βΌ CVE-2022-0699 βΌ
π Read
via "National Vulnerability Database".
A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to cause a denial of service or have other unspecified impact via control over malloc.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3031 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. It may be possible for an attacker to guess a user's password by brute force by sending crafted requests to a specific endpoint, even if the victim user has 2FA enabled on their account.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22128 βΌ
π Read
via "National Vulnerability Database".
Tableau discovered a path traversal vulnerability affecting Tableau Server Administration AgentΓ’β¬β’s internal file transfer service that could allow remote code execution.Tableau only supports product versions for 24 months after release. Older versions have reached their End of Life and are no longer supported. They are also not assessed for potential security issues and do not receive security updates.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23771 βΌ
π Read
via "National Vulnerability Database".
This vulnerability occurs in user accounts creation and deleteion related pages of IPTIME NAS products. The vulnerability could be exploited by a lack of validation when a POST request is made to this page. An attacker can use this vulnerability to or delete user accounts, or to escalate arbitrary user privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2428 βΌ
π Read
via "National Vulnerability Database".
A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE affecting all versions before 15.1.6, 15.2 to 15.2.4, and 15.3 to 15.3.2 allows an attacker to issue arbitrary HTTP requestsπ Read
via "National Vulnerability Database".
βΌ CVE-2022-3165 βΌ
π Read
via "National Vulnerability Database".
An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2533 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions starting from 12.10 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a valid Deploy Token to misuse it from any location.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3351 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab EE affecting all versions starting from 13.7 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A user's primary email may be disclosed to an attacker through group member events webhooks.π Read
via "National Vulnerability Database".
π΄ The Risk of Stateful Antipatterns in Enterprise Internet Architecture π΄
π Read
via "Dark Reading".
Excessive statefulness hurts the ability to scale networks, applications, and ancillary supporting infrastructure, thus affecting an entire service delivery chain's ability to withstand a DDoS attack.π Read
via "Dark Reading".
Dark Reading
The Risk of Stateful Anti-Patterns in Enterprise Internet Architecture
Excessive statefulness hurts the ability to scale networks, applications, and ancillary supporting infrastructure, thus affecting an entire service delivery chain's ability to withstand a DDoS attack.
βΌ CVE-2022-3566 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcp_getsockopt/tcp_setsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier VDB-211089 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40055 βΌ
π Read
via "National Vulnerability Database".
An issue in GX Group GPON ONT Titanium 2122A T2122-V1.26EXL allows attackers to escalate privileges via a brute force attack at the login page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3563 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function read_50_controller_cap_complete of the file tools/mgmt-tester.c of the component BlueZ. The manipulation of the argument cap_len leads to null pointer dereference. It is recommended to apply a patch to fix this issue. VDB-211086 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3565 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211088.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32176 βΌ
π Read
via "National Vulnerability Database".
In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3b are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the "Compress Upload" functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the admin's cookie leading to account takeover.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42029 βΌ
π Read
via "National Vulnerability Database".
Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows authenticated users with access to 'big file uploads' to copy/move files from anywhere in the file system into the web directory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3564 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3559 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Exim and classified as critical. This issue affects some unknown processing of the component Regex Handler. The manipulation leads to use after free. The name of the patch is 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2. It is recommended to apply a patch to fix this issue. The identifier VDB-211073 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26375 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mammothology AB Press Optimizer plugin <= 1.1.1 on WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3567 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41751 βΌ
π Read
via "National Vulnerability Database".
Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option.π Read
via "National Vulnerability Database".
π΄ Researchers Keep a Wary Eye on Critical New Vulnerability in Apache Commons Text π΄
π Read
via "Dark Reading".
There's nothing yet to suggest CVE-2022-42889 is the next Log4j. But proof-of-concept code is available, and interest appears to be ticking up.π Read
via "Dark Reading".
Dark Reading
Researchers Keep a Wary Eye on Critical New Vulnerability in Apache Commons Text
There's nothing yet to suggest CVE-2022-42889 is the next Log4j. But proof-of-concept code is available, and interest appears to be ticking up.