‼ CVE-2022-38449 ‼
📖 Read
via "National Vulnerability Database".
Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42340 ‼
📖 Read
via "National Vulnerability Database".
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38440 ‼
📖 Read
via "National Vulnerability Database".
Adobe Dimension versions 3.4.5 is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42961 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC signatures. These signatures can be processed via an advanced technique for ECDSA key recovery. (In 5.5.0 and later, WOLFSSL_CHECK_SIG_FAULTS can be used to address the vulnerability.)📖 Read
via "National Vulnerability Database".
‼ CVE-2017-20149 ‼
📖 Read
via "National Vulnerability Database".
The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by sending a crafted HTTP request. An attacker can use this vulnerability to execute arbitrary code on the affected system, as exploited in the wild in mid-2017 and later.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3519 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in SourceCodester Sanitization Management System 1.0. Affected by this vulnerability is an unknown functionality of the component Quote Requests Tab. The manipulation of the argument Manage Remarks leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-211015.📖 Read
via "National Vulnerability Database".
👍3
‼ CVE-2022-3518 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in SourceCodester Sanitization Management System 1.0. Affected is an unknown function of the component User Creation Handler. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. It is possible to launch the attack remotely. VDB-211014 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42968 ‼
📖 Read
via "National Vulnerability Database".
Gitea before 1.17.3 does not sanitize and escape refs in the git backend. Arguments to git commands are mishandled.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42969 ‼
📖 Read
via "National Vulnerability Database".
The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41323 ‼
📖 Read
via "National Vulnerability Database".
In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3524 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3522 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in Linux Kernel and classified as problematic. This issue affects the function hugetlb_no_page of the file mm/hugetlb.c. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211019.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3521 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function kcm_tx_work of the file net/kcm/kcmsock.c of the component kcm. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211018 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3523 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is an unknown function of the file mm/memory.c of the component Driver Handler. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211020.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3526 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in Linux Kernel. This vulnerability affects the function macvlan_handle_frame of the file drivers/net/macvlan.c of the component skb. The manipulation leads to memory leak. The attack can be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211024.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3530 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in Linux Kernel and classified as problematic. Affected by this issue is the function ipaddr_link_get of the file ip/ipaddress.c of the component iproute2. The manipulation leads to memory leak. The attack may be launched remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211028.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3527 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function ipneigh_get of the file ip/ipneigh.c of the component iproute2. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211025 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3528 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in Linux Kernel. Affected is the function mptcp_addr_show of the file ip/ipmptcp.c of the component iproute2. The manipulation leads to memory leak. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. VDB-211026 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3529 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been found in Linux Kernel and classified as problematic. Affected by this vulnerability is the function fdb_get of the file bridge/fdb.c of the component iproute2. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211027.📖 Read
via "National Vulnerability Database".
📢 Latest Microsoft Edge updates target employee onboarding, preventing malware attacks 📢
📖 Read
via "ITPro".
Microsoft unveiled a wide range of upgrades and features for its flagship browser at its annual Ignite conference this week📖 Read
via "ITPro".
ITPro
Latest Microsoft Edge updates target employee onboarding, preventing malware attacks
Microsoft unveiled a wide range of upgrades and features for its flagship browser at its annual Ignite conference this week
📢 Mormon Church reveals data breach seven months after incident transpired 📢
📖 Read
via "ITPro".
The church said that federal authorities suspect the breach was part of a pattern of state-sponsored cyber attacks📖 Read
via "ITPro".
IT PRO
Mormon Church reveals data breach seven months after incident transpired | IT PRO
The church said that federal authorities suspect the breach was part of a pattern of state-sponsored cyber attacks