βΌ CVE-2022-30421 βΌ
π Read
via "National Vulnerability Database".
Improper Authentication vulnerability in Toshiba Storage Security Software V1.2.0.7413 is that allows for sensitive information to be obtained via(local) password authentication module.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25979 βΌ
π Read
via "National Vulnerability Database".
Versions of the package jsuites before 5.0.1 are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization in the Editor() function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4441 βΌ
π Read
via "National Vulnerability Database".
Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.9.0 before 04.9.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4041 βΌ
π Read
via "National Vulnerability Database".
Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.1.π Read
via "National Vulnerability Database".
β Serious Security: The Samba logon bug caused by outdated crypto β
π Read
via "Naked Security".
Enjoy our Serious Security deep dive into this real-world example of why cryptographic agility is important!π Read
via "Naked Security".
Naked Security
Serious Security: The Samba logon bug caused by outdated crypto
Enjoy our Serious Security deep dive into this real-world example of why cryptographic agility is important!
βΌ CVE-2022-39060 βΌ
π Read
via "National Vulnerability Database".
ChangingTech MegaServiSignAdapter component has a vulnerability of improper input validation. An unauthenticated remote attacker can exploit this vulnerability to access and modify HKEY_CURRENT_USER subkey (ex: AutoRUN) in Registry where malicious scripts can be executed to take control of the system or to terminate the service.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-22900 βΌ
π Read
via "National Vulnerability Database".
Efence login function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify or delete database.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39061 βΌ
π Read
via "National Vulnerability Database".
ChangingTech MegaServiSignAdapter component has a vulnerability of Out-of-bounds Read due to insufficient validation for parameter length. An unauthenticated remote attacker can exploit this vulnerability to access partial sensitive content in memory and disrupts partial services.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44644 βΌ
π Read
via "National Vulnerability Database".
In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, an authenticated attacker could read arbitrary local file by connecting a rogue mysql server, By adding allowLoadLocalInfile to true in the jdbc parameter. Therefore, the parameters in the jdbc url should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3π Read
via "National Vulnerability Database".
βΌ CVE-2022-44645 βΌ
π Read
via "National Vulnerability Database".
In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. Therefore, the parameters in the jdbc url should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users to upgrade the version of Linkis to version 1.3.1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0592 βΌ
π Read
via "National Vulnerability Database".
A path traversal vulnerability affects jefferson's JFFS2 filesystem extractor. By crafting malicious JFFS2 files, attackers could force jefferson to write outside of the extraction directory.This issue affects jefferson: before 0.4.1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0593 βΌ
π Read
via "National Vulnerability Database".
A path traversal vulnerability affects yaffshiv YAFFS filesystem extractor. By crafting a malicious YAFFS file, an attacker could force yaffshiv to write outside of the extraction directory. This issue affects yaffshiv up to version 0.1 included, which is the most recent at time of publication.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0591 βΌ
π Read
via "National Vulnerability Database".
ubireader_extract_files is vulnerable to path traversal when run against specifically crafted UBIFS files, allowing the attacker to overwrite files outside of the extraction directory (provided the process has write access to that file or directory). This is due to the fact that a node name (dent_node.name) is considered trusted and joined to the extraction directory path during processing, then the node content is written to that joined path. By crafting a malicious UBIFS file with node names holding path traversal payloads (e.g. ../../tmp/outside.txt), it's possible to force ubi_reader to write outside of the extraction directory. This issue affects ubi-reader before 0.8.5.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45789 βΌ
π Read
via "National Vulnerability Database".
A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxureΓ’βΒ’ Control Expert (All Versions), EcoStruxureΓ’βΒ’ Process Expert (Version V2020 & prior), Modicon M340 CPU (part numbers BMXP34*) (All Versions), Modicon M580 CPU (part numbers BMEP* and BMEH*) (All Versions), Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) (All Versions)π Read
via "National Vulnerability Database".
βΌ CVE-2022-39059 βΌ
π Read
via "National Vulnerability Database".
ChangingTech MegaServiSignAdapter component has a path traversal vulnerability within its file reading function. An unauthenticated remote attacker can exploit this vulnerability to access arbitrary system files.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24829 βΌ
π Read
via "National Vulnerability Database".
Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 before 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.3 of iotdb-web-workbench onwards.π Read
via "National Vulnerability Database".
π Suricata IDPE 6.0.10 π
π Read
via "Packet Storm Security".
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.π Read
via "Packet Storm Security".
Packetstormsecurity
Suricata IDPE 6.0.10 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2022-47698 βΌ
π Read
via "National Vulnerability Database".
COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 is vulnerable to Cross Site Scripting (XSS) via the URL filtering feature in the router.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47854 βΌ
π Read
via "National Vulnerability Database".
i-librarian 4.10 is vulnerable to Arbitrary file upload in ajaxsupplement.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47701 βΌ
π Read
via "National Vulnerability Database".
COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 is vulnerable to Cross Site Scripting (XSS).π Read
via "National Vulnerability Database".
βΌ CVE-2022-47700 βΌ
π Read
via "National Vulnerability Database".
COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 and before is vulnerable to Incorrect Access Control. Improper authentication allows requests to be made to back-end scripts without a valid session or authentication.π Read
via "National Vulnerability Database".