βΌ CVE-2022-40834 βΌ
π Read
via "National Vulnerability Database".
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_not_like() function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40872 βΌ
π Read
via "National Vulnerability Database".
An SQL injection vulnerability issue was discovered in Sourcecodester Simple E-Learning System 1.0., in /vcs/classRoom.php?classCode=, classCode.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40831 βΌ
π Read
via "National Vulnerability Database".
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php like() function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40833 βΌ
π Read
via "National Vulnerability Database".
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where_in() function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40826 βΌ
π Read
via "National Vulnerability Database".
B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_having() function.π Read
via "National Vulnerability Database".
ποΈ Policy-as-code approach counters βcloud nativeβ security risks ποΈ
π Read
via "The Daily Swig".
Research suggests that automation can cut down on cloud control plane compromisesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Policy-as-code approach counters βcloud nativeβ security risks
Research suggests that automation can cut down on cloud control plane compromises
π Friday Five 10/7 π
π Read
via "".
This week saw some good news around securing the midterm elections, warnings about IRS phishing scams, and new orders from CISA. Catch up in this weekβs Friday Five!
π Read
via "".
βΌ CVE-2022-39847 βΌ
π Read
via "National Vulnerability Database".
Use after free vulnerability in set_nft_pid and signal_handler function of NFC driver prior to SMR Oct-2022 Release 1 allows attackers to perform malicious actions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33896 βΌ
π Read
via "National Vulnerability Database".
A buffer underflow vulnerability exists in the way Hword of Hancom Office 2020 version 11.0.0.5357 parses XML-based office files. A specially-crafted malformed file can cause memory corruption by using memory before buffer start, which can lead to code execution. A victim would need to access a malicious file to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39852 βΌ
π Read
via "National Vulnerability Database".
A heap-based overflow vulnerability in makeContactAGIF in libagifencoder.quram.so library prior to SMR Oct-2022 Release 1 allows attacker to perform code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39863 βΌ
π Read
via "National Vulnerability Database".
Intent redirection vulnerability in Samsung Account prior to version 13.5.01.3 allows attackers to access content providers without permission.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39867 βΌ
π Read
via "National Vulnerability Database".
Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via SHOW_PERSISTENT_BANNER broadcast.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39859 βΌ
π Read
via "National Vulnerability Database".
Implicit intent hijacking vulnerability in UPHelper library prior to version 3.0.12 allows attackers to access sensitive information via implicit intent.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39877 βΌ
π Read
via "National Vulnerability Database".
Improper access control vulnerability in ProfileSharingAccount in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39860 βΌ
π Read
via "National Vulnerability Database".
Improper access control vulnerability in QuickShare prior to version 13.2.3.5 allows attackers to access sensitive information via implicit broadcast.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39850 βΌ
π Read
via "National Vulnerability Database".
Improper access control in mum_container_policy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39870 βΌ
π Read
via "National Vulnerability Database".
Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via PUSH_MESSAGE_RECEIVED broadcast.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39875 βΌ
π Read
via "National Vulnerability Database".
Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39864 βΌ
π Read
via "National Vulnerability Database".
Improper access control vulnerability in WifiSetupLaunchHelper in SmartThings prior to version 1.7.89.25 allows attackers to access sensitive information via implicit intent.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39856 βΌ
π Read
via "National Vulnerability Database".
Improper access control vulnerability in imsservice application prior to SMR Oct-2022 Release 1 allows local attackers to access call information.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36868 βΌ
π Read
via "National Vulnerability Database".
Improper restriction of broadcasting Intent in MouseNKeyHidDevice prior to SMR Oct-2022 Release 1 leaks MAC address of the connected Bluetooth device.π Read
via "National Vulnerability Database".