βΌ CVE-2022-3956 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in tsruban HHIMS 2.1. Affected is an unknown function of the component Patient Portrait Handler. The manipulation of the argument PID leads to sql injection. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. VDB-213462 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26845 βΌ
π Read
via "National Vulnerability Database".
Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable escalation of privilege via network access.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39396 (parse-server) βΌ
π Read
via "National Vulnerability Database".
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 4.10.18, and prior to 5.3.1 on the 5.X branch, are vulnerable to Remote Code Execution via prototype pollution. An attacker can use this prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. This issue is patched in version 5.3.1 and in 4.10.18. There are no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21794 βΌ
π Read
via "National Vulnerability Database".
Improper authentication in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC Business, Intel(R) NUC Enthusiast, Intel(R) NUC Kits before version HN0067 may allow a privileged user to potentially enable escalation of privilege via local access.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44089 βΌ
π Read
via "National Vulnerability Database".
ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component IS_GETCACHE.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28748 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-2964. Reason: This candidate is a reservation duplicate of CVE-2022-2964. Notes: All CVE users should reference CVE-2022-2964 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38120 βΌ
π Read
via "National Vulnerability Database".
UPSMON PROΓ’β¬β’s has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to bypass authentication and access arbitrary system files.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45196 βΌ
π Read
via "National Vulnerability Database".
Hyperledger Fabric 2.3 allows attackers to cause a denial of service (orderer crash) by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with Raft prevents exploitation via a locking mechanism and a check for names that already exist.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34666 βΌ
π Read
via "National Vulnerability Database".
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37345 βΌ
π Read
via "National Vulnerability Database".
Improper authentication in BIOS firmware[A1] for some Intel(R) NUC Kits before version RY0386 may allow an authenticated user to potentially enable escalation of privilege via local access.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3957 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in GPAC. Affected by this vulnerability is the function svg_parse_preserveaspectratio of the file scenegraph/svg_attributes.c of the component SVG Parser. The manipulation leads to memory leak. The attack can be launched remotely. The name of the patch is 2191e66aa7df750e8ef01781b1930bea87b713bb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213463.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28611 βΌ
π Read
via "National Vulnerability Database".
Improper input validation in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40750 βΌ
π Read
via "National Vulnerability Database".
IBM WebSphere Application Server 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236588.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36377 βΌ
π Read
via "National Vulnerability Database".
Incorrect default permissions in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36789 βΌ
π Read
via "National Vulnerability Database".
Improper access control in BIOS firmware for some Intel(R) NUC 10 Performance Kits and Intel(R) NUC 10 Performance Mini PCs before version FNCML357.0053 may allow a privileged user to potentially enable escalation of privilege via local access.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38099 βΌ
π Read
via "National Vulnerability Database".
Improper input validation in BIOS firmware for some Intel(R) NUC 11 Compute Elements before version EBTGL357.0065 may allow a privileged user to potentially enable escalation of privilege via local access.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36938 βΌ
π Read
via "National Vulnerability Database".
DexLoader function get_stringidx_fromdex() in Redex prior to commit 3b44c64 can load an out of bound address when loading the string index table, potentially allowing remote code execution during processing of a 3rd party Android APK file.π Read
via "National Vulnerability Database".
π1
β Dangerous SIM-swap lockscreen bypass β update Android now! β
π Read
via "Naked Security".
A bit like leaving the front door keys under the doormat...π Read
via "Naked Security".
Naked Security
Dangerous SIM-swap lockscreen bypass β update Android now!
A bit like leaving the front door keys under the doormatβ¦
π2
π΄ Quantum Cryptography Apocalypse: A Timeline and Action Plan π΄
π Read
via "Dark Reading".
Quantum computing's a clear threat to encryption, and post-quantum crypto means adding new cryptography to hardware and software without being disruptive.π Read
via "Dark Reading".
Dark Reading
Quantum Cryptography Apocalypse: A Timeline and Action Plan
Quantum computing's a clear threat to encryption, and post-quantum crypto means adding new cryptography to hardware and software without being disruptive.
π΄ Avatier Achieves ISO 27001 Certification for its Information Security Management System π΄
π Read
via "Dark Reading".
Designation recognizes highest caliber of information security.π Read
via "Dark Reading".
Dark Reading
Avatier Achieves ISO 27001 Certification for its Information Security Management System
Designation recognizes highest caliber of information security.
π΄ Privacy4Cars Secures Fourth Patent to Remove Privacy Information From Vehicles and Create Compliance Logs π΄
π Read
via "Dark Reading".
Data-deletion service's patent covers removing personal information such as geolocation, biometrics, and phone records from a vehicle by using a user-computing deviceπ Read
via "Dark Reading".
Dark Reading
Privacy4Cars Secures Fourth Patent to Remove Privacy Information From Vehicles and Create Compliance Logs
Data-deletion service's patent covers removing personal information such as geolocation, biometrics, and phone records from a vehicle by using a user-computing device
π1