βΌ CVE-2022-1798 βΌ
π Read
via "National Vulnerability Database".
A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40640 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a read before the start of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17308.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40650 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17838.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40648 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write before the start of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17563.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38325 βΌ
π Read
via "National Vulnerability Database".
Tenda AC15 WiFi Router V15.03.05.19_multi and AC18 WiFi Router V15.03.05.19_multi were discovered to contain a buffer overflow via the filePath parameter at /goform/expandDlnaFile.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38814 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in the auth_settings component of FiberHome AN5506-02-B vRP2521 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the sncfg_loid text field.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38334 βΌ
π Read
via "National Vulnerability Database".
XPDF v4.04 was discovered to contain a stack overflow via the function Catalog::countPageTree() at Catalog.cc.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38326 βΌ
π Read
via "National Vulnerability Database".
Tenda AC15 WiFi Router V15.03.05.19_multi and AC18 WiFi Router V15.03.05.19_multi were discovered to contain a buffer overflow via the page parameter at /goform/NatStaticSetting.π Read
via "National Vulnerability Database".
β S3 Ep100: Browser-in-the-Browser β how to spot an attack [Audio + Text] β
π Read
via "Naked Security".
Latest episode - listen now! Cosmic rockets, zero-days, spotting cybercrooks, and unlocking the DEADBOLT...π Read
via "Naked Security".
Naked Security
S3 Ep100: Browser-in-the-Browser β how to spot an attack [Audio + Text]
Latest episode β listen now! Cosmic rockets, zero-days, spotting cybercrooks, and unlocking the DEADBOLTβ¦
βΌ CVE-2022-27561 βΌ
π Read
via "National Vulnerability Database".
There is a reflected Cross-Site Scripting vulnerability in the HCL Traveler web admin (LotusTraveler.nsf).π Read
via "National Vulnerability Database".
βΌ CVE-2022-36074 βΌ
π Read
via "National Vulnerability Database".
Nextcloud server is an open source personal cloud product. Affected versions of this package are vulnerable to Information Exposure which fails to strip the Authorization header on HTTP downgrade. This can lead to account access exposure and compromise. It is recommended that the Nextcloud Server is upgraded to 23.0.7 or 24.0.3. It is recommended that the Nextcloud Enterprise Server is upgraded to 22.2.11, 23.0.7 or 24.0.3. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36075 βΌ
π Read
via "National Vulnerability Database".
Nextcloud files access control is a nextcloud app to manage access control for files. Users with limited access can see file names in certain cases where they do not have privilege to do so. This issue has been addressed and it is recommended that the Nextcloud Files Access Control app is upgraded to 1.12.2, 1.13.1 or 1.14.1. There are no known workarounds for this issueπ Read
via "National Vulnerability Database".
βΌ CVE-2022-39215 βΌ
π Read
via "National Vulnerability Database".
Tauri is a framework for building binaries for all major desktop platforms. Due to missing canonicalization when `readDir` is called recursively, it was possible to display directory listings outside of the defined `fs` scope. This required a crafted symbolic link or junction folder inside an allowed path of the `fs` scope. No arbitrary file content could be leaked. The issue has been resolved in version 1.0.6 and the implementation now properly checks if the requested (sub) directory is a symbolic link outside of the defined `scope`. Users are advised to upgrade. Users unable to upgrade should disable the `readDir` endpoint in the `allowlist` inside the `tauri.conf.json`.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29240 βΌ
π Read
via "National Vulnerability Database".
Scylla is a real-time big data database that is API-compatible with Apache Cassandra and Amazon DynamoDB. When decompressing CQL frame received from user, Scylla assumes that user-provided uncompressed length is correct. If user provides fake length, that is greater than the real one, part of decompression buffer won't be overwritten, and will be left uninitialized. This can be exploited in several ways, depending on the privileges of the user. 1. The main exploit is that an attacker with access to CQL port, but no user account, can bypass authentication, but only if there are other legitimate clients making connections to the cluster, and they use LZ4. 2. Attacker that already has a user account on the cluster can read parts of uninitialized memory, which can contain things like passwords of other users or fragments of other queries / results, which leads to authorization bypass and sensitive information disclosure. The bug has been patched in the following versions: Scylla Enterprise: 2020.1.14, 2021.1.12, 2022.1.0. Scylla Open Source: 4.6.7, 5.0.3. Users unable to upgrade should make sure none of their drivers connect to cluster using LZ4 compression, and that Scylla CQL port is behind firewall. Additionally make sure no untrusted client can connect to Scylla, by setting up authentication and applying workarounds from previous point (firewall, no lz4 compression).π Read
via "National Vulnerability Database".
βΌ CVE-2022-39213 βΌ
π Read
via "National Vulnerability Database".
go-cvss is a Go module to manipulate Common Vulnerability Scoring System (CVSS). In affected versions when a full CVSS v2.0 vector string is parsed using `ParseVector`, an Out-of-Bounds Read is possible due to a lack of tests. The Go module will then panic. The problem is patched in tag `v0.4.0`, by the commit `d9d478ff0c13b8b09ace030db9262f3c2fe031f4`. Users are advised to upgrade. Users unable to upgrade may avoid this issue by parsing only CVSS v2.0 vector strings that do not have all attributes defined (e.g. `AV:N/AC:L/Au:N/C:P/I:P/A:C/E:U/RL:OF/RC:C/CDP:MH/TD:H/CR:M/IR:M/AR:M`). As stated in [SECURITY.md](https://github.com/pandatix/go-cvss/blob/master/SECURITY.md), the CPE v2.3 to refer to this Go module is `cpe:2.3:a:pandatix:go_cvss:*:*:*:*:*:*:*:*`. The entry has already been requested to the NVD CPE dictionary.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22091 βΌ
π Read
via "National Vulnerability Database".
Improper authorization of a replayed LTE security mode command can lead to a denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearablesπ Read
via "National Vulnerability Database".
βΌ CVE-2022-2351 βΌ
π Read
via "National Vulnerability Database".
The Post SMTP Mailer/Email Log WordPress plugin before 2.1.4 does not escape some of its settings before outputting them in the admins dashboard, allowing high privilege users to perform Cross-Site Scripting attacks against other users even when the unfiltered_html capability is disallowed.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2798 βΌ
π Read
via "National Vulnerability Database".
The Affiliates Manager WordPress plugin before 2.9.14 does not validate and sanitise the affiliate data, which could allow users registering as affiliate to perform CSV injection attacks against an admin exporting the dataπ Read
via "National Vulnerability Database".
βΌ CVE-2022-25708 βΌ
π Read
via "National Vulnerability Database".
Memory corruption in WLAN due to buffer copy without checking size of input while parsing keys in Snapdragon Connectivity, Snapdragon Mobileπ Read
via "National Vulnerability Database".
βΌ CVE-2022-2863 βΌ
π Read
via "National Vulnerability Database".
The Migration, Backup, Staging WordPress plugin before 0.9.76 does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server via a Traversal attackπ Read
via "National Vulnerability Database".
βΌ CVE-2022-2737 βΌ
π Read
via "National Vulnerability Database".
The WP STAGING WordPress plugin before 2.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)π Read
via "National Vulnerability Database".