βΌ CVE-2022-40190 βΌ
π Read
via "National Vulnerability Database".
SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable to reflective cross-site scripting (XSS). The web application does not adequately sanitize request strings of malicious JavaScript. An attacker utilizing XSS could then execute malicious code in usersΓ’β¬β’ browsers and steal sensitive information, including user credentials.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3784 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in Axiomatic Bento4 5e7bb34. Affected by this vulnerability is the function AP4_Mp4AudioDsiParser::ReadBits of the file Ap4Mp4AudioInfo.cpp of the component mp4hls. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212563.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3785 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in Axiomatic Bento4. Affected by this issue is the function AP4_DataBuffer::SetDataSize of the component Avcinfo. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212564.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40291 βΌ
π Read
via "National Vulnerability Database".
The application was vulnerable to Cross-Site Request Forgery (CSRF) attacks, allowing an attacker to coerce users into sending malicious requests to the site to delete their account, or in rare circumstances, hijack their account and create other admin accounts.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41680 βΌ
π Read
via "National Vulnerability Database".
Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker (with the role of student) to perform a SQL injection on the 'search[value] parameter in the appLms/ajax.server.php?r=mycertificate/getMyCertificates' function in order to dump the entire database.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43752 βΌ
π Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** Oracle Solaris version 10 1/13, when using the Common Desktop Environment (CDE), is vulnerable to a privilege escalation vulnerability. A low privileged user can escalate to root by crafting a malicious printer and double clicking on the the crafted printer's icon.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42925 βΌ
π Read
via "National Vulnerability Database".
There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the plugin upload component. The exploitation of this vulnerability could lead to a remote code injection.π Read
via "National Vulnerability Database".
β Psychotherapy extortion suspect: arrest warrant issued β
π Read
via "Naked Security".
Wanted! Not only the extortionist who abused the data, but also the CEO who let it happen.π Read
via "Naked Security".
Naked Security
Psychotherapy extortion suspect: arrest warrant issued
Wanted! Not only the extortionist who abused the data, but also the CEO who let it happen.
π1
βΌ CVE-2021-27784 βΌ
π Read
via "National Vulnerability Database".
The provided HCL Launch Container images contain non-unique HTTPS certificates and a database encryption key. The fix provides directions and tools to replace the non-unique keys and certificates. This does not affect the standard installer packages.π Read
via "National Vulnerability Database".
π’ Australia's Department of Defence becomes latest victim of regional ransomware attacks π’
π Read
via "ITPro".
Military information was not stolen in the breach, which may affect the records of 40,000 defence personnelπ Read
via "ITPro".
ITPro
Australia's Department of Defence becomes latest victim of regional ransomware attacks
Military information was not stolen in the breach, which may affect the records of 40,000 defence personnel
π1
π’ MSPs' next biggest investment will be in MDR and dark web monitoring π’
π Read
via "ITPro".
Research showed that providers were torn on the decisions of what their next big offering will beπ Read
via "ITPro".
channelpro
MSPs' next biggest investment will be in MDR and dark web monitoring
Research showed that providers were torn on the decisions of what their next big offering will be
βΌ CVE-2022-43354 βΌ
π Read
via "National Vulnerability Database".
Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/manage_request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2572 βΌ
π Read
via "National Vulnerability Database".
In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted user were still valid after the access was revoked.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3373 βΌ
π Read
via "National Vulnerability Database".
Out of bounds write in V8 in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41552 βΌ
π Read
via "National Vulnerability Database".
Server-Side Request Forgery (SSRF) vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Data Center Analytics, Analytics probe components), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe components) allows Server Side Request Forgery.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43353 βΌ
π Read
via "National Vulnerability Database".
Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41553 βΌ
π Read
via "National Vulnerability Database".
Insertion of Sensitive Information into Temporary File vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer probe component) allows local users to gain sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36605 βΌ
π Read
via "National Vulnerability Database".
Incorrect Default Permissions vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3191 βΌ
π Read
via "National Vulnerability Database".
Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Analyzer on Linux (Virtual Strage Software Agent component) allows local users to gain sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3370 βΌ
π Read
via "National Vulnerability Database".
Use after free in Custom Elements in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44542 βΌ
π Read
via "National Vulnerability Database".
lesspipe before 2.06 allows attackers to execute code via Perl Storable (pst) files, because of deserialized object destructor execution via a key/value pair in a hash.π Read
via "National Vulnerability Database".