βΌ CVE-2022-32631 βΌ
π Read
via "National Vulnerability Database".
In Wi-Fi, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07453613; Issue ID: ALPS07453613.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32630 βΌ
π Read
via "National Vulnerability Database".
In throttling, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07405966; Issue ID: ALPS07405966.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32628 βΌ
π Read
via "National Vulnerability Database".
In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310780; Issue ID: ALPS07310780.π Read
via "National Vulnerability Database".
β Ping of death! FreeBSD fixes crashtastic bug in network tool β
π Read
via "Naked Security".
It's a venerable program, and this version had a venerable bug in it.π Read
via "Naked Security".
Naked Security
Ping of death! FreeBSD fixes crashtastic bug in network tool
Itβs a venerable program, and this version had a venerable bug in it.
βΌ CVE-2022-3837 βΌ
π Read
via "National Vulnerability Database".
The Uji Countdown WordPress plugin through 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).π Read
via "National Vulnerability Database".
βΌ CVE-2022-3892 βΌ
π Read
via "National Vulnerability Database".
The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2.2 does not sanitize and escape Client IDs, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)π Read
via "National Vulnerability Database".
βΌ CVE-2022-3677 βΌ
π Read
via "National Vulnerability Database".
The Advanced Import WordPress plugin before 1.3.8 does not have CSRF check when installing and activating plugins, which could allow attackers to make a logged in admin install arbitrary plugins from WordPress.org, and activate arbitrary ones from the blog via CSRF attacksπ Read
via "National Vulnerability Database".
βΌ CVE-2022-3838 βΌ
π Read
via "National Vulnerability Database".
The WPUpper Share Buttons WordPress plugin through 3.42 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).π Read
via "National Vulnerability Database".
βΌ CVE-2022-3249 βΌ
π Read
via "National Vulnerability Database".
The WP CSV Exporter WordPress plugin before 1.3.7 does not properly sanitise and escape some parameters before using them in a SQL statement, allowing high privilege users such as admin to perform SQL injection attacksπ Read
via "National Vulnerability Database".
βΌ CVE-2022-3856 βΌ
π Read
via "National Vulnerability Database".
The Comic Book Management System WordPress plugin before 2.2.0 does not sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3846 βΌ
π Read
via "National Vulnerability Database".
The Workreap WordPress theme before 2.6.3 has a vulnerability with the notifications feature as it's possible to read any user's notification (employer or freelancer) as the notification ID is brute-forceable.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3830 βΌ
π Read
via "National Vulnerability Database".
The WP Page Builder WordPress plugin through 1.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).π Read
via "National Vulnerability Database".
βΌ CVE-2022-3926 βΌ
π Read
via "National Vulnerability Database".
The WP OAuth Server (OAuth Authentication) WordPress plugin before 3.4.2 does not have CSRF check when regenerating secrets, which could allow attackers to make logged in admins regenerate the secret of an arbitrary client given they know the client IDπ Read
via "National Vulnerability Database".
βΌ CVE-2022-3907 βΌ
π Read
via "National Vulnerability Database".
The Clerk WordPress plugin before 4.0.0 is affected by time-based attacks in the validation function for all API requests due to the usage of comparison operators to verify API keys against the ones stored in the site options.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3858 βΌ
π Read
via "National Vulnerability Database".
The Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line, WeChat, Email, SMS, Call Button WordPress plugin before 3.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-3426 βΌ
π Read
via "National Vulnerability Database".
The Advanced WP Columns WordPress plugin through 2.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).π Read
via "National Vulnerability Database".
βΌ CVE-2022-3909 βΌ
π Read
via "National Vulnerability Database".
The Add Comments WordPress plugin through 1.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).π Read
via "National Vulnerability Database".
βΌ CVE-2022-3694 βΌ
π Read
via "National Vulnerability Database".
The Syncee WordPress plugin before 1.0.10 leaks the administrator token that can be used to take over the administrator's account.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1540 βΌ
π Read
via "National Vulnerability Database".
The PostmagThemes Demo Import WordPress plugin through 1.0.7 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files (such as PHP) leading to RCE.π Read
via "National Vulnerability Database".
π΄ Cybersecurity Should Focus on Managing Risk π΄
π Read
via "Dark Reading".
Preventing all data breaches is an unrealistic goal. Instead, focus on finding and minimizing the greatest risks.π Read
via "Dark Reading".
Dark Reading
Cybersecurity Should Focus on Managing Risk
Preventing all data breaches is an unrealistic goal. Instead, focus on finding and minimizing the greatest risks.
π΄ Cyberattack Shuts Down French Hospital π΄
π Read
via "Dark Reading".
Patients transferred and operations canceled following a recent network breach at a hospital in the outskirts of Paris.π Read
via "Dark Reading".
Dark Reading
Cyberattack Shuts Down French Hospital
Patients transferred and operations canceled following a recent network breach at a hospital in the outskirts of Paris.