โผ CVE-2022-4403 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in SourceCodester Canteen Management System. This vulnerability affects unknown code of the file ajax_represent.php. The manipulation of the argument customer_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215272.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-4409 โผ
๐ Read
via "National Vulnerability Database".
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.1.9.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-44031 โผ
๐ Read
via "National Vulnerability Database".
Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-45759 โผ
๐ Read
via "National Vulnerability Database".
SENS v1.0 has a file upload vulnerability.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-44637 โผ
๐ Read
via "National Vulnerability Database".
Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on the configuration, this may require login as a registered user.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-45758 โผ
๐ Read
via "National Vulnerability Database".
SENS v1.0 is vulnerable to Cross Site Scripting (XSS) via com.liuyanzhao.sens.web.controller.admin, getRegister.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-45227 โผ
๐ Read
via "National Vulnerability Database".
The web portal of Dragino Lora LG01 18ed40 IoT v4.3.4 has the directory listing at the URL https://10.10.20.74/lib/. This address has a backup file which can be downloaded without any authentication.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-25836 โผ
๐ Read
via "National Vulnerability Database".
Bluetoothรยฎ Low Energy Pairing in Bluetooth Core Specification v4.0 through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when the MITM negotiates Legacy Passkey Pairing with the pairing Initiator and Secure Connections Passkey Pairing with the pairing Responder and brute forces the Passkey entered by the user into the Initiator. The MITM attacker can use the identified Passkey value to complete authentication with the Responder via Bluetooth pairing method confusion.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-31596 โผ
๐ Read
via "National Vulnerability Database".
Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjects Business Intelligence Platform (Monitoring DB) - version 430, can access BOE Monitoring database to retrieve and modify (non-personal) system data which would otherwise be restricted. Also, a potential attack could be used to leave the CMS's scope and impact the database. A successful attack could have a low impact on confidentiality, a high impact on integrity, and a low impact on availability.๐ Read
via "National Vulnerability Database".
๐1
โผ CVE-2022-45760 โผ
๐ Read
via "National Vulnerability Database".
SENS v1.0 is vulnerable to Incorrect Access Control vulnerability.๐ Read
via "National Vulnerability Database".
๐1
โผ CVE-2022-45228 โผ
๐ Read
via "National Vulnerability Database".
Dragino Lora LG01 18ed40 IoT v4.3.4 was discovered to contain a Cross-Site Request Forgery in the logout page.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-25837 โผ
๐ Read
via "National Vulnerability Database".
Bluetoothรยฎ Pairing in Bluetooth Core Specification v1.0B through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when at least one device supports BR/EDR Secure Connections pairing and the other BR/EDR Legacy PIN code pairing if the MITM negotiates BR/EDR Secure Simple Pairing in Secure Connections mode using the Passkey association model with the pairing Initiator and BR/EDR Legacy PIN code pairing with the pairing Responder and brute forces the Passkey entered by the user into the Responder as a 6-digit PIN code. The MITM attacker can use the identified PIN code value as the Passkey value to complete authentication with the Initiator via Bluetooth pairing method confusion.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-45756 โผ
๐ Read
via "National Vulnerability Database".
SENS v1.0 is vulnerable to Cross Site Scripting (XSS).๐ Read
via "National Vulnerability Database".
โผ CVE-2022-3485 โผ
๐ Read
via "National Vulnerability Database".
In IFM Moneo Appliance with version up to 1.9.3 an unauthenticated remote attacker can reset the administrator password by only supplying the serial number.๐ Read
via "National Vulnerability Database".
๐ด Trilio Raises $17M, Appoints Massood Zarrabian as CEO ๐ด
๐ Read
via "Dark Reading".
Funding and new leadership to drive innovation and growth in cloud-native application resiliency; round led by SKK Ventures with T-Mobile and Telefonica.๐ Read
via "Dark Reading".
Dark Reading
Trilio Raises $17M, Appoints Massood Zarrabian as CEO
Funding and new leadership to drive innovation and growth in cloud-native application resiliency; round led by SKK Ventures with T-Mobile and Telefonica.
โผ CVE-2022-37923 โผ
๐ Read
via "National Vulnerability Database".
Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-37925 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability within the web-based management interface of Aruba EdgeConnect Enterprise could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-37908 โผ
๐ Read
via "National Vulnerability Database".
An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. Successful exploitation can compromise the hardware chain of trust on the impacted controller.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-37912 โผ
๐ Read
via "National Vulnerability Database".
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-37897 โผ
๐ Read
via "National Vulnerability Database".
There is a command injection vulnerability that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-37900 โผ
๐ Read
via "National Vulnerability Database".
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.๐ Read
via "National Vulnerability Database".