βΌ CVE-2022-36223 βΌ
π Read
via "National Vulnerability Database".
In Emby Server 4.6.7.0, the playlist name field is vulnerable to XSS stored where it is possible to steal the administrator access token and flip or steal the media server administrator account.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41962 βΌ
π Read
via "National Vulnerability Database".
BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6, and 2.5-alpha-1 contain Incorrect Authorization for setting emoji status. A user with moderator rights can use the clear status feature to set any emoji status for other users. Moderators should only be able to set none as the status of other users. This issue is patched in 2.4-rc-6 and 2.5-alpha-1There are no workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46870 βΌ
π Read
via "National Vulnerability Database".
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Zeppelin allows logged-in users to execute arbitrary javascript in other users' browsers. This issue affects Apache Zeppelin before 0.8.2. Users are recommended to upgrade to a supported version of Zeppelin.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28655 βΌ
π Read
via "National Vulnerability Database".
The improper Input Validation vulnerability in "Γ’β¬οΏ½Move folder to TrashΓ’β¬οΏ½ feature of Apache Zeppelin allows an attacker to delete the arbitrary files. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4555 βΌ
π Read
via "National Vulnerability Database".
The WP Shamsi plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the deactivate() function hooked via init() in versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to deactivate arbitrary plugins on the site. This can be used to deactivate security plugins that aids in exploiting other vulnerabilities.π Read
via "National Vulnerability Database".
β S3 Ep113: Pwning the Windows kernel β the crooks who hoodwinked Microsoft [Audio + Text] β
π Read
via "Naked Security".
Return o' the rookit, super-sneaky wireless spyware, credit card skimming, and patches galore. Listen and learn!π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ Chinese APT Group MirrorFace Interferes in Japanese Elections π΄
π Read
via "Dark Reading".
The MirrorFace group has deployed popular malware LodeInfo for spying and data theft against certain members of the Japanese House of Representatives.π Read
via "Dark Reading".
Dark Reading
Chinese APT Group MirrorFace Interferes in Japanese Elections
The MirrorFace group has deployed popular malware LodeInfo for spying and data theft against certain members of the Japanese House of Representatives.
π΄ Iran-Backed Charming Kitten APT Eyes Kinetic Ops, Kidnapping π΄
π Read
via "Dark Reading".
The not-so-charming APT's intelligence-gathering initiatives are likely being used by the Iranian state to target kidnapping victims.π Read
via "Dark Reading".
Dark Reading
Iran-Backed Charming Kitten APT Eyes Kinetic Ops, Kidnapping
The not-so-charming APT's intelligence-gathering initiatives are likely being used by the Iranian state to target kidnapping victims.
βΌ CVE-2022-20560 βΌ
π Read
via "National Vulnerability Database".
Product: AndroidVersions: Android kernelAndroid ID: A-212623833References: N/Aπ Read
via "National Vulnerability Database".
βΌ CVE-2022-20531 βΌ
π Read
via "National Vulnerability Database".
In placeCall of TelecomManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231988638π Read
via "National Vulnerability Database".
βΌ CVE-2022-20506 βΌ
π Read
via "National Vulnerability Database".
In onCreate of WifiDialogActivity.java, there is a missing permission check. This could lead to local escalation of privilege from a guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-226133034π Read
via "National Vulnerability Database".
βΌ CVE-2022-42504 βΌ
π Read
via "National Vulnerability Database".
In CallDialReqData::encodeCallNumber of callreqdata.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241232209References: N/Aπ Read
via "National Vulnerability Database".
βΌ CVE-2022-20564 βΌ
π Read
via "National Vulnerability Database".
In _ufdt_output_strtab_to_fdt of ufdt_convert.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243798789References: N/Aπ Read
via "National Vulnerability Database".
βΌ CVE-2022-47377 βΌ
π Read
via "National Vulnerability Database".
Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 with firmware version <1.13.4 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 1.13.4 as soon as possible (available in SICK Support Portal).π Read
via "National Vulnerability Database".
βΌ CVE-2022-20547 βΌ
π Read
via "National Vulnerability Database".
In multiple functions of AdapterService.java, there is a possible way to manipulate Bluetooth state due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240301753π Read
via "National Vulnerability Database".
βΌ CVE-2022-20530 βΌ
π Read
via "National Vulnerability Database".
In strings.xml, there is a possible permission bypass due to a misleading string. This could lead to remote information disclosure of call logs with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231585645π Read
via "National Vulnerability Database".
βΌ CVE-2022-20604 βΌ
π Read
via "National Vulnerability Database".
In SAECOMM_SetDcnIdForPlmn of SAECOMM_DbManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure from a single device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-230463606References: N/Aπ Read
via "National Vulnerability Database".
βΌ CVE-2022-42519 βΌ
π Read
via "National Vulnerability Database".
In CdmaBroadcastSmsConfigsRequestData::encode of cdmasmsdata.cpp, there is a possible stack clash leading to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242540694References: N/Aπ Read
via "National Vulnerability Database".
βΌ CVE-2022-46137 βΌ
π Read
via "National Vulnerability Database".
AeroCMS v0.0.1 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: AeroCMS v0.0.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20568 βΌ
π Read
via "National Vulnerability Database".
In (TBD) of (TBD), there is a possible way to corrupt kernel memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-220738351References: Upstream kernelπ Read
via "National Vulnerability Database".
βΌ CVE-2022-20602 βΌ
π Read
via "National Vulnerability Database".
Product: AndroidVersions: Android kernelAndroid ID: A-211081867References: N/Aπ Read
via "National Vulnerability Database".