‼ CVE-2022-3802 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been found in IBAX go-ibax and classified as critical. This vulnerability affects unknown code of the file /api/v2/open/rowsInfo. The manipulation of the argument where leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-212638 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3799 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in IBAX go-ibax. Affected by this vulnerability is an unknown functionality of the file /api/v2/open/tablesInfo. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212635.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40839 ‼
📖 Read
via "National Vulnerability Database".
A SQL injection vulnerability in the height and width parameter in NdkAdvancedCustomizationFields v3.5.0 allows unauthenticated attackers to exfiltrate database data.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3804 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in eolinker apinto-dashboard. It has been classified as problematic. Affected is an unknown function of the file /login. The manipulation of the argument callback leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212640.📖 Read
via "National Vulnerability Database".
🗓️ OpenSSL vulnerability downgraded to ‘high’ severity 🗓️
📖 Read
via "The Daily Swig".
Punycode-related flaw fails the logo test📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
OpenSSL vulnerability downgraded to ‘high’ severity
Punycode-related flaw fails the logo test
👍1
‼ CVE-2022-3780 ‼
📖 Read
via "National Vulnerability Database".
Database connections on deleted users could stay active on MySQL data sources in Remote Desktop Manager 2022.3.7 and below which allow deleted users to access unauthorized data. This issue affects : Remote Desktop Manager 2022.3.7 and prior versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23738 ‼
📖 Read
via "National Vulnerability Database".
An improper cache key vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to access private repository files through a public repository. To exploit this, an actor would need to already be authorized on the GitHub Enterprise Server instance, be able to create a public repository, and have a site administrator visit a specially crafted URL. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.6 and was fixed in versions 3.2.20, 3.3.15, 3.4.10, 3.5.7, 3.6.3. This vulnerability was reported via the GitHub Bug Bounty program.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43362 ‼
📖 Read
via "National Vulnerability Database".
Senayan Library Management System v9.4.2 was discovered to contain a SQL injection vulnerability via the collType parameter at loan_by_class.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43330 ‼
📖 Read
via "National Vulnerability Database".
Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /editorder.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43329 ‼
📖 Read
via "National Vulnerability Database".
Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /print.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3602 ‼
📖 Read
via "National Vulnerability Database".
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43331 ‼
📖 Read
via "National Vulnerability Database".
Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php_action/printOrder.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3786 ‼
📖 Read
via "National Vulnerability Database".
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4099 ‼
📖 Read
via "National Vulnerability Database".
The application was signed using a key length less than or equal to 1024 bits, making it potentially vulnerable to forged digital signatures. An attacker could forge the same digital signature of the app after maliciously modifying the app.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3304 ‼
📖 Read
via "National Vulnerability Database".
Use after free in CSS in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43328 ‼
📖 Read
via "National Vulnerability Database".
Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /editorder.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3781 ‼
📖 Read
via "National Vulnerability Database".
Dashlane password and Keepass Server password in My Account Settings are not encrypted in the database in Devolutions Remote Desktop Manager 2022.2.26 and prior versions and Devolutions Server 2022.3.1 and prior versions which allows database users to read the data. This issue affects : Remote Desktop Manager 2022.2.26 and prior versions. Devolutions Server 2022.3.1 and prior versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43361 ‼
📖 Read
via "National Vulnerability Database".
Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the component pop_chart.php.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-43990 ‼
📖 Read
via "National Vulnerability Database".
Password recovery vulnerability in SICK SIM1012 Partnumber 1098146 with firmware version < 2.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. The recommended solution is to update the firmware to a version >= 2.2.0 as soon as possible. (available in SICK Support Portal)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3313 ‼
📖 Read
via "National Vulnerability Database".
Incorrect security UI in full screen in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chrome security severity: Medium)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42819 ‼
📖 Read
via "National Vulnerability Database".
An access issue was addressed with improved access restrictions. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, macOS Monterey 12.6. An app may be able to read sensitive location information.📖 Read
via "National Vulnerability Database".