βΌ CVE-2022-38472 βΌ
π Read
via "National Vulnerability Database".
An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40962 βΌ
π Read
via "National Vulnerability Database".
Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 104 and Firefox ESR 102.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42931 βΌ
π Read
via "National Vulnerability Database".
Logins saved by Firefox should be managed by the Password Manager component which uses encryption to save files on-disk. Instead, the username (not password) was saved by the Form Manager to an unencrypted file on disk. This vulnerability affects Firefox < 106.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22737 βΌ
π Read
via "National Vulnerability Database".
Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34470 βΌ
π Read
via "National Vulnerability Database".
Session history navigations may have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23556 βΌ
π Read
via "National Vulnerability Database".
CodeIgniter is a PHP full-stack web framework. This vulnerability may allow attackers to spoof their IP address when the server is behind a reverse proxy. This issue has been patched, please upgrade to version 4.2.11 or later, and configure `Config\App::$proxyIPs`. As a workaround, do not use `$request->getIPAddress()`.π Read
via "National Vulnerability Database".
π΄ New Brand of Security Threats Surface in the Cloud π΄
π Read
via "Dark Reading".
Tech Insight report co-produced by Black Hat, Dark Reading, and Omdia examines how cloud security is evolving in a rapid race to beat threat actors to the (cloud) breach.π Read
via "Dark Reading".
Dark Reading
New Brand of Security Threats Surface in the Cloud
Tech Insight report co-produced by Black Hat, Dark Reading, and Omdia examines how cloud security is evolving in a rapid race to beat threat actors to the (cloud) breach.
βΌ CVE-2022-43858 βΌ
π Read
via "National Vulnerability Database".
IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to access the file system and download files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks by modifying a parameter thereby gaining access to their files through this interface. IBM X-Force ID: 239303.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43859 βΌ
π Read
via "National Vulnerability Database".
IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information for an object they are authorized to but not while using this interface. By performing a UNION based SQL injection an attacker could see file permissions through this interface. IBM X-Force ID: 239304.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41977 βΌ
π Read
via "National Vulnerability Database".
An out of bounds read vulnerability exists in the way OpenImageIO version v2.3.19.0 processes string fields in TIFF image files. A specially-crafted TIFF file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41684 βΌ
π Read
via "National Vulnerability Database".
A heap out of bounds read vulnerability exists in the OpenImageIO master-branch-9aeece7a when parsing the image file directory part of a PSD image file. A specially-crafted .psd file can cause a read of arbitrary memory address which can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3805 βΌ
π Read
via "National Vulnerability Database".
The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Unauthenticated users can use an easily available nonce, obtained from pages edited by the plugin, to update the MailChimp API key, global styles, 404 page settings, and enabled elements.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3794 βΌ
π Read
via "National Vulnerability Database".
The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various AJAX actions in versions up to, and including, 2.5.6. Authenticated users can use an easily available nonce value to create header templates and make additional changes to the site, as the plugin does not use capability checks for this purpose.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26302 βΌ
π Read
via "National Vulnerability Database".
is.js is a general-purpose check library. Versions 0.9.0 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). is.js uses a regex copy-pasted from a gist to validate URLs. Trying to validate a malicious string can cause the regex to loop ΓΒ’Γ’βΒ¬Γ
βforever." This vulnerability was found using a CodeQL query which identifies inefficient regular expressions. is.js has no patch for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41649 βΌ
π Read
via "National Vulnerability Database".
A heap out of bounds read vulnerability exists in the handling of IPTC data while parsing TIFF images in OpenImageIO v2.3.19.0. A specially-crafted TIFF file can cause a read of adjacent heap memory, which can leak sensitive process information. An attacker can provide a malicious file to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22457 βΌ
π Read
via "National Vulnerability Database".
IBM Security Verify Governance, Identity Manager 10.0.1 stores sensitive information including user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 225007.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43598 βΌ
π Read
via "National Vulnerability Database".
Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `m_spec.format` is `TypeDesc::UINT16`.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43592 βΌ
π Read
via "National Vulnerability Database".
An information disclosure vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. An attacker can provide malicious input to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43857 βΌ
π Read
via "National Vulnerability Database".
IBM Navigator for i 7.3, 7.4 and 7.5 could allow an authenticated user to access IBM Navigator for i log files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks and download log files by modifying servlet filter. IBM X-Force ID: 239301.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41838 βΌ
π Read
via "National Vulnerability Database".
A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially-crafted .dds can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43600 βΌ
π Read
via "National Vulnerability Database".
Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `xmax` variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT16`π Read
via "National Vulnerability Database".