‼ CVE-2021-42777 ‼
📖 Read
via "National Vulnerability Database".
Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0, when Compilation Mode is used, allows an attacker to execute arbitrary C# code on any machine that renders a report, including the application server or a user's local machine, as demonstrated by System.Diagnostics.Process.Start.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3755 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in Exiv2 and classified as problematic. This issue affects the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to null pointer dereference. The attack may be initiated remotely. The name of the patch is 6bb956ad808590ce2321b9ddf6772974da27c4ca. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212495.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3757 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in Exiv2. It has been declared as critical. Affected by this vulnerability is the function QuickTimeVideo::decodeBlock of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The name of the patch is d3651fdbd352cbaf259f89abf7557da343339378. It is recommended to apply a patch to fix this issue. The identifier VDB-212497 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42915 ‼
📖 Read
via "National Vulnerability Database".
curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44033 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4040_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cm4040_open() and reader_detach().📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44032 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4000_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cmm_open() and cm4000_detach().📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44019 ‼
📖 Read
via "National Vulnerability Database".
In Total.js 4 before 0e5ace7, /api/common/ping can achieve remote command execution via shell metacharacters in the host parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44034 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/scr24x_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between scr24x_open() and scr24x_remove().📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44020 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsupported, production-like configuration."📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44022 ‼
📖 Read
via "National Vulnerability Database".
PwnDoc through 0.5.3 might allow remote attackers to identify valid user account names by leveraging response timings for authentication attempts.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44023 ‼
📖 Read
via "National Vulnerability Database".
PwnDoc through 0.5.3 might allow remote attackers to identify disabled user account names by leveraging response timings for authentication attempts.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3766 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.8.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3765 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.8.📖 Read
via "National Vulnerability Database".
🗓️ SQLite patches 22-year-old code execution, denial of service vulnerability 🗓️
📖 Read
via "The Daily Swig".
Dormant 32 bit-era coding flaw causes problems for 64-bit systems📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
SQLite patches 22-year-old code execution, denial of service vulnerability
Dormant 32 bit-era coding flaw causes problems for 64-bit systems
‼ CVE-2022-3772 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in easyii CMS. Affected is an unknown function of the file /admin/sign/out. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. VDB-212502 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3771 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in easyii CMS. This issue affects the function file of the file helpers/Upload.php of the component File Upload Management. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The identifier VDB-212501 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3770 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in Yunjing CMS. This vulnerability affects unknown code of the file /index/user/upload_img.html. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212500.📖 Read
via "National Vulnerability Database".
📢 IT Pro News: Medibank cyber attack, Microsoft record cloud revenue, See Tickets data breach 📢
📖 Read
via "ITPro".
Catch up on the biggest headlines of the week in just two minutes📖 Read
via "ITPro".
ITPro
IT Pro News: Medibank cyber attack, Microsoft record cloud revenue, See Tickets data breach
Catch up on the biggest headlines of the week in just two minutes
📢 UK police fails ethical tests with "unlawful" facial recognition deployments 📢
📖 Read
via "ITPro".
A University of Cambridge team audited UK police use of the tech and found frequent ethical and legal shortcomings📖 Read
via "ITPro".
ITPro
UK police fails ethical tests with "unlawful" facial recognition deployments
A University of Cambridge team audited UK police use of the tech and found frequent ethical and legal shortcomings
📢 Real-time deepfakes are becoming a serious threat 📢
📖 Read
via "ITPro".
Video calls between leading politicians and the deepfaked mayor of Kyiv, Vitali Klitschko, will raise new trust issues📖 Read
via "ITPro".
ITPro
Real-time deepfakes are becoming a serious threat
Video calls between leading politicians and the deepfaked mayor of Kyiv, Vitali Klitschko, will raise new trust issues
📢 Microsoft: Raspberry Robin worm key facilitator of LockBit, Cl0p ransomware 📢
📖 Read
via "ITPro".
The worm was first reported in May 2022 and has evolved into one of the largest malware distribution platforms currently active📖 Read
via "ITPro".
ITPro
Microsoft: Raspberry Robin worm key facilitator of LockBit, Cl0p ransomware
The worm was first reported in May 2022 and has evolved into one of the largest malware distribution platforms currently active