‼ CVE-2022-3109 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the FFmpeg through 3.0. vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause the null pointer dereference, impacting confidentiality and availability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20516 ‼
📖 Read
via "National Vulnerability Database".
In rw_t3t_act_handle_check_ndef_rsp of rw_t3t.cc, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224002331📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20561 ‼
📖 Read
via "National Vulnerability Database".
In TBD of aud_hal_tunnel.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222162870References: N/A📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20591 ‼
📖 Read
via "National Vulnerability Database".
In ppmpu_set of ppmpu.c, there is a possible information disclosure due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238939706References: N/A📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20596 ‼
📖 Read
via "National Vulnerability Database".
In sendChunk of WirelessCharger.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239700400References: N/A📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44469 ‼
📖 Read
via "National Vulnerability Database".
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.📖 Read
via "National Vulnerability Database".
🗓️ Deserialized web security roundup – Fortinet, Citrix bugs; another Uber breach; hacking NFTs at Black Hat 🗓️
📖 Read
via "The Daily Swig".
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Deserialized web security roundup – Fortinet, Citrix bugs; another Uber breach; hacking NFTs at Black Hat
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news
🕴 Organizations Unprepared for Upcoming Data Privacy Regulations 🕴
📖 Read
via "Dark Reading".
A comprehensive data privacy program requires involvement from all parts of the business that deal with personal data.📖 Read
via "Dark Reading".
Dark Reading
Organizations Unprepared for Upcoming Data Privacy Regulations
A comprehensive data privacy program requires involvement from all parts of the business that deal with personal data.
🕴 With SASE Definition Still Cloudy, Forum Proposes Standard 🕴
📖 Read
via "Dark Reading".
Even without an overarching dictionary of common definitions, the concept of a secure access service edge (SASE) has spread, but a standard could help cloud services work better together.📖 Read
via "Dark Reading".
Dark Reading
With SASE Definition Still Cloudy, Forum Proposes Standard
Even without an overarching dictionary of common definitions, the concept of a secure access service edge (SASE) has spread, but a standard could help cloud services work better together.
‼ CVE-2022-4561 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in SemanticDrilldown Extension. Affected is the function printFilterLine of the file includes/specials/SDBrowseDataPage.php of the component GET Parameter Handler. The manipulation of the argument value leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 6e18cf740a4548166c1d95f6d3a28541d298a3aa. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215964.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4559 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in INEX IPX-Manager up to 6.2.0. It has been declared as problematic. This vulnerability affects unknown code of the file resources/views/customer/list.foil.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 6.3.0 is able to address this issue. The name of the patch is bc9b14c6f70cccdb89b559e8bc3a7318bfe9c243. It is recommended to upgrade the affected component. VDB-215962 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41972 ‼
📖 Read
via "National Vulnerability Database".
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to 4.9 contain a NULL Pointer Dereference in BLE L2CAP module. The Contiki-NG operating system for IoT devices contains a Bluetooth Low Energy stack. An attacker can inject a packet in this stack, which causes the implementation to dereference a NULL pointer and triggers undefined behavior. More specifically, while processing the L2CAP protocol, the implementation maps an incoming channel ID to its metadata structure. In this structure, state information regarding credits is managed through calls to the function input_l2cap_credit in the module os/net/mac/ble/ble-l2cap.c. Unfortunately, the input_l2cap_credit function does not check that the metadata corresponding to the user-supplied channel ID actually exists, which can lead to the channel variable being set to NULL before a pointer dereferencing operation is performed. The vulnerability has been patched in the "develop" branch of Contiki-NG, and will be included in release 4.9. Users can apply the patch in Contiki-NG pull request #2253 as a workaround until the new package is released.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4558 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in Alinto SOGo up to 5.7.1. It has been classified as problematic. This affects an unknown part of the file SoObjects/SOGo/NSString+Utilities.m of the component Folder/Mail Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 5.8.0 is able to address this issue. The name of the patch is 1e0f5f00890f751e84d67be4f139dd7f00faa5f3. It is recommended to upgrade the affected component. The identifier VDB-215961 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4564 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in University of Central Florida Materia up to 9.0.1-alpha1. This affects the function before of the file fuel/app/classes/controller/api.php of the component API Controller. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 9.0.2-alpha2 is able to address this issue. The name of the patch is af259115d2e8f17068e61902151ee8a9dbac397b. It is recommended to upgrade the affected component. The identifier VDB-215973 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41964 ‼
📖 Read
via "National Vulnerability Database".
BigBlueButton is an open source web conferencing system. This vulnerability only affects release candidates of BigBlueButton 2.4. The attacker can start a subscription for poll results before starting an anonymous poll, and use this subscription to see individual responses in the anonymous poll. The attacker had to be a meeting presenter. This issue is patched in version 2.4.0. There are no workarounds.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41992 ‼
📖 Read
via "National Vulnerability Database".
A memory corruption vulnerability exists in the VHD File Format parsing CXSPARSE record functionality of PowerISO PowerISO 8.3. A specially-crafted file can lead to an out-of-bounds write. A victim needs to open a malicious file to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4556 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in Alinto SOGo up to 5.7.1 and classified as problematic. Affected by this issue is the function _migrateMailIdentities of the file SoObjects/SOGo/SOGoUserDefaults.m of the component Identity Handler. The manipulation of the argument fullName leads to cross site scripting. The attack may be launched remotely. Upgrading to version 5.8.0 is able to address this issue. The name of the patch is efac49ae91a4a325df9931e78e543f707a0f8e5e. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215960.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4563 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in Freedom of the Press SecureDrop. It has been rated as critical. Affected by this issue is some unknown functionality of the file gpg-agent.conf. The manipulation leads to symlink following. Local access is required to approach this attack. The name of the patch is b0526a06f8ca713cce74b63e00d3730618d89691. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215972.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4560 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in Joget up to 7.0.32. It has been rated as problematic. This issue affects the function getInternalJsCssLib of the file wflow-core/src/main/java/org/joget/plugin/enterprise/UniversalTheme.java of the component wflow-core. The manipulation of the argument key leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 8.0-BETA is able to address this issue. The name of the patch is ecf8be8f6f0cb725c18536ddc726d42a11bdaa1b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215963.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46109 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC15 V15.03.06.23 is vulnerable to Buffer Overflow via function formSetClientState.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4565 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in Dromara HuTool up to 5.8.10. This vulnerability affects unknown code of the file cn.hutool.core.util.ZipUtil.java. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.8.11 is able to address this issue. It is recommended to upgrade the affected component. VDB-215974 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".