‼ CVE-2022-3197 ‼
📖 Read
via "National Vulnerability Database".
Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3039 ‼
📖 Read
via "National Vulnerability Database".
Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3038 ‼
📖 Read
via "National Vulnerability Database".
Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3071 ‼
📖 Read
via "National Vulnerability Database".
Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3052 ‼
📖 Read
via "National Vulnerability Database".
Heap buffer overflow in Window Manager in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28052 ‼
📖 Read
via "National Vulnerability Database".
A tenant administrator Hitachi Content Platform (HCP) may modify the configuration in another tenant without authorization, potentially allowing unauthorized access to data in the other tenant. Also, a tenant user (non-administrator) may view configuration in another tenant without authorization. This issue affects: Hitachi Vantara Hitachi Content Platform versions prior to 8.3.7; 9.0.0 versions prior to 9.2.3.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2859 ‼
📖 Read
via "National Vulnerability Database".
Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3199 ‼
📖 Read
via "National Vulnerability Database".
Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40784 ‼
📖 Read
via "National Vulnerability Database".
Unlimited strcpy on user input when setting a locale file leads to stack buffer overflow in mIPC camera firmware 5.3.1.2003161406.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3075 ‼
📖 Read
via "National Vulnerability Database".
Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40044 ‼
📖 Read
via "National Vulnerability Database".
Centreon v20.10.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the esc_name (Escalation Name) parameter at Configuration/Notifications/Escalations. This vulnerability allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40043 ‼
📖 Read
via "National Vulnerability Database".
Centreon v20.10.18 was discovered to contain a SQL injection vulnerability via the esc_name (Escalation Name) parameter at Configuration/Notifications/Escalations.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3201 ‼
📖 Read
via "National Vulnerability Database".
Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3200 ‼
📖 Read
via "National Vulnerability Database".
Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3272 ‼
📖 Read
via "National Vulnerability Database".
Improper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb prior to 2.4.8.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30003 ‼
📖 Read
via "National Vulnerability Database".
Sourcecodester Online Market Place Site 1.0 is vulnerable to Cross Site Scripting (XSS), allowing attackers to register as a Seller then create new products containing XSS payloads in the 'Product Title' and 'Short Description' fields.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3290 ‼
📖 Read
via "National Vulnerability Database".
Improper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb prior to 2.4.8.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3298 ‼
📖 Read
via "National Vulnerability Database".
Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.4.8.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39258 ‼
📖 Read
via "National Vulnerability Database".
mailcow is a mailserver suite. A vulnerability innversions prior to 2022-09 allows an attacker to craft a custom Swagger API template to spoof Authorize links. This could redirect a victim to an attacker controller place to steal Swagger authorization credentials or create a phishing page to steal other information. The issue has been fixed with the 2022-09 mailcow Mootember Update. As a workaround, one may delete the Swapper API Documentation from their e-mail server.📖 Read
via "National Vulnerability Database".
👍1
🛠 Suricata IDPE 6.0.7 🛠
📖 Read
via "Packet Storm Security".
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Suricata IDPE 6.0.7 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
‼ CVE-2022-39256 ‼
📖 Read
via "National Vulnerability Database".
Orckestra C1 CMS is a .NET based Web Content Management System. A vulnerability in versions prior to 6.13 allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS. Authentication is required to exploit this vulnerability. The authenticated user may perform the actions unknowingly by visiting a specially crafted site. This issue is patched in C1 CMS v6.13. There are no known workarounds.📖 Read
via "National Vulnerability Database".