βΌ CVE-2022-44898 βΌ
π Read
via "National Vulnerability Database".
The MsIo64.sys component in Asus Aura Sync through v1.07.79 does not properly validate input to IOCTL 0x80102040, 0x80102044, 0x80102050, and 0x80102054, allowing attackers to trigger a memory corruption and cause a Denial of Service (DoS) or escalate privileges via crafted IOCTL requests.π Read
via "National Vulnerability Database".
βοΈ Microsoft Patch Tuesday, December 2022 Edition βοΈ
π Read
via "Krebs on Security".
Microsoft has released its final monthly batch of security updates for 2022, fixing more than four dozen security holes in its various Windows operating systems and related software. The most pressing patches include a zero-day vulnerability in a Windows feature that tries to flag malicious files from the Web, a critical bug in PowerShell, and a dangerous flaw in Windows 11 systems that was detailed publicly prior to this week's Patch Tuesday.π Read
via "Krebs on Security".
Krebs on Security
Microsoft Patch Tuesday, December 2022 Edition
Microsoft has released its final monthly batch of security updates for 2022, fixing more than four dozen security holes in its various Windows operating systems and related software. The most pressing patches include a zero-day vulnerability in a Windowsβ¦
β€1
π΄ Apple Zero-Day Actively Exploited on iPhone 15 π΄
π Read
via "Dark Reading".
Without many details, Apple patches a vulnerability that has been exploited in the wild to execute code.π Read
via "Dark Reading".
Dark Reading
Apple Zero-Day Actively Exploited on iPhone 15
Without many details, Apple patches a vulnerability that has been exploited in the wild to execute code.
π΄ CSAF Is the Future of Vulnerability Management π΄
π Read
via "Dark Reading".
Version 2.0 of the Common Security Advisory Framework will enable organizations to automate vulnerability remediation.π Read
via "Dark Reading".
Dark Reading
CSAF Is the Future of Vulnerability Management
Version 2.0 of the Common Security Advisory Framework will enable organizations to automate vulnerability remediation.
π΄ Microsoft-Signed Malicious Drivers Usher In EDR-Killers, Ransomware π΄
π Read
via "Dark Reading".
Malicious Windows drivers signed as legit by Microsoft have been spotted as part of a toolkit used to kill off security processes in post-exploitation cyber activity.π Read
via "Dark Reading".
Dark Reading
Microsoft-Signed Malicious Drivers Usher In EDR-Killers, Ransomware
Malicious Windows drivers signed as legit by Microsoft have been spotted as part of a toolkit used to kill off security processes in post-exploitation cyber activity.
π1
βΌ CVE-2022-46071 βΌ
π Read
via "National Vulnerability Database".
There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Login Page. This vulnerability can be exploited to bypass admin access.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46074 βΌ
π Read
via "National Vulnerability Database".
Helmet Store Showroom 1.0 is vulnerable to Cross Site Request Forgery (CSRF). An unauthenticated user can add an admin account due to missing CSRF protection.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23519 βΌ
π Read
via "National Vulnerability Database".
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags in either of the following ways: allow both "math" and "style" elements, or allow both "svg" and "style" elements. Code is only impacted if allowed tags are being overridden. . This issue is fixed in version 1.4.4. All users overriding the allowed tags to include "math" or "svg" and "style" should either upgrade or use the following workaround immediately: Remove "style" from the overridden allowed tags, or remove "math" and "svg" from the overridden allowed tags.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23527 βΌ
π Read
via "National Vulnerability Database".
mod_auth_openidc is an OpenID CertifiedΓ’βΒ’ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidc_validate_redirect_url() does not properly check for URLs that start with /\t, leading to an open redirect. This issue has been patched in version 2.4.12.2. Users unable to upgrade can mitigate the issue by configuring mod_auth_openidc to only allow redirection when the destination matches a given regular expression with OIDCRedirectURLsAllowed.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46123 βΌ
π Read
via "National Vulnerability Database".
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/categories/manage_category.php?id=.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46073 βΌ
π Read
via "National Vulnerability Database".
Helmet Store Showroom 1.0 is vulnerable to Cross Site Scripting (XSS).π Read
via "National Vulnerability Database".
βΌ CVE-2022-46126 βΌ
π Read
via "National Vulnerability Database".
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/brands/manage_brand.php?id=.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46120 βΌ
π Read
via "National Vulnerability Database".
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=products/view_product&id=.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44910 βΌ
π Read
via "National Vulnerability Database".
Binbloom 2.0 was discovered to contain a heap buffer overflow via the read_pointer function at /binbloom-master/src/helpers.c.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46072 βΌ
π Read
via "National Vulnerability Database".
Helmet Store Showroom v1.0 vulnerable to unauthenticated SQL Injection.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46119 βΌ
π Read
via "National Vulnerability Database".
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/?page=categories&c=.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46127 βΌ
π Read
via "National Vulnerability Database".
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/classes/Master.php?f=delete_product.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46443 βΌ
π Read
via "National Vulnerability Database".
mesinkasir Bangresto 1.0 is vulnberable to SQL Injection via the itemqty%5B%5D parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46124 βΌ
π Read
via "National Vulnerability Database".
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=user/manage_user&id=.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23518 βΌ
π Read
via "National Vulnerability Database".
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, < 1.4.4 are vulnerable to cross-site scripting via data URIs when used in combination with Loofah >= 2.1.0. This issue is patched in version 1.4.4.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46117 βΌ
π Read
via "National Vulnerability Database".
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/?page=view_product&id=.π Read
via "National Vulnerability Database".