‼ CVE-2022-31222 ‼
📖 Read
via "National Vulnerability Database".
Dell BIOS versions contain a Missing Release of Resource after Effective Lifetime vulnerability. A local authenticated administrator user could potentially exploit this vulnerability by consuming excess memory in order to cause the application to crash.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31226 ‼
📖 Read
via "National Vulnerability Database".
Dell BIOS versions contain a Stack-based Buffer Overflow vulnerability. A local authenticated malicious user could potentially exploit this vulnerability by sending excess data to a function in order to gain arbitrary code execution on the system.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31225 ‼
📖 Read
via "National Vulnerability Database".
Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order to change the state of the system or cause unexpected failures.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1700 ‼
📖 Read
via "National Vulnerability Database".
Improper Restriction of XML External Entity Reference ('XXE') vulnerability in the Policy Engine of Forcepoint Data Loss Prevention (DLP), which is also leveraged by Forcepoint One Endpoint (F1E), Web Security Content Gateway, Email Security with DLP enabled, and Cloud Security Gateway prior to June 20, 2022. The XML parser in the Policy Engine was found to be improperly configured to support external entities and external DTD (Document Type Definitions), which can lead to an XXE attack. This issue affects: Forcepoint Data Loss Prevention (DLP) versions prior to 8.8.2. Forcepoint One Endpoint (F1E) with Policy Engine versions prior to 8.8.2. Forcepoint Web Security Content Gateway versions prior to 8.5.5. Forcepoint Email Security with DLP enabled versions prior to 8.5.5. Forcepoint Cloud Security Gateway prior to June 20, 2022.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37860 ‼
📖 Read
via "National Vulnerability Database".
The web configuration interface of the TP-Link M7350 V3 with firmware version 190531 is affected by a pre-authentication command injection vulnerability.📖 Read
via "National Vulnerability Database".
âš Apple patches a zero-day hole – even in the brand new iOS 16 âš
📖 Read
via "Naked Security".
Five updates, one upgrade, plus a zero-day. Patch your Macs, iPhones and iPads as soon as you can (again)...📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
‼ CVE-2021-44426 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.5. An upload of an arbitrary file to a victim's local ~/Downloads/ directory is possible if the victim is using the AnyDesk Windows client to connect to a remote machine, if an attacker is also connected remotely with AnyDesk to the same remote machine. The upload is done without any approval or action taken by the victim.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38605 ‼
📖 Read
via "National Vulnerability Database".
Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_event.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38295 ‼
📖 Read
via "National Vulnerability Database".
Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /table_manager/view/cu_user_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Add New Group function.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39200 ‼
📖 Read
via "National Vulnerability Database".
Dendrite is a Matrix homeserver written in Go. In affected versions events retrieved from a remote homeserver using the `/get_missing_events` path did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events to Dendrite via this endpoint. Note that this does not apply to events retrieved through other endpoints (e.g. `/event`, `/state`) as they have been correctly verified. Homeservers that have federation disabled are not vulnerable. The problem has been fixed in Dendrite 0.9.8. Users are advised to upgrade. There are no known workarounds for this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38606 ‼
📖 Read
via "National Vulnerability Database".
Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editcategory.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36102 ‼
📖 Read
via "National Vulnerability Database".
Shopware is an open source e-commerce software. In affected versions if backend admin controllers are called with a certain notation, the ACL could be bypassed. Users could execute actions, which they are normally not able to do. Users are advised to update to the current version (5.7.15). Users can get the update via the Auto-Updater or directly via the download overview. There are no known workarounds for this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38135 ‼
📖 Read
via "National Vulnerability Database".
Broken Access Control vulnerability in Dean Oakley's Photospace Gallery plugin <= 2.3.5 at WordPress allows users with subscriber or higher role to change plugin settings.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36173 ‼
📖 Read
via "National Vulnerability Database".
FreshService macOS Agent < 4.4.0 and FreshServce Linux Agent < 3.4.0 are vulnerable to TLS Man-in-The-Middle via the FreshAgent client and scheduled update service.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29490 ‼
📖 Read
via "National Vulnerability Database".
Improper Authorization vulnerability exists in the Workplace X WebUI of the Hitachi Energy MicroSCADA X SYS600 allows an authenticated user to execute any MicroSCADA internal scripts irrespective of the authenticated user's role. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36174 ‼
📖 Read
via "National Vulnerability Database".
FreshService Windows Agent < 2.11.0 and FreshService macOS Agent < 4.2.0 and FreshService Linux Agent < 3.3.0. are vulnerable to Broken integrity checking via the FreshAgent client and scheduled update service.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38610 ‼
📖 Read
via "National Vulnerability Database".
Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editclient.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44425 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.3. An unnecessarily open listening port on a machine in the LAN of an attacker, opened by the Anydesk Windows client when using the tunneling feature, allows the attacker unauthorized access to the local machine's AnyDesk tunneling protocol stack (and also to any remote destination machine software that is listening to the AnyDesk tunneled port).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2979 ‼
📖 Read
via "National Vulnerability Database".
Opening a specially crafted file could cause the affected product to fail to release its memory reference potentially resulting in arbitrary code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36101 ‼
📖 Read
via "National Vulnerability Database".
Shopware is an open source e-commerce software. In affected versions the request for the customer detail view in the backend administration contained sensitive data like the hashed password and the session ID. These fields are now explicitly unset in version 5.7.15. Users are advised to update and may get the update either via the Auto-Updater or directly via the download overview. There are no known workarounds for this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38291 ‼
📖 Read
via "National Vulnerability Database".
SLiMS Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Search function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search bar.📖 Read
via "National Vulnerability Database".