βΌ CVE-2022-42071 βΌ
π Read
via "National Vulnerability Database".
Online Birth Certificate Management System version 1.0 suffers from a Cross Site Scripting (XSS) Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28761 βΌ
π Read
via "National Vulnerability Database".
Zoom On-Premise Meeting Connector MMR before version 4.8.20220916.131 contains an improper access control vulnerability. As a result, a malicious actor in a meeting or webinar they are authorized to join could prevent participants from receiving audio and video causing meeting disruptions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42464 βΌ
π Read
via "National Vulnerability Database".
OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have a Kernel memory pool override vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could disclose sensitive information including kernel pointer, which could be used in further attacks. The processes with system user UID run on the device would be able to mmap memory pools used by kernel and override them which could be used to gain kernel code execution on the device, gain root privileges, or cause device reboot.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3504 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Sanitization Management System and classified as critical. This issue affects some unknown processing of the file /php-sms/?p=services/view_service. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-210839.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32149 βΌ
π Read
via "National Vulnerability Database".
An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42064 βΌ
π Read
via "National Vulnerability Database".
Online Diagnostic Lab Management System version 1.0 remote exploit that bypasses login with SQL injection and then uploads a shell.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42488 βΌ
π Read
via "National Vulnerability Database".
OpenHarmony-v3.1.2 and prior versions have a Missing permission validation vulnerability in param service of startup subsystem. An malicious application installed on the device could elevate its privileges to the root user, disable security features, or cause DoS by disabling particular services.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2879 βΌ
π Read
via "National Vulnerability Database".
Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42070 βΌ
π Read
via "National Vulnerability Database".
Online Birth Certificate Management System version 1.0 is vulnerable to Cross Site Request Forgery (CSRF).π Read
via "National Vulnerability Database".
βΌ CVE-2022-41686 βΌ
π Read
via "National Vulnerability Database".
OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have an Out-of-bound memory read and write vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could read out-of-bound memory leading sensitive to information disclosure. The processes with system user UID run on the device would be able to write out-of-bound memory which could lead to unspecified memory corruption.π Read
via "National Vulnerability Database".
β S3 Ep104: Should hospital ransomware attackers be locked up for life? [Audio + Text] β
π Read
via "Naked Security".
Have your say on three deep questions posed by this week's podcast. Read or listen as suits you best...π Read
via "Naked Security".
Naked Security
S3 Ep104: Should hospital ransomware attackers be locked up for life? [Audio + Text]
Have your say on three deep questions posed by this weekβs podcast. Read or listen as suits you bestβ¦
β Serious Security: Microsoft Office 365 attacked over feeble encryption β
π Read
via "Naked Security".
How 2022 is your encryption?π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ Fast Fashion Retailer Data Breach Draws $1.9M Fine π΄
π Read
via "Dark Reading".
New York AG fines Shein and Romwe parent company for failure to protect customer data and downplaying the 2018 compromise of 46 million shopper records.π Read
via "Dark Reading".
Dark Reading
Fast Fashion Retailer Data Breach Draws $1.9M Fine
New York AG fines Shein and Romwe parent company for failure to protect customer data and downplaying the 2018 compromise of 46 million shopper records.
βΌ CVE-2022-41307 βΌ
π Read
via "National Vulnerability Database".
A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41306 βΌ
π Read
via "National Vulnerability Database".
A maliciously crafted PCT file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41586 βΌ
π Read
via "National Vulnerability Database".
The communication framework module has a vulnerability of not truncating data properly.Successful exploitation of this vulnerability may affect data confidentiality.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41582 βΌ
π Read
via "National Vulnerability Database".
The security module has configuration defects.Successful exploitation of this vulnerability may affect system availability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38980 βΌ
π Read
via "National Vulnerability Database".
The HwAirlink module has a heap overflow vulnerability in processing data packets of the proprietary protocol.Successful exploitation of this vulnerability may allow attackers to obtain process control permissions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39011 βΌ
π Read
via "National Vulnerability Database".
The HISP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause unauthorized access to the HISP module.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0699 βΌ
π Read
via "National Vulnerability Database".
In HTBLogKM of TBD, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-242345178π Read
via "National Vulnerability Database".
βΌ CVE-2022-20464 βΌ
π Read
via "National Vulnerability Database".
In various functions of ap_input_processor.c, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-236042696References: N/Aπ Read
via "National Vulnerability Database".