🕴 Exploit Attempts Underway for Apache Commons Text4Shell Vulnerability 🕴
📖 Read
via "Dark Reading".
The good news: The Apache Commons Text library bug is far less likely to lead to exploitation than last year's Log4j library flaw.📖 Read
via "Dark Reading".
Dark Reading
Exploit Attempts Underway for Apache Commons Text4Shell Vulnerability
The good news: The Apache Commons Text library bug is far less likely to lead to exploitation than last year's Log4j library flaw.
‼ CVE-2022-3639 ‼
📖 Read
via "National Vulnerability Database".
A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 10.8 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Improper data handling on branch creation could have been used to trigger high CPU usage.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42942 ‼
📖 Read
via "National Vulnerability Database".
A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3626 ‼
📖 Read
via "National Vulnerability Database".
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41309 ‼
📖 Read
via "National Vulnerability Database".
A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42934 ‼
📖 Read
via "National Vulnerability Database".
A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42937 ‼
📖 Read
via "National Vulnerability Database".
A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1066 ‼
📖 Read
via "National Vulnerability Database".
Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1070 ‼
📖 Read
via "National Vulnerability Database".
Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3642 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in Linux Kernel. This affects the function rtl8188f_spur_calibration of the file drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_8188f.c of the component Wireless. The manipulation of the argument hw_ctrl_s1/sw_ctrl_s1 leads to use of uninitialized variable. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211959.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42941 ‼
📖 Read
via "National Vulnerability Database".
A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40311 ‼
📖 Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) in Fatcat Apps Analytics Cat plugin <= 1.0.9 on WordPress.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42939 ‼
📖 Read
via "National Vulnerability Database".
A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3627 ‼
📖 Read
via "National Vulnerability Database".
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42938 ‼
📖 Read
via "National Vulnerability Database".
A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42944 ‼
📖 Read
via "National Vulnerability Database".
A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27494 ‼
📖 Read
via "National Vulnerability Database".
Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42943 ‼
📖 Read
via "National Vulnerability Database".
A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41638 ‼
📖 Read
via "National Vulnerability Database".
Auth. Stored Cross-Site Scripting (XSS) in Pop-Up Chop Chop plugin <= 2.1.7 on WordPress.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1059 ‼
📖 Read
via "National Vulnerability Database".
Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3570 ‼
📖 Read
via "National Vulnerability Database".
Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact📖 Read
via "National Vulnerability Database".