βΌ CVE-2022-3039 βΌ
π Read
via "National Vulnerability Database".
Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3038 βΌ
π Read
via "National Vulnerability Database".
Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3071 βΌ
π Read
via "National Vulnerability Database".
Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3052 βΌ
π Read
via "National Vulnerability Database".
Heap buffer overflow in Window Manager in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28052 βΌ
π Read
via "National Vulnerability Database".
A tenant administrator Hitachi Content Platform (HCP) may modify the configuration in another tenant without authorization, potentially allowing unauthorized access to data in the other tenant. Also, a tenant user (non-administrator) may view configuration in another tenant without authorization. This issue affects: Hitachi Vantara Hitachi Content Platform versions prior to 8.3.7; 9.0.0 versions prior to 9.2.3.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2859 βΌ
π Read
via "National Vulnerability Database".
Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3199 βΌ
π Read
via "National Vulnerability Database".
Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40784 βΌ
π Read
via "National Vulnerability Database".
Unlimited strcpy on user input when setting a locale file leads to stack buffer overflow in mIPC camera firmware 5.3.1.2003161406.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3075 βΌ
π Read
via "National Vulnerability Database".
Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40044 βΌ
π Read
via "National Vulnerability Database".
Centreon v20.10.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the esc_name (Escalation Name) parameter at Configuration/Notifications/Escalations. This vulnerability allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40043 βΌ
π Read
via "National Vulnerability Database".
Centreon v20.10.18 was discovered to contain a SQL injection vulnerability via the esc_name (Escalation Name) parameter at Configuration/Notifications/Escalations.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3201 βΌ
π Read
via "National Vulnerability Database".
Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3200 βΌ
π Read
via "National Vulnerability Database".
Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3272 βΌ
π Read
via "National Vulnerability Database".
Improper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb prior to 2.4.8.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30003 βΌ
π Read
via "National Vulnerability Database".
Sourcecodester Online Market Place Site 1.0 is vulnerable to Cross Site Scripting (XSS), allowing attackers to register as a Seller then create new products containing XSS payloads in the 'Product Title' and 'Short Description' fields.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3290 βΌ
π Read
via "National Vulnerability Database".
Improper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb prior to 2.4.8.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3298 βΌ
π Read
via "National Vulnerability Database".
Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.4.8.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39258 βΌ
π Read
via "National Vulnerability Database".
mailcow is a mailserver suite. A vulnerability innversions prior to 2022-09 allows an attacker to craft a custom Swagger API template to spoof Authorize links. This could redirect a victim to an attacker controller place to steal Swagger authorization credentials or create a phishing page to steal other information. The issue has been fixed with the 2022-09 mailcow Mootember Update. As a workaround, one may delete the Swapper API Documentation from their e-mail server.π Read
via "National Vulnerability Database".
π1
π Suricata IDPE 6.0.7 π
π Read
via "Packet Storm Security".
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.π Read
via "Packet Storm Security".
Packetstormsecurity
Suricata IDPE 6.0.7 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2022-39256 βΌ
π Read
via "National Vulnerability Database".
Orckestra C1 CMS is a .NET based Web Content Management System. A vulnerability in versions prior to 6.13 allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS. Authentication is required to exploit this vulnerability. The authenticated user may perform the actions unknowingly by visiting a specially crafted site. This issue is patched in C1 CMS v6.13. There are no known workarounds.π Read
via "National Vulnerability Database".
β WhatsApp βzero-day exploitβ news scare β what you need to know β
π Read
via "Naked Security".
Is WhatsApp currently under active attack by cyercriminals? Is this a clear and current danger? How worried should WhatsApp users be?π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π3