βΌ CVE-2022-39072 βΌ
π Read
via "National Vulnerability Database".
There is a SQL injection vulnerability in Some ZTE Mobile Internet products. Due to insufficient validation of the input parameters of the SNTP interface, an authenticated attacker could use the vulnerability to execute stored XSS attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46761 βΌ
π Read
via "National Vulnerability Database".
The system has a vulnerability that may cause dynamic hiding and restoring of app icons.Successful exploitation of this vulnerability may cause malicious hiding of app icons.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47974 βΌ
π Read
via "National Vulnerability Database".
The Bluetooth AVRCP module has a vulnerability that can lead to DoS attacks.Successful exploitation of this vulnerability may cause the Bluetooth process to restart.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47976 βΌ
π Read
via "National Vulnerability Database".
The DMSDP module of the distributed hardware has a vulnerability that may cause imposter control connections.Successful exploitation of this vulnerability may disconnect normal service connections.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47975 βΌ
π Read
via "National Vulnerability Database".
The DUBAI module has a double free vulnerability.Successful exploitation of this vulnerability may affect system availability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46762 βΌ
π Read
via "National Vulnerability Database".
The memory management module has a logic bypass vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39073 βΌ
π Read
via "National Vulnerability Database".
There is a command injection vulnerability in ZTE MF286R, Due to insufficient validation of the input parameters, an attacker could use the vulnerability to execute arbitrary commands.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46868 βΌ
π Read
via "National Vulnerability Database".
The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access.π Read
via "National Vulnerability Database".
π΄ Russia-Linked Turla APT Sneakily Co-Opts Ancient Andromeda USB Infections π΄
π Read
via "Dark Reading".
Using command-and-control servers from the decade-old Andromeda malware, the group is installing reconnaissance tools and a backdoor on previously infected systems to target Ukrainian victims.π Read
via "Dark Reading".
Dark Reading
Russia-Linked Turla APT Sneakily Co-Opts Ancient Andromeda USB Infections
Using command-and-control servers from the decade-old Andromeda malware, the group is installing reconnaissance tools and a backdoor on previously infected systems to target Ukrainian victims.
βΌ CVE-2022-2484 βΌ
π Read
via "National Vulnerability Database".
The signature check in the Nokia ASIK AirScale system module version 474021A.101 can be bypassed allowing an attacker to run modified firmware. This could result in the execution of a malicious kernel, arbitrary programs, or modified Nokia programs.π Read
via "National Vulnerability Database".
βΌ CVE-2018-25068 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in devent globalpom-utils up to 4.5.0 and classified as critical. This vulnerability affects the function createTmpDir of the file globalpomutils-fileresources/src/main/java/com/anrisoftware/globalpom/fileresourcemanager/FileResourceManagerProvider.java. The manipulation leads to insecure temporary file. The attack can be initiated remotely. Upgrading to version 4.5.1 is able to address this issue. The name of the patch is 77a820bac2f68e662ce261ecb050c643bd7ee560. It is recommended to upgrade the affected component. VDB-217570 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44939 βΌ
π Read
via "National Vulnerability Database".
Efs Software Easy Chat Server Version 3.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. This vulnerability allows attackers to execute arbitrary code via a crafted DLL.π Read
via "National Vulnerability Database".
βΌ CVE-2018-25067 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in JoomGallery up to 3.3.3. This affects an unknown part of the file administrator/components/com_joomgallery/views/config/tmpl/default.php of the component Image Sort Handler. The manipulation leads to sql injection. Upgrading to version 3.3.4 is able to address this issue. The name of the patch is dc414ee954e849082260f8613e15a1c1e1d354a1. It is recommended to upgrade the affected component. The identifier VDB-217569 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40201 βΌ
π Read
via "National Vulnerability Database".
Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to a Stack-Based Buffer Overflow when a malformed design (DGN) file is parsed. This may allow an attacker to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41613 βΌ
π Read
via "National Vulnerability Database".
Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to an Out-of-Bounds Read when when parsing DGN files, which may allow an attacker to crash the product, disclose sensitive information, or execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2482 βΌ
π Read
via "National Vulnerability Database".
A vulnerability exists in NokiaΓ’β¬β’s ASIK AirScale system module (versions 474021A.101 and 474021A.102) that could allow an attacker to place a script on the file system accessible from Linux. A script placed in the appropriate place could allow for arbitrary code execution in the bootloader.π Read
via "National Vulnerability Database".
βΌ CVE-2013-10008 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in sheilazpy eShop. It has been classified as critical. Affected is an unknown function. The manipulation leads to sql injection. The name of the patch is e096c5849c4dc09e1074104531014a62a5413884. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217572.π Read
via "National Vulnerability Database".
βΌ CVE-2014-125052 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in JervenBolleman sparql-identifiers and classified as critical. This issue affects some unknown processing of the file src/main/java/org/identifiers/db/RegistryDao.java. The manipulation leads to sql injection. The name of the patch is 44bb0db91c064e305b192fc73521d1dfd25bde52. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217571.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2483 βΌ
π Read
via "National Vulnerability Database".
The bootloader in the Nokia ASIK AirScale system module (versions 474021A.101 and 474021A.102) loads public keys for firmware verification signature. If an attacker modifies the flash contents to corrupt the keys, secure boot could be permanently disabled on a given device.π Read
via "National Vulnerability Database".
π΄ In Memoriam: Remembering Those Who Passed π΄
π Read
via "Dark Reading".
Security stands on the shoulders of giants. We take a moment to remember their contributions toward keeping people, data, and systems safe.π Read
via "Dark Reading".
Dark Reading
In Memoriam: Remembering Those Who Passed
Security stands on the shoulders of giants. We take a moment to remember their contributions toward keeping people, data, and systems safe.
βΌ CVE-2022-45911 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur on the Classic UI login page by injecting arbitrary JavaScript code in the username field. This occurs before the user logs into the system, which means that even if the attacker executes arbitrary JavaScript, they will not get any sensitive information.π Read
via "National Vulnerability Database".