βΌ CVE-2022-43320 βΌ
π Read
via "National Vulnerability Database".
FeehiCMS v2.1.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the id parameter at /web/admin/index.php?r=log%2Fview-layer.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31253 βΌ
π Read
via "National Vulnerability Database".
A Untrusted Search Path vulnerability in openldap2 of openSUSE Factory allows local attackers with control of the ldap user or group to change ownership of arbitrary directory entries to this user/group, leading to escalation to root. This issue affects: openSUSE Factory openldap2 versions prior to 2.6.3-404.1.π Read
via "National Vulnerability Database".
β Silk Road drugs market hacker pleads guilty, faces 20 years inside β
π Read
via "Naked Security".
Jurisprudence isn't like arithmetic... two negatives never make a positive!π Read
via "Naked Security".
Naked Security
Silk Road drugs market hacker pleads guilty, faces 20 years inside
Jurisprudence isnβt like arithmeticβ¦ two negatives never make a positive!
β Exchange 0-days fixed (at last) β plus 4 brand new Patch Tuesday 0-days! β
π Read
via "Naked Security".
In all the excitement, we kind of lost count ourselves. Were there six 0-days, or only four?π Read
via "Naked Security".
Naked Security
Exchange 0-days fixed (at last) β plus 4 brand new Patch Tuesday 0-days!
In all the excitement, we kind of lost track ourselves. Were there six 0-days, or only four?
βΌ CVE-2022-28689 βΌ
π Read
via "National Vulnerability Database".
A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32588 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds write vulnerability exists in the PICT parsing pctwread_14841 functionality of Accusoft ImageGear 20.0. A specially-crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34577 βΌ
π Read
via "National Vulnerability Database".
In the Kaden PICOFLUX AiR water meter an adversary can read the values through wireless M-Bus mode 5 with a hardcoded shared key while being adjacent to the device.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29888 βΌ
π Read
via "National Vulnerability Database".
A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can send an HTTP request to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29481 βΌ
π Read
via "National Vulnerability Database".
A leftover debug code vulnerability exists in the console nvram functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26023 βΌ
π Read
via "National Vulnerability Database".
A leftover debug code vulnerability exists in the console verify functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30543 βΌ
π Read
via "National Vulnerability Database".
A leftover debug code vulnerability exists in the console infct functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to execution of privileged operations. An attacker can send a sequence of requests to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34579 βΌ
π Read
via "National Vulnerability Database".
In Phoenix Contact: FL MGUARD DM version 1.12.0 and 1.13.0 access to the Apache web server being installed as part of the FL MGUARD DM on Microsoft Windows does not require login credentials even if configured during installation.Attackers with network access to the Apache web server can download and therefore read mGuard configuration profiles (Γ’β¬ΕATV profilesΓ’β¬οΏ½). Such configuration profiles may contain sensitive information, e.g. private keys associated with IPsec VPN connections.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0031 βΌ
π Read
via "National Vulnerability Database".
A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system allows a local attacker with shell access to the engine to execute programs with elevated privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25932 βΌ
π Read
via "National Vulnerability Database".
The firmware of InHand Networks InRouter302 V3.5.45 introduces fixes for TALOS-2022-1472 and TALOS-2022-1474. The fixes are incomplete. An attacker can still perform, respectively, a privilege escalation and an information disclosure vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41055 βΌ
π Read
via "National Vulnerability Database".
Windows Human Interface Device Information Disclosure Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26392 βΌ
π Read
via "National Vulnerability Database".
Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46852 βΌ
π Read
via "National Vulnerability Database".
The memory management module has the logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26393 βΌ
π Read
via "National Vulnerability Database".
Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41116 βΌ
π Read
via "National Vulnerability Database".
Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-41090.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41064 βΌ
π Read
via "National Vulnerability Database".
.NET Framework Information Disclosure Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41060 βΌ
π Read
via "National Vulnerability Database".
Microsoft Word Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-41103.π Read
via "National Vulnerability Database".