βΌ CVE-2022-3341 βΌ
π Read
via "National Vulnerability Database".
A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an application to crash.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46503 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in the component /admin/register.php of Online Student Enrollment System v1.0 allows attackers to execute arbitrary web scripts via a crafted payload injected into the name parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2155 βΌ
π Read
via "National Vulnerability Database".
A vulnerability exists in the affected versions of Lumada APMΓ’β¬β’s User Asset Group feature due to a flaw in access control mechanism implementation on the Γ’β¬ΕLimited EngineerΓ’β¬οΏ½ role, granting it access to the embedded Power BI reports feature. An attacker that manages to exploit the vulnerability on a customerΓ’β¬β’s Lumada APM could access unauthorized information by gaining unauthorized access to any Power BI reports installed by the customer. Furthermore, the vulnerability enables an attacker to manipulate asset issue comments on assets, which should not be available to the attacker. Affected versions * Lumada APM on-premises version 6.0.0.0 - 6.4.0.* List of CPEs: * cpe:2.3:a:hitachienergy:lumada_apm:6.0.0.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:lumada_apm:6.1.0.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:lumada_apm:6.2.0.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:lumada_apm:6.3.0.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:lumada_apm:6.4.0.0:*:*:*:*:*:*:*π Read
via "National Vulnerability Database".
βΌ CVE-2022-39187 βΌ
π Read
via "National Vulnerability Database".
Rumpus - FTP server version 9.0.7.1 has a Reflected cross-site scripting (RXSS) vulnerability through unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3515 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46370 βΌ
π Read
via "National Vulnerability Database".
Rumpus - FTP server version 9.0.7.1 Improper Token VerificationΓ’β¬β vulnerability may allow bypassing identity verification.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0245 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in SourceCodester Online Flight Booking Management System. This issue affects some unknown processing of the file add_contestant.php. The manipulation of the argument add_contestant leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-218153 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46368 βΌ
π Read
via "National Vulnerability Database".
Rumpus - FTP server version 9.0.7.1 Cross-site request forgery (CSRF) Γ’β¬β vulnerability may allow unauthorized action on behalf of authenticated users.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0243 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in TuziCMS 2.0.6. This affects the function index of the file App\Manage\Controller\ArticleController.class.php of the component Article Module. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-218151.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39186 βΌ
π Read
via "National Vulnerability Database".
EXFO - BV-10 Performance Endpoint Unit misconfiguration. System configuration file has misconfigured permissionsπ Read
via "National Vulnerability Database".
βΌ CVE-2022-46371 βΌ
π Read
via "National Vulnerability Database".
Alotcer - AR7088H-A firmware version 16.10.3 Information disclosure. Unspecified error message contains the default administrator user name.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46372 βΌ
π Read
via "National Vulnerability Database".
Alotcer - AR7088H-A firmware version 16.10.3 Command execution Improper validation of unspecified input field may allow Authenticated command execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46367 βΌ
π Read
via "National Vulnerability Database".
Rumpus - FTP server Cross-site request forgery (CSRF) Γ’β¬β Privilege escalation vulnerability that may allow privilege escalation.π Read
via "National Vulnerability Database".
β Microsoft Patch Tuesday: One 0-day; Win 7 and 8.1 get last-ever patches β
π Read
via "Naked Security".
Get 'em while they're hot. And get 'em for the very last time, if you still have Windows 7 or 8.1...π Read
via "Naked Security".
β S3 Ep117: The crypto crisis that wasnβt (and farewell forever to Win 7) [Audio + Text] β
π Read
via "Naked Security".
Tell us in the comments... What's the REAL reason there was no Windows 9? (No theory too far-fetched!)π Read
via "Naked Security".
Naked Security
S3 Ep117: The crypto crisis that wasnβt (and farewell forever to Win 7) [Audio + Text]
Tell us in the commentsβ¦ Whatβs the REAL reason there was no Windows 9? (No theory too far-fetched!)
βΌ CVE-2022-43591 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0254 βΌ
π Read
via "National Vulnerability Database".
The Simple Membership WP user Import plugin for WordPress is vulnerable to SQL Injection via the Γ’β¬ΛorderbyΓ’β¬β’ parameter in versions up to, and including, 1.7 due to insufficient escaping on the user supplied parameter. This makes it possible for authenticated attackers with administrative privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0247 βΌ
π Read
via "National Vulnerability Database".
Uncontrolled Search Path Element in GitHub repository bits-and-blooms/bloom prior to 3.3.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40983 βΌ
π Read
via "National Vulnerability Database".
An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer overflow during memory allocation, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3977 βΌ
π Read
via "National Vulnerability Database".
A use-after-free flaw was found in the Linux kernel MCTP (Management Component Transport Protocol) functionality. This issue occurs when a user simultaneously calls DROPTAG ioctl and socket close happens, which could allow a local user to crash the system or potentially escalate their privileges on the system.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3628 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges.π Read
via "National Vulnerability Database".