βΌ CVE-2022-36798 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Topdigitaltrends Mega Addons For WPBakery Page Builder plugin <= 4.2.7 at WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38061 βΌ
π Read
via "National Vulnerability Database".
Authenticated (author+) CSV Injection vulnerability in Export Post Info plugin <= 1.2.0 at WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35257 βΌ
π Read
via "National Vulnerability Database".
A local privilege escalation vulnerability in UI Desktop for Windows (Version 0.55.1.2 and earlier) allows a malicious actor with local access to a Windows device with UI Desktop to run arbitrary commands as SYSTEM.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35253 βΌ
π Read
via "National Vulnerability Database".
A vulnerability exists in Hyperledger Fabric <2.4 could allow an attacker to construct a non-validated request that could cause a denial of service attack.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35238 βΌ
π Read
via "National Vulnerability Database".
Unauthenticated Plugin Settings Change vulnerability in Awesome Filterable Portfolio plugin <= 1.9.7 at WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2937 βΌ
π Read
via "National Vulnerability Database".
The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title & Description values that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, however, if a site admin makes the plugin's features available to lower privileged users through the 'Who Can Edit?' setting then this can be exploited by those users.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3257 βΌ
π Read
via "National Vulnerability Database".
Mattermost version 7.1.x and earlier fails to sufficiently process a specifically crafted GIF file when it is uploaded while drafting a post, which allows authenticated users to cause resource exhaustion while processing the file, resulting in server-side Denial of Service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30121 βΌ
π Read
via "National Vulnerability Database".
The Γ’β¬ΕLANDesk(R) Management AgentΓ’β¬οΏ½ service exposes a socket and once connected, it is possible to launch commands only for signed executables. This is a security bug that allows a limited user to get escalated admin privileges on their system.π Read
via "National Vulnerability Database".
ποΈ Netlify vulnerable to XSS, SSRF attacks via cache poisoning ποΈ
π Read
via "The Daily Swig".
Issue has since been fixedπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Netlify vulnerable to XSS, SSRF attacks via cache poisoning
Issue has since been fixed
π Friday Five 9/23 π
π Read
via "".
Experts are growing worried that the next cyber attack could come from an unlikely source, like an open source component or even your web browserβs spell checker. Read about this news and more in this weekβs Friday Five!
π Read
via "".
βΌ CVE-2022-2970 βΌ
π Read
via "National Vulnerability Database".
MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) does not sanitize input before memcpy is used, which could allow an attacker to crash the device or remotely execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40215 βΌ
π Read
via "National Vulnerability Database".
Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in Tabs plugin <= 3.7.1 at WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2972 βΌ
π Read
via "National Vulnerability Database".
MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) is vulnerable to a stack-based buffer overflow, which could allow an attacker to crash the device or remotely execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40194 βΌ
π Read
via "National Vulnerability Database".
Unauthenticated Sensitive Information Disclosure vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPressπ Read
via "National Vulnerability Database".
βΌ CVE-2022-2025 βΌ
π Read
via "National Vulnerability Database".
an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn't check the param length before use the strcopy instruction. The explotation of this vulnerability may lead an attacker to execute a shell with full access.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40188 βΌ
π Read
via "National Vulnerability Database".
Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38742 βΌ
π Read
via "National Vulnerability Database".
Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. An attacker could send a specifically crafted TFTP or HTTPS request, causing a heap-based buffer overflow that crashes the ThinServer process. If successfully exploited, this could expose the server to arbitrary remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40628 βΌ
π Read
via "National Vulnerability Database".
This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100 between 19.1.1 to 22.20.1 (inclusive), due to improper control of code generation in the Tacitine Firewall web-based management interface. An unauthenticated remote attacker could exploit this vulnerability by sending a specially crafted http request on the targeted device. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to execute arbitrary commands on the targeted device.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2070 βΌ
π Read
via "National Vulnerability Database".
In Grandstream GSD3710 in its 1.0.11.13 version, it's possible to overflow the stack since it doesn't check the param length before using the sscanf instruction. Because of that, an attacker could create a socket and connect with a remote IP:port by opening a shell and getting full access to the system. The exploit affects daemons dbmng and logsrv that are running on ports 8000 and 8001 by default.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3782 βΌ
π Read
via "National Vulnerability Database".
An internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count is maintained as an int; on LP64 systems this can cause the reference count to overflow if the client creates a large number of wl_shm buffer objects, or if it can coerce the server to create a large number of external references to the buffer storage. With the reference count overflowing, a use-after-free can be constructed on the wl_shm_pool tracking structure, where values may be incremented or decremented; it may also be possible to construct a limited oracle to leak 4 bytes of server-side memory to the attacking client at a time.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2971 βΌ
π Read
via "National Vulnerability Database".
MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) accesses a resource using an incompatible type, which could allow an attacker to crash the server with a malicious payload.π Read
via "National Vulnerability Database".