‼ CVE-2022-30304 ‼
📖 Read
via "National Vulnerability Database".
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiAnalyzer versions prior to 7.2.1, 7.0.4 and 6.4.8 may allow a remote unauthenticated attacker to perform a stored cross site scripting (XSS) attack via the URL parameter observed in the FortiWeb attack event logview in FortiAnalyzer.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26843 ‼
📖 Read
via "National Vulnerability Database".
Insufficient visual distinction of homoglyphs presented to user in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.1 for Intel(R) oneAPI Toolkits before version 2022.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30530 ‼
📖 Read
via "National Vulnerability Database".
Protection mechanism failure in the Intel(R) DSA software before version 22.4.26 may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
🕴 ESXi Ransomware Update Outfoxes CISA Recovery Script 🕴
📖 Read
via "Dark Reading".
New ESXiArgs-ransomware attacks include a workaround for CISA's decryptor, researchers find.📖 Read
via "Dark Reading".
Dark Reading
ESXi Ransomware Update Outfoxes CISA Recovery Script
New ESXiArgs-ransomware attacks include a workaround for CISA's decryptor, researchers find.
‼ CVE-2022-33964 ‼
📖 Read
via "National Vulnerability Database".
Improper input validation in the Intel(R) SUR software before version 2.4.8902 may allow an unauthenticated user to potentially enable escalation of privilege via network access.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2021-43529 ‼
📖 Read
via "National Vulnerability Database".
Thunderbird versions prior to 91.3.0 are vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. Thunderbird versions 91.3.0 and later will not call the vulnerable code when processing S/MIME messages that contain certificates with DER-encoded DSA or RSA-PSS signatures.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-48325 ‼
📖 Read
via "National Vulnerability Database".
Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 allow attackers to execute arbitrary code. Affects the following parameters: (1) year, (2) oldSenha, (3) novaSenha, (4) termo, (5) nome, (6) cnpj, (7) ie, (8) cep, (9) logradouro, (10) numero, (11) bairro, (12) cidade, (13) uf, (14) telefone, (15) email, (16) id, (17) app_name, (18) per_page, (19) app_theme, (20) os_notification, (21) email_automatico, (22) control_estoque, (23) notifica_whats, (24) control_baixa, (25) control_editos, (26) control_edit_vendas, (27) control_datatable, (28) pix_key, (29) os_status_list, (30) control_2vias, (31) status, (32) start, (33) end in file application/controllers/Mapos.php; (34) token, (35) senha, (36) email, (37) nomeCliente, (38) documento, (39) telefone, (40) celular, (41) rua, (42) numero, (43) complemento, (44) bairro, (45) cidade, (46) estado, (47) cep, (48) idClientes, (49) descricaoProduto, (50) defeito in file application/controllers/Mine.php; (51) pesquisa, (52) status, (53) data, (54) data2, (55) dataInicial, (56) dataFinal, (57) termoGarantia, (58) garantias_id, (59) clientes_id, (60) usuarios_id, (61) idOs, (62) garantia, (63) descricaoProduto, (64) defeito, (65) observacoes, (66) laudoTecnico, (67) id, (68) preco, (69) quantidade, (70) idProduto, (71) idOsProduto, (72) produto, (73) idServico, (74) idOsServico, (75) desconto, (76) tipoDesconto, (77) resultado, (78) vencimento, (79) recebimento, (80) os_id, (81) valor, (82) recebido, (83) formaPgto, (84) tipo, (85) anotacao, (86) idAnotacao in file application/controllers/Os.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35729 ‼
📖 Read
via "National Vulnerability Database".
Out of bounds read in firmware for OpenBMC in some Intel(R) platforms before version 0.72 may allow unauthenticated user to potentially enable denial of service via network access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32971 ‼
📖 Read
via "National Vulnerability Database".
Improper authentication in the Intel(R) SUR software before version 2.4.8902 may allow a privileged user to potentially enable escalation of privilege via network access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27234 ‼
📖 Read
via "National Vulnerability Database".
Server-side request forgery in the CVAT software maintained by Intel(R) before version 2.0.1 may allow an authenticated user to potentially enable information disclosure via network access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35883 ‼
📖 Read
via "National Vulnerability Database".
NULL pointer dereference in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable denial of service via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36416 ‼
📖 Read
via "National Vulnerability Database".
Protection mechanism failure in the Intel(R) Ethernet 500 Series Controller drivers for VMware before version 1.10.0.13 may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27170 ‼
📖 Read
via "National Vulnerability Database".
Protection mechanism failure in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0637 ‼
📖 Read
via "National Vulnerability Database".
There was an open redirection vulnerability pollbot, which was used in https://pollbot.services.mozilla.com/ and https://pollbot.stage.mozaws.net/ An attacker could have redirected anyone to malicious sites.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38056 ‼
📖 Read
via "National Vulnerability Database".
Improper neutralization in the Intel(R) EMA software before version 1.8.1.0 may allow a privileged user to potentially enable escalation of privilege via network access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29493 ‼
📖 Read
via "National Vulnerability Database".
Uncaught exception in webserver for the Integrated BMC in some Intel(R) platforms before versions 2.86, 2.09 and 2.78 may allow a privileged user to potentially enable denial of service via network access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29494 ‼
📖 Read
via "National Vulnerability Database".
Improper input validation in firmware for OpenBMC in some Intel(R) platforms before versions egs-0.91-179 and bhs-04-45 may allow an authenticated user to potentially enable denial of service via network access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27808 ‼
📖 Read
via "National Vulnerability Database".
Insufficient control flow management in some Intel(R) Ethernet Controller Administrative Tools drivers for Windows before version 1.5.0.2 may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36397 ‼
📖 Read
via "National Vulnerability Database".
Incorrect default permissions in the software installer for some Intel(R) QAT drivers for Linux before version 4.17 may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36287 ‼
📖 Read
via "National Vulnerability Database".
Uncaught exception in the FCS Server software maintained by Intel before version 1.1.79.3 may allow a privileged user to potentially enable denial of service via physical access.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-6817 ‼
📖 Read
via "National Vulnerability Database".
bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}).📖 Read
via "National Vulnerability Database".
👍1