 Read
via "National Vulnerability Database".
In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2996 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle (MITM) attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35535 ‼
📖 Read
via "National Vulnerability Database".
In LibRaw, there is an out-of-bounds read vulnerability within the "LibRaw::parseSonySRF()" function (libraw\src\metadata\sony.cpp) when processing srf files.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3061 ‼
📖 Read
via "National Vulnerability Database".
Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl() interface. The driver doesn't check the value of 'pixclock', so it may cause a divide by zero error.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45027 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary file download vulnerability in Oliver v5 Library Server Versions < 5.00.008.053 via the FileServlet function allows for arbitrary file download by an attacker using unsanitized user supplied input.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35529 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39009 ‼
📖 Read
via "National Vulnerability Database".
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 213554.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35527 ‼
📖 Read
via "National Vulnerability Database".
In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34379 ‼
📖 Read
via "National Vulnerability Database".
Dell EMC CloudLink 7.1.2 and all prior versions contain an Authentication Bypass Vulnerability. A remote attacker, with the knowledge of the active directory usernames, could potentially exploit this vulnerability to gain unauthorized access to the system.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30614 ‼
📖 Read
via "National Vulnerability Database".
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a denial of service via email flooding caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 227591.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35528 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29823 ‼
📖 Read
via "National Vulnerability Database".
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204465.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36773 ‼
📖 Read
via "National Vulnerability Database".
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233571.📖 Read
via "National Vulnerability Database".
🕴 Threat Actor Phishing PyPI Users Identified 🕴
📖 Read
via "Dark Reading".
"JuiceLedger" has escalated a campaign to distribute its information stealer by now going after developers who published code on the widely used Python code repository.📖 Read
via "Dark Reading".
Dark Reading
Threat Actor Phishing PyPI Users Identified
"JuiceLedger" has escalated a campaign to distribute its information stealer by now going after developers who published code on the widely used Python code repository.
🕴 Neopets Hackers Had Network Access for 18 Months 🕴
📖 Read
via "Dark Reading".
Neopets has confirmed that its IT systems were compromised from January 2021 through July 2022, exposing 69 million user accounts and source code.📖 Read
via "Dark Reading".
Dark Reading
Neopets Hackers Had Network Access for 18 Months
Neopets has confirmed that its IT systems were compromised from January 2021 through July 2022, exposing 69 million user accounts and source code.
‼ CVE-2022-2738 ‼
📖 Read
via "National Vulnerability Database".
The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117. This issue could possibly be used to crash or cause potential code execution in Go applications that use the Go GPGME wrapper library, under certain conditions, during GPG signature verification.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38127 ‼
📖 Read
via "National Vulnerability Database".
A NULL pointer dereference in the read_and_display_attr_value() function in binutils/dwarf.c may lead to program crash when parsing corrupt DWARF data.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2320 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1902 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36602 ‼
📖 Read
via "National Vulnerability Database".
InnoSilicon A10 a10_20200924_120556 was discovered to contain a remote code execution (RCE) vulnerability in the setPlatformAPI function.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1677 ‼
📖 Read
via "National Vulnerability Database".
In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files. This malformed entry can match any arbitrary hostname, or all hostnames in the cluster, and direct traffic to an arbitrary application within the cluster, including one under attacker control.📖 Read
via "National Vulnerability Database".
👍1