βΌ CVE-2022-45668 βΌ
π Read
via "National Vulnerability Database".
Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45645 βΌ
π Read
via "National Vulnerability Database".
Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceMac parameter in the addWifiMacFilter function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45646 βΌ
π Read
via "National Vulnerability Database".
Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the limitSpeedUp parameter in the formSetClientState function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45649 βΌ
π Read
via "National Vulnerability Database".
Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the endIp parameter in the formSetPPTPServer function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3591 βΌ
π Read
via "National Vulnerability Database".
Use After Free in GitHub repository vim/vim prior to 9.0.0789.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46145 βΌ
π Read
via "National Vulnerability Database".
authentik is an open-source identity provider. Versions prior to 2022.11.2 and 2022.10.2 are vulnerable to unauthorized user creation and potential account takeover. With the default flows, unauthenticated users can create new accounts in authentik. If a flow exists that allows for email-verified password recovery, this can be used to overwrite the email address of admin accounts and take over their accounts. authentik 2022.11.2 and 2022.10.2 fix this issue. As a workaround, a policy can be created and bound to the `default-user-settings-flow flow` with the contents `return request.user.is_authenticated`.π Read
via "National Vulnerability Database".
π΄ Newsroom Sues NSO Group for Pegasus Spyware Compromise π΄
π Read
via "Dark Reading".
Journalists in El Salvador haul NSO Group to US court for illegal surveillance that ultimately compromised their safety.π Read
via "Dark Reading".
Dark Reading
Newsroom Sues NSO Group for Pegasus Spyware Compromise
Journalists in El Salvador haul NSO Group to US court for illegal surveillance that ultimately compromised their safety.
β Apple pushes out iOS security update thatβs more tight-lipped than ever β
π Read
via "Naked Security".
We grabbed the update, based on no information at all, just in case we came across a reason to advise you not to. So far, so good...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β LastPass admits to customer data breach caused by previous breach β
π Read
via "Naked Security".
Seems that the developer account that the crooks breached last time gave indirect access to customer data this time round.π Read
via "Naked Security".
Naked Security
LastPass admits to customer data breach caused by previous breach
Seems that the developer account that the crooks breached last time gave indirect access to customer data this time round.
βΌ CVE-2022-44959 βΌ
π Read
via "National Vulnerability Database".
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /meetings/listmeetings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3086 βΌ
π Read
via "National Vulnerability Database".
An attacker with physical access to Moxa's bootloader versions of UC-8580 Series V1.1, UC-8540 Series V1.0 to V1.2, UC-8410A Series V2.2, UC-8200 Series V1.0 to V2.4, UC-8100A-ME-T Series V1.0 to V1.1, UC-8100 Series V1.2 to V1.3, UC-5100 Series V1.2, UC-3100 Series V1.2 to V2.0, UC-2100 Series V1.3 to V1.5, and UC-2100-W Series V1.3 to V1.5 can initiate a restart of the device and gain access to its BIOS. Command line options can then be altered, allowing the attacker to access the terminal. From the terminal, the attacker can modify the deviceΓ’β¬β’s authentication files to create a new user and gain full access to the system.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44956 βΌ
π Read
via "National Vulnerability Database".
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /projects/listprojects.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44950 βΌ
π Read
via "National Vulnerability Database".
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44962 βΌ
π Read
via "National Vulnerability Database".
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /calendar/viewcalendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Subject field.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44957 βΌ
π Read
via "National Vulnerability Database".
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /clients/listclients.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44948 βΌ
π Read
via "National Vulnerability Database".
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Entities Group feature at/index.php?module=entities/entities_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking "Add".π Read
via "National Vulnerability Database".
βΌ CVE-2022-44291 βΌ
π Read
via "National Vulnerability Database".
webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phasesets.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44945 βΌ
π Read
via "National Vulnerability Database".
Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the heading_field_id parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44949 βΌ
π Read
via "National Vulnerability Database".
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Short Name field.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44960 βΌ
π Read
via "National Vulnerability Database".
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /general/search.php?searchtype=simple. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search field.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44953 βΌ
π Read
via "National Vulnerability Database".
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /linkedcontent/listfiles.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking "Add".π Read
via "National Vulnerability Database".