‼ CVE-2022-44156 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetIpMacBind.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45013 ‼
📖 Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in the Show Advanced Option module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Section Header field.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44169 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function formSetVirtualSer.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37332 ‼
📖 Read
via "National Vulnerability Database".
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. A specially-crafted PDF document can trigger the reuse of previously freed memory via misusing media player API, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44168 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function fromSetRouteStatic..📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32774 ‼
📖 Read
via "National Vulnerability Database".
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. By prematurely deleting objects associated with pages, a specially-crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45470 ‼
📖 Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** missing input validation in Apache Hama may cause information disclosure through path traversal and XSS. Since Apache Hama is EOL, we do not expect these issues to be fixed.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44163 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via function formSetMacFilterCfg.📖 Read
via "National Vulnerability Database".
🕴 MIT Research Documents Effectiveness of Consensus Cyber Risk Oversight Principles 🕴
📖 Read
via "Dark Reading".
Organizations that use the consensus principles can significantly improve their cyber resilience without raising costs, MIT research shows.📖 Read
via "Dark Reading".
Dark Reading
MIT Research Documents Effectiveness of Consensus Cyber Risk Oversight Principles
Organizations that use the consensus principles can significantly improve their cyber resilience without raising costs, MIT research shows.
👍2
🕴 Time to Get Kids Hacking: Our 2022 Holiday Gift Guide 🕴
📖 Read
via "Dark Reading".
Check out our slideshow of 10 fun games and toys that teach programming principles, electronics, and engineering concepts to get kids ready to hack the planet.📖 Read
via "Dark Reading".
Dark Reading
Time to Get Kids Hacking: Our 2022 Holiday Gift Guide
Check out our slideshow of 10 fun games and toys that teach programming principles, electronics, and engineering concepts to get kids ready to hack the planet.
👍1
🕴 Major Security Breach From Business Users' Low-Code Apps Could Come in 2023, Analysts Warn 🕴
📖 Read
via "Dark Reading".
Here's what that means about our current state as an industry, and why we should be happy about it.📖 Read
via "Dark Reading".
Dark Reading
Major Security Breach From Business Users' Low-Code Apps Could Come in 2023, Analysts Warn
Here's what that means about our current state as an industry, and why we should be happy about it.
‼ CVE-2022-43117 ‼
📖 Read
via "National Vulnerability Database".
Sourcecodester Password Storage Application in PHP/OOP and MySQL 1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the Name, Username, Description and Site Feature parameters.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44174 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC18 V15.03.05.05 is vulnerable to Buffer Overflow via function formSetDeviceName.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44183 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetWifiGuestBasic.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44180 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function addWifiMacFilter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44171 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function form_fast_setting_wifi_set.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35897 ‼
📖 Read
via "National Vulnerability Database".
An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. If the attacker modifies specific UEFI variables, it can cause a stack overflow, leading to arbitrary code execution. The specific variables are normally locked (read-only) at the OS level and therefore an attack would require direct SPI modification. If an attacker can change the values of at least two variables out of three (SecureBootEnforce, SecureBoot, RestoreBootSettings), it is possible to execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44172 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function R7WebsSecurityHandler.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44830 ‼
📖 Read
via "National Vulnerability Database".
Sourcecodester Event Registration App v1.0 was discovered to contain multiple CSV injection vulnerabilities via the First Name, Contact and Remarks fields. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38755 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in Micro Focus Filr in versions prior to 4.3.1.1. The vulnerability could be exploited to allow a remote unauthenticated attacker to enumerate valid users of the system. Remote unauthenticated user enumeration. This issue affects: Micro Focus Filr versions prior to 4.3.1.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40746 ‼
📖 Read
via "National Vulnerability Database".
IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236581.📖 Read
via "National Vulnerability Database".