βΌ CVE-2022-36417 βΌ
π Read
via "National Vulnerability Database".
Multiple Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in 3D Tag Cloud plugin <= 3.8 at WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38470 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress.π Read
via "National Vulnerability Database".
βοΈ Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S. βοΈ
π Read
via "Krebs on Security".
A 36-year-old Russian man recently identified by KrebsOnSecurity as the likely proprietor of the massive RSOCKS botnet has been arrested in Bulgaria at the request of U.S. authorities. At a court hearing in Bulgaria this month, the accused hacker requested and was granted extradition to the United States, reportedly telling the judge, "America is looking for me because I have enormous information and they need it."π Read
via "Krebs on Security".
Krebs on Security
Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S.
A 36-year-old Russian man recently identified by KrebsOnSecurity as the likely proprietor of the massive RSOCKS botnet has been arrested in Bulgaria at the request of U.S. authorities. At a court hearing in Bulgaria this month, the accused hacker requestedβ¦
βΌ CVE-2022-36340 βΌ
π Read
via "National Vulnerability Database".
Unauthenticated Optin Campaign Cache Deletion vulnerability in MailOptin plugin <= 1.2.49.0 at WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40103 βΌ
π Read
via "National Vulnerability Database".
Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formSetAutoPing function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35893 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM memory corruption vulnerability in the FvbServicesRuntimeDxe driver allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35247 βΌ
π Read
via "National Vulnerability Database".
A information disclosure vulnerability exists in Rocket.chat <v5, <v4.8.2 and <v4.7.5 where the lack of ACL checks in the getRoomRoles Meteor method leak channel members with special roles to unauthorized clients.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35098 βΌ
π Read
via "National Vulnerability Database".
SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via GfxICCBasedColorSpace::getDefaultColor(GfxColor*) at /xpdf/GfxState.cc.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32817 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to disclose kernel memory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32820 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to execute arbitrary code with kernel privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35250 βΌ
π Read
via "National Vulnerability Database".
A privilege escalation vulnerability exists in Rocket.chat <v5 which made it possible to elevate privileges for any authenticated user to view Direct messages without appropriate permissions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36338 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver FwBlockServiceSmm, creating SMM, leads to arbitrary code execution. An attacker can replace the pointer to the UEFI boot service GetVariable with a pointer to malware, and then generate a software SMI.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32842 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Monterey 12.5. An app may be able to gain elevated privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35094 βΌ
π Read
via "National Vulnerability Database".
SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via DCTStream::readHuffSym(DCTHuffTable*) at /xpdf/Stream.cc.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35096 βΌ
π Read
via "National Vulnerability Database".
SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via draw_stroke at /gfxpoly/stroke.c.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35721 βΌ
π Read
via "National Vulnerability Database".
IBM Jazz for Service Management 1.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231380.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32219 βΌ
π Read
via "National Vulnerability Database".
An information disclosure vulnerability exists in Rocket.Chat <v4.7.5 which allowed the "users.list" REST endpoint gets a query parameter from JSON and runs Users.find(queryFromClientSide). This means virtually any authenticated user can access any data (except password hashes) of any user authenticated.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32783 βΌ
π Read
via "National Vulnerability Database".
A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. An app may gain unauthorized access to Bluetooth.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40629 βΌ
π Read
via "National Vulnerability Database".
This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100 between 19.1.1 to 22.20.1 (inclusive), due to insecure design in the Tacitine Firewall web-based management interface. An unauthenticated remote attacker could exploit this vulnerability by sending a specially crafted http request on the targeted device. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to view sensitive information on the targeted device.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35249 βΌ
π Read
via "National Vulnerability Database".
A information disclosure vulnerability exists in Rocket.Chat <v5 where the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22423 βΌ
π Read
via "National Vulnerability Database".
IBM Common Cryptographic Architecture (CCA 5.x MTM for 4767 and CCA 7.x MTM for 4769) could allow a local user to cause a denial of service due to improper input validation. IBM X-Force ID: 223596.π Read
via "National Vulnerability Database".