‼ CVE-2022-41942 ‼
📖 Read
via "National Vulnerability Database".
Sourcegraph is a code intelligence platform. In versions prior to 4.1.0 a command Injection vulnerability existed in the gitserver service, present in all Sourcegraph deployments. This vulnerability was caused by a lack of input validation on the host parameter of the `/list-gitolite` endpoint. It was possible to send a crafted request to gitserver that would execute commands inside the container. Successful exploitation requires the ability to send local requests to gitserver. The issue is patched in version 4.1.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41943 ‼
📖 Read
via "National Vulnerability Database".
sourcegraph is a code intelligence platform. As a site admin it was possible to execute arbitrary commands on Gitserver when the experimental `customGitFetch` feature was enabled. This experimental feature has now been disabled by default. This issue has been patched in version 4.1.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3500 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in an attested state but not verifying that anymore.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39199 ‼
📖 Read
via "National Vulnerability Database".
immudb is a database with built-in cryptographic proof and verification. immudb client SDKs use server's UUID to distinguish between different server instance so that the client can connect to different immudb instances and keep the state for multiple servers. SDK does not validate this uuid and can accept any value reported by the server. A malicious server can change the reported UUID tricking the client to treat it as a different server thus accepting a state completely irrelevant to the one previously retrieved from the server. This issue has been patched in version 1.4.1. As a workaround, when initializing an immudb client object a custom state handler can be used to store the state. Providing custom implementation that ignores the server UUID can be used to ensure that even if the server changes the UUID, client will still consider it to be the same server.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39397 ‼
📖 Read
via "National Vulnerability Database".
aliyun-oss-client is a rust client for Alibaba Cloud OSS. Users of this library will be affected, the incoming secret will be disclosed unintentionally. This issue has been patched in version 0.8.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45330 ‼
📖 Read
via "National Vulnerability Database".
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Category parameter at \category.php. This vulnerability allows attackers to access database information.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45536 ‼
📖 Read
via "National Vulnerability Database".
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the id parameter at \admin\post_comments.php. This vulnerability allows attackers to access database information.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45331 ‼
📖 Read
via "National Vulnerability Database".
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the p_id parameter at \post.php. This vulnerability allows attackers to access database information.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45529 ‼
📖 Read
via "National Vulnerability Database".
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the post_category_id parameter at \admin\includes\edit_post.php. This vulnerability allows attackers to access database information.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45535 ‼
📖 Read
via "National Vulnerability Database".
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the edit parameter at \admin\categories.php. This vulnerability allows attackers to access database information.📖 Read
via "National Vulnerability Database".
🕴 Cybersecurity Pros Put Mastodon Flaws Under the Microscope 🕴
📖 Read
via "Dark Reading".
As the open source social media network blows up due to Twitter's troubles, researchers caution about vulnerabilities within the application.📖 Read
via "Dark Reading".
Dark Reading
Cybersecurity Pros Put Mastodon Flaws Under the Microscope
As the open source social media network grabs the spotlight as a Twitter replacement, researchers caution about vulnerabilities.
🕴 Adversarial AI Attacks Highlight Fundamental Security Issues 🕴
📖 Read
via "Dark Reading".
An AI's "world" only includes the data on which it was trained, so it otherwise lacks context — opening the door for creative attacks from cyber adversaries.📖 Read
via "Dark Reading".
Dark Reading
Adversarial AI Attacks Highlight Fundamental Security Issues
An AI's "world" only includes the data on which it was trained, so it otherwise lacks context — opening the door for creative attacks from cyber adversaries.
‼ CVE-2022-37772 ‼
📖 Read
via "National Vulnerability Database".
Maarch RM 2.8.3 solution contains an improper restriction of excessive authentication attempts due to excessive verbose responses from the application. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to compromised accounts.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37429 ‼
📖 Read
via "National Vulnerability Database".
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-23587 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability found in the OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to men in the middle attack by adding New Routes in RoutingConfiguration on " /routing.asp ".📖 Read
via "National Vulnerability Database".
‼ CVE-2020-23590 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in Optilink OP-XT71000N Hardware version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated remote attacker to conduct a cross-site request forgery (CSRF) attack to change the Password for "WLAN SSID" through "wlwpa.asp".📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37421 ‼
📖 Read
via "National Vulnerability Database".
Silverstripe silverstripe/cms through 4.11.0 allows XSS.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-23593 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2, Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross site request forgery (CSRF) attack to enable syslog mode through ' /mgm_log_cfg.asp.' The system starts to log events, 'Remote' mode or 'Both' mode on "Syslog -- Configuration page" logs events and sends to remote syslog server IP and Port.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-23584 ‼
📖 Read
via "National Vulnerability Database".
Unauthenticated remote code execution in OPTILINK OP-XT71000N, Hardware Version: V2.2 occurs when the attacker passes arbitrary commands with IP-ADDRESS using " | " to execute commands on " /diag_tracert_admin.asp " in the "PingTest" parameter that leads to command execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38147 ‼
📖 Read
via "National Vulnerability Database".
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 of 3).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-23592 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to Reset ONU to Factory Default through ' /mgm_dev_reset.asp.' Resetting to default leads to Escalation of Privileges by logging-in with default credentials.📖 Read
via "National Vulnerability Database".