‼ CVE-2022-28637 ‼
📖 Read
via "National Vulnerability Database".
A local Denial of Service (DoS) and local arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard Enterprise has provided updated firmware for HPE Integrated Lights-Out 5 (iLO 5) that addresses these security vulnerabilities.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37395 ‼
📖 Read
via "National Vulnerability Database".
A Huawei device has an input verification vulnerability. Successful exploitation of this vulnerability may lead to DoS attacks.Affected product versions include:CV81-WDM FW versions 01.70.49.29.46.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35957 ‼
📖 Read
via "National Vulnerability Database".
Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and gain full control of the grafana instance. All installations should be upgraded as soon as possible. As a workaround deactivate auth proxy following the instructions at: https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/auth-proxy/📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39220 ‼
📖 Read
via "National Vulnerability Database".
SFTPGo is an SFTP server written in Go. Versions prior to 2.3.5 are subject to Cross-site scripting (XSS) vulnerabilities in the SFTPGo WebClient, allowing remote attackers to inject malicious code. This issue is patched in version 2.3.5. No known workarounds exist.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35089 ‼
📖 Read
via "National Vulnerability Database".
SWFTools commit 772e55a2 was discovered to contain a heap-buffer-overflow via getTransparentColor at /home/bupt/Desktop/swftools/src/gif2swf.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35085 ‼
📖 Read
via "National Vulnerability Database".
SWFTools commit 772e55a2 was discovered to contain a memory leak via /lib/mem.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35090 ‼
📖 Read
via "National Vulnerability Database".
SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via __asan_memcpy at /asan/asan_interceptors_memintrinsics.cpp:.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35086 ‼
📖 Read
via "National Vulnerability Database".
SWFTools commit 772e55a2 was discovered to contain a segmentation violation via /multiarch/memmove-vec-unaligned-erms.S.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39221 ‼
📖 Read
via "National Vulnerability Database".
McWebserver mod runs a simple HTTP server alongside the Minecraft server in seperate threads. Path traversal in McWebserver Minecraft Mod for Fabric and Quilt up to and including 0.1.2.1 and McWebserver Minecraft Mod for Forge up to and including 0.1.1 allows all files, accessible by the program, to be read by anyone via HTTP request. Version 0.2.0 with patches are released to both platforms (Fabric and Quilt, Forge). As a workaround, the McWebserver mod can be disabled by removing the file from the `mods` directory.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35088 ‼
📖 Read
via "National Vulnerability Database".
SWFTools commit 772e55a2 was discovered to contain a heap buffer-overflow via getGifDelayTime at /home/bupt/Desktop/swftools/src/src/gif2swf.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38619 ‼
📖 Read
via "National Vulnerability Database".
SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id90 parameter at /SVFE2/pages/feegroups/mcc_group.jsf.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35087 ‼
📖 Read
via "National Vulnerability Database".
SWFTools commit 772e55a2 was discovered to contain a segmentation violation via MovieAddFrame at /src/gif2swf.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41222 ‼
📖 Read
via "National Vulnerability Database".
mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40604 ‼
📖 Read
via "National Vulnerability Database".
In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41218 ‼
📖 Read
via "National Vulnerability Database".
In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2315 ‼
📖 Read
via "National Vulnerability Database".
Database Software Accreditation Tracking/Presentation Module product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41220 ‼
📖 Read
via "National Vulnerability Database".
** DISPUTED ** md2roff 1.9 has a stack-based buffer overflow via a Markdown file, a different vulnerability than CVE-2022-34913. NOTE: the vendor's position is that the product is not intended for untrusted input.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-40754 ‼
📖 Read
via "National Vulnerability Database".
In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's `/confirm` endpoint.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0495 ‼
📖 Read
via "National Vulnerability Database".
The library automation system product KOHA developed by Parantez Teknoloji before version 19.05.03 has an unauthenticated SQL Injection vulnerability. This has been fixed in the version 19.05.03.01.📖 Read
via "National Vulnerability Database".
🗓️ Prototype pollution bug in Chromium bypassed Sanitizer API 🗓️
📖 Read
via "The Daily Swig".
Issue highlights the challenges of preventing client-side attacks📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Prototype pollution bug in Chromium bypassed Sanitizer API
Issue highlights the challenges of preventing client-side attacks
‼ CVE-2022-38177 ‼
📖 Read
via "National Vulnerability Database".
By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.📖 Read
via "National Vulnerability Database".