βΌ CVE-2022-24945 βΌ
π Read
via "National Vulnerability Database".
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44586 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) in Ayoub Media AM-HiLi plugin <= 1.0 on WordPress.π Read
via "National Vulnerability Database".
β The OpenSSL security update story β how can you tell what needs fixing? β
π Read
via "Naked Security".
How to Hack! Finding OpenSSL library files and accurately identifying their version numbers...π Read
via "Naked Security".
Naked Security
The OpenSSL security update story β how can you tell what needs fixing?
How to Hack! Finding OpenSSL library files and accurately identifying their version numbersβ¦
βΌ CVE-2022-44638 βΌ
π Read
via "National Vulnerability Database".
In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46853 βΌ
π Read
via "National Vulnerability Database".
Alpine before 2.25 allows remote attackers to cause a denial of service (daemon crash) when LIST or LSUB is sent before STARTTLS.π Read
via "National Vulnerability Database".
ποΈ Gatsby patches SSRF, XSS bugs in Cloud Image CDN ποΈ
π Read
via "The Daily Swig".
Remediation compared to βchanging the tires on a car while in motionβπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Gatsby patches SSRF, XSS bugs in Cloud Image CDN
Remediation compared to βchanging the tires on a car while in motionβ
βΌ CVE-2022-41435 βΌ
π Read
via "National Vulnerability Database".
OpenWRT LuCI version git-22.140.66206-02913be was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /system/sshkeys.js. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted public key comments.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32287 βΌ
π Read
via "National Vulnerability Database".
A relative path traversal vulnerability in a FileUtil class used by the PEAR management component of Apache UIMA allows an attacker to create files outside the designated target directory using carefully crafted ZIP entry names. This issue affects Apache UIMA Apache UIMA version 3.3.0 and prior versions. Note that PEAR files should never be installed into an UIMA installation from untrusted sources because PEAR archives are executable plugins that will be able to perform any actions with the same privileges as the host Java Virtual Machine.π Read
via "National Vulnerability Database".
βοΈ Hacker Charged With Extorting Online Psychotherapy Service βοΈ
π Read
via "Krebs on Security".
A 25-year-old Finnish man has been charged with extorting a once popular and now-bankrupt online psychotherapy company and its patients. Finnish authorities rarely name suspects in an investigation, but they were willing to make an exception for Julius "Zeekill" Kivimaki, a notorious hacker who -- at the tender age of 17 -- had been convicted of more than 50,000 cybercrimes, including data breaches, payment fraud, operating botnets, and calling in bomb threats.π Read
via "Krebs on Security".
Krebs on Security
Hacker Charged With Extorting Online Psychotherapy Service
A 25-year-old Finnish man has been charged with extorting a once popular and now-bankrupt online psychotherapy company and its patients. Finnish authorities rarely name suspects in an investigation, but they were willing to make an exception for Julius "Zeekill"β¦
βΌ CVE-2022-44622 βΌ
π Read
via "National Vulnerability Database".
In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessiveπ Read
via "National Vulnerability Database".
βΌ CVE-2022-39323 βΌ
π Read
via "National Vulnerability Database".
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Time based attack using a SQL injection in api REST user_token. This issue has been patched, please upgrade to version 10.0.4. As a workaround, disable login with user_token on API Rest.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39234 βΌ
π Read
via "National Vulnerability Database".
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Deleted/deactivated user could continue to use their account as long as its cookie is valid. This issue has been patched, please upgrade to version 10.0.4. There are currently no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43106 βΌ
π Read
via "National Vulnerability Database".
Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the schedStartTime parameter in the setSchedWifi function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43102 βΌ
π Read
via "National Vulnerability Database".
Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the timeZone parameter in the fromSetSysTime function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43105 βΌ
π Read
via "National Vulnerability Database".
Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44623 βΌ
π Read
via "National Vulnerability Database".
In JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values in the MetaRunner settingsπ Read
via "National Vulnerability Database".
βΌ CVE-2022-43101 βΌ
π Read
via "National Vulnerability Database".
Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43108 βΌ
π Read
via "National Vulnerability Database".
Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43107 βΌ
π Read
via "National Vulnerability Database".
Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the time parameter in the setSmartPowerManagement function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39262 βΌ
π Read
via "National Vulnerability Database".
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package, GLPI administrator can define rich-text content to be displayed on login page. The displayed content is can contains malicious code that can be used to steal credentials. This issue has been patched, please upgrade to version 10.0.4.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44646 βΌ
π Read
via "National Vulnerability Database".
In JetBrains TeamCity version before 2022.10, no audit items were added upon editing a user's settingsπ Read
via "National Vulnerability Database".