‼ CVE-2022-40314 ‼
📖 Read
via "National Vulnerability Database".
A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40316 ‼
📖 Read
via "National Vulnerability Database".
The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36965 ‼
📖 Read
via "National Vulnerability Database".
Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0).📖 Read
via "National Vulnerability Database".
🕴 Cybercriminals See Allure in BEC Attacks Over Ransomware 🕴
📖 Read
via "Dark Reading".
While ransomware seems stalled, business email compromise (BEC) attacks continue to make profits from the ProxyShell and Log4j vulnerabilities, nearly doubling in the latest quarter.📖 Read
via "Dark Reading".
Dark Reading
Cybercriminals See Allure in BEC Attacks Over Ransomware
While ransomware seems stalled, business email compromise (BEC) attacks continue to make profits from the ProxyShell and Log4j vulnerabilities, nearly doubling in the latest quarter.
🕴 Reshaping the Threat Landscape: Deepfake Cyberattacks Are Here 🕴
📖 Read
via "Dark Reading".
It's time to dispel notions of deepfakes as an emergent threat. All the pieces for widespread attacks are in place and readily available to cybercriminals, even unsophisticated ones.📖 Read
via "Dark Reading".
Dark Reading
Reshaping the Threat Landscape: Deepfake Cyberattacks Are Here
It's time to dispel notions of deepfakes as an emergent threat. All the pieces for widespread attacks are in place and readily available to cybercriminals, even unsophisticated ones.
‼ CVE-2022-20662 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the smart card login authentication of Cisco Duo for macOS could allow an unauthenticated attacker with physical access to bypass authentication. This vulnerability exists because the assigned user of a smart card is not properly matched with the authenticating user. An attacker could exploit this vulnerability by configuring a smart card login to bypass Duo authentication. A successful exploit could allow the attacker to use any personal identity verification (PIV) smart card for authentication, even if the smart card is not assigned to the authenticating user.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41975 ‼
📖 Read
via "National Vulnerability Database".
RealVNC VNC Server before 6.11.0 and VNC Viewer before 6.22.826 on Windows allow local privilege escalation via MSI installer Repair mode.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20844 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and Control (SD-AVC) on Cisco vManage could allow an unauthenticated, remote attacker to access the GUI of Cisco SD-AVC using a default static username and password combination. This vulnerability exists because the GUI is accessible on self-managed cloud installations or local server installations of Cisco vManage. An attacker could exploit this vulnerability by accessing the exposed GUI of Cisco SD-AVC. A successful exploit could allow the attacker to view managed device names, SD-AVC logs, and SD-AVC DNS server IP addresses.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35155 ‼
📖 Read
via "National Vulnerability Database".
Bus Pass Management System v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the searchdata parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20919 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the processing of malformed Common Industrial Protocol (CIP) packets that are sent to Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient input validation during processing of CIP packets. An attacker could exploit this vulnerability by sending a malformed CIP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a DoS condition.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33354 ‼
📖 Read
via "National Vulnerability Database".
Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40756 ‼
📖 Read
via "National Vulnerability Database".
If folder security is misconfigured for Actian Zen PSQL BEFORE Patch Update 1 for Zen 15 SP1 (v15.11.005), Patch Update 4 for Zen 15 (v15.01.017), or Patch Update 5 for Zen 14 SP2 (v14.21.022), it can allow an attacker (with file read/write access) to remove specific security files in order to reset the master password and gain access to the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20847 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the DHCP processing functionality of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the improper processing of DHCP messages. An attacker could exploit this vulnerability by sending malicious DHCP messages to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20769 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient error validation. An attacker could exploit this vulnerability by sending crafted packets to an affected device. A successful exploit could allow the attacker to cause the wireless LAN controller to crash, resulting in a DoS condition. Note: This vulnerability affects only devices that have Federal Information Processing Standards (FIPS) mode enabled.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20848 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the UDP processing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst 9100 Series Access Points could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the improper processing of UDP datagrams. An attacker could exploit this vulnerability by sending malicious UDP datagrams to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20945 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the 802.11 association frame validation of Cisco Catalyst 9100 Series Access Points (APs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of certain parameters within association request frames received by the AP. An attacker could exploit this vulnerability by sending a crafted 802.11 association request to a nearby device. An exploit could allow the attacker to unexpectedly reload the device, resulting in a DoS condition.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40341 ‼
📖 Read
via "National Vulnerability Database".
mojoPortal v2.7 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PNG file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20930 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary commands that are executed as the root user account. A successful exploit could allow the attacker to overwrite arbitrary system files, which could result in a denial of service (DoS) condition.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36865 ‼
📖 Read
via "National Vulnerability Database".
Insecure direct object references (IDOR) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 at WordPress allows attackers to change the content of the quiz.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20810 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the Simple Network Management Protocol (SNMP) of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due to insufficient restrictions that allow a sensitive configuration detail to be disclosed. An attacker could exploit this vulnerability by retrieving data through SNMP read-only community access. A successful exploit could allow the attacker to view Service Set Identifier (SSID) preshared keys (PSKs) that are configured on the affected device.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20775 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user.📖 Read
via "National Vulnerability Database".