๐จ CVE-2022-26495
In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME messages.
๐@cveNotify
In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME messages.
๐@cveNotify
sourceforge.net
Network Block Device - Browse /nbd at SourceForge.net
Tools for the Linux Kernel's network block device, allowing you to use remote block devices over a TCP/IP network.
Note that we have moved toโฆ
Note that we have moved toโฆ
๐จ CVE-2022-24750
UltraVNC is a free and open source remote pc access software. A vulnerability has been found in versions prior to 1.3.8.0 in which the DSM plugin module, which allows a local authenticated user to achieve local privilege escalation (LPE) on a vulnerable system. The vulnerability has been fixed to allow loading of plugins from the installed directory. Affected users should upgrade their UltraVNC to 1.3.8.0. Users unable to upgrade should not install and run UltraVNC server as a service. It is advisable to create a scheduled task on a low privilege account to launch WinVNC.exe instead. There are no known workarounds if wincnc needs to be started as a service.
๐@cveNotify
UltraVNC is a free and open source remote pc access software. A vulnerability has been found in versions prior to 1.3.8.0 in which the DSM plugin module, which allows a local authenticated user to achieve local privilege escalation (LPE) on a vulnerable system. The vulnerability has been fixed to allow loading of plugins from the installed directory. Affected users should upgrade their UltraVNC to 1.3.8.0. Users unable to upgrade should not install and run UltraVNC server as a service. It is advisable to create a scheduled task on a low privilege account to launch WinVNC.exe instead. There are no known workarounds if wincnc needs to be started as a service.
๐@cveNotify
GitHub
Insecure LoadLibrary in DSMPlugin leading to Local Privilege Escalation
### Impact
A vulnerability has been found in the DSMPlugin module, which allows a local authenticated user to achieve local privilege escalation (LPE) on a vulnerable system. Users running UltraVN...
A vulnerability has been found in the DSMPlugin module, which allows a local authenticated user to achieve local privilege escalation (LPE) on a vulnerable system. Users running UltraVN...
๐จ CVE-2022-24726
Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing when the validating webhook for a cluster is exposed publicly. This endpoint is served over TLS port 15017, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially [external istiod](https://istio.io/latest/docs/setup/install/external-controlplane/) topologies, this port is exposed over the public internet. This issue has been patched in versions 1.13.2, 1.12.5 and 1.11.8. Users are advised to upgrade. Users unable to upgrade should disable access to a validating webhook that is exposed to the public internet or restrict the set of IP addresses that can query it to a set of known, trusted entities.
๐@cveNotify
Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing when the validating webhook for a cluster is exposed publicly. This endpoint is served over TLS port 15017, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially [external istiod](https://istio.io/latest/docs/setup/install/external-controlplane/) topologies, this port is exposed over the public internet. This issue has been patched in versions 1.13.2, 1.12.5 and 1.11.8. Users are advised to upgrade. Users unable to upgrade should disable access to a validating webhook that is exposed to the public internet or restrict the set of IP addresses that can query it to a set of known, trusted entities.
๐@cveNotify
GitHub
[release-1.13] pilot: limit reads from untrusted inputs (#37792) ยท istio/istio@6ca5055
* pilot: limit reads from untrusted inputs
* revert jwks
Co-authored-by: John Howard <howardjohn@google.com>
* revert jwks
Co-authored-by: John Howard <howardjohn@google.com>
๐จ CVE-2021-44597
An Access Control vunerabiity exists in Gerapy v 0.9.7 via the spider parameter in project_configure function.
๐@cveNotify
An Access Control vunerabiity exists in Gerapy v 0.9.7 via the spider parameter in project_configure function.
๐@cveNotify
GitHub
Gerapy 0.9.7 project_configure function exist remote code execute !!! ยท Issue #219 ยท Gerapy/Gerapy
delete
๐จ CVE-2021-44585
A Cross Site Scripting (XSS) vulnerabilitiy exits in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event.
๐@cveNotify
A Cross Site Scripting (XSS) vulnerabilitiy exits in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event.
๐@cveNotify
GitHub
ๅๅฐๅXSSๆผๆด ยท Issue #3223 ยท jeecgboot/jeecg-boot
็ๆฌๅท๏ผ 3.0 ้ฎ้ขๆ่ฟฐ๏ผ http://boot.jeecg.com:8080/jeecg-boot/jmreport/view/')%22onmouseover=alert('hacking')%20%20( ๆชๅพ&ไปฃ็ ๏ผ
๐จ CVE-2021-41233
Nextcloud text is a collaborative document editing using Markdown built for the nextcloud server. Due to an issue with the Nextcloud Text application, which is by default shipped with Nextcloud Server, an attacker is able to access the folder names of "File Drop". For successful exploitation an attacker requires knowledge of the sharing link. It is recommended that users upgrade their Nextcloud Server to 20.0.14, 21.0.6 or 22.2.1. Users unable to upgrade should disable the Nextcloud Text application in the application settings.
๐@cveNotify
Nextcloud text is a collaborative document editing using Markdown built for the nextcloud server. Due to an issue with the Nextcloud Text application, which is by default shipped with Nextcloud Server, an attacker is able to access the folder names of "File Drop". For successful exploitation an attacker requires knowledge of the sharing link. It is recommended that users upgrade their Nextcloud Server to 20.0.14, 21.0.6 or 22.2.1. Users unable to upgrade should disable the Nextcloud Text application in the application settings.
๐@cveNotify
GitHub
Additional checks for workspace controller by juliushaertl ยท Pull Request #1884 ยท nextcloud/text
๐ Collaborative document editing using Markdown. Contribute to nextcloud/text development by creating an account on GitHub.
๐จ CVE-2021-3715
A flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
๐@cveNotify
A flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
๐@cveNotify
๐จ CVE-2022-0849
Use After Free in r_reg_get_name_idx in GitHub repository radareorg/radare2 prior to 5.6.6.
๐@cveNotify
Use After Free in r_reg_get_name_idx in GitHub repository radareorg/radare2 prior to 5.6.6.
๐@cveNotify
GitHub
aaef on arm/thumb switches causes uaf ##crash ยท radareorg/radare2@10517e3
* Reported by peacock-doris via huntr.dev
* Reproducer: poc_uaf_r_reg_get
* Reproducer: poc_uaf_r_reg_get
๐จ CVE-2022-24921
regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.
๐@cveNotify
regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.
๐@cveNotify
๐จ CVE-2022-0845
Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0.
๐@cveNotify
Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0.
๐@cveNotify
๐จ CVE-2021-30151
Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used.
๐@cveNotify
Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used.
๐@cveNotify
GitHub
[sidekiq <= v6.2, v5.1.3] Cross-site-scripting (XSS) ยท Issue #4852 ยท mperham/sidekiq
Hi there, I found an XSS vulnerability affecting version v5.1.3 and maybe anything below that. PoC [HOST]/sidekiq/queues/"onmouseover="alert('@xhzeem')"
๐จ CVE-2022-0815
Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up to 8.1.0.1895 allows a remote attacker to gain access to McAfee WebAdvisor settings and other details about the userโs system. This could lead to unexpected behaviors including; settings being changed, fingerprinting of the system leading to targeted scams, and not triggering the malicious software if McAfee software is detected.
๐@cveNotify
Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up to 8.1.0.1895 allows a remote attacker to gain access to McAfee WebAdvisor settings and other details about the userโs system. This could lead to unexpected behaviors including; settings being changed, fingerprinting of the system leading to targeted scams, and not triggering the malicious software if McAfee software is detected.
๐@cveNotify
๐จ CVE-2022-0280
A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary file delete. This could lead to sensitive files being deleted and potentially cause denial of service. This attack exploits the way symlinks are created and how the product works with them.
๐@cveNotify
A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary file delete. This could lead to sensitive files being deleted and potentially cause denial of service. This attack exploits the way symlinks are created and how the product works with them.
๐@cveNotify
๐จ CVE-2022-25512
FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Websocket keys.
๐@cveNotify
FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Websocket keys.
๐@cveNotify
GitHub
API and Websocket Keys Leakage ยท Issue #26 ยท FreeTAKTeam/UI
The WebUI leaks the RestAPI and Websocket tokens in the javascript source code! These should not be reflected back to the user as that can lead to unintended requests through for example XSS. API B...
๐จ CVE-2022-25511
An issue in the ?filename= argument of the route /DataPackageTable in FreeTAKServer-UI v1.9.8 allows attackers to place arbitrary files anywhere on the system.
๐@cveNotify
An issue in the ?filename= argument of the route /DataPackageTable in FreeTAKServer-UI v1.9.8 allows attackers to place arbitrary files anywhere on the system.
๐@cveNotify
GitHub
Arbitrary File Write FreeTAKServer-UI (Remote Code Execution) ยท Issue #29 ยท FreeTAKTeam/UI
User Interface Datapackage From the WebUI it is possible to (once logged in) upload DataPackages directly to the server so that it is possible to download the zipped files on the EUD in the field. ...
๐จ CVE-2022-25510
FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges.
๐@cveNotify
FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges.
๐@cveNotify
GitHub
Hardcoded Flask Secrets Key - "Privilege Escalation" ยท Issue #292 ยท FreeTAKTeam/FreeTakServer
In the sourcecode there are 3 relevant places that the Flask Secrets Key are hardcoded. Flask signs all their client sessions with this secret key, usually defined in an Environment Variable. In th...
๐จ CVE-2022-25508
An access control issue in the component /ManageRoute/postRoute of FreeTAKServer v1.9.8 allows unauthenticated attackers to cause a Denial of Service (DoS) via an unusually large amount of created routes, or create unsafe or false routes for legitimate users.
๐@cveNotify
An access control issue in the component /ManageRoute/postRoute of FreeTAKServer v1.9.8 allows unauthenticated attackers to cause a Denial of Service (DoS) via an unusually large amount of created routes, or create unsafe or false routes for legitimate users.
๐@cveNotify
GitHub
Unauthenticated Public RestAPI Endpoint ยท Issue #291 ยท FreeTAKTeam/FreeTakServer
In the RestAPI there is also the Endpoint /ManageRoute/postRoute which is unauthenticated. While this might not seem interesting at first, it is possible to broadcast new routes (suggested tracks t...
๐จ CVE-2022-25507
FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Callsign parameter.
๐@cveNotify
FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Callsign parameter.
๐@cveNotify
GitHub
XSS through Emergency Alert ยท Issue #28 ยท FreeTAKTeam/UI
In the FreeTAKServer-UI there is a function to create and view Emergency Alerts that are originating from either the End User Device or from the UI itself. Both Avenues are susceptible to a Stored ...
๐จ CVE-2022-25506
FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint /AuthenticateUser.
๐@cveNotify
FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint /AuthenticateUser.
๐@cveNotify
GitHub
SQL Injection on AuthenticateUser ยท Issue #27 ยท FreeTAKTeam/UI
The API endpoint /AuthenticateUser contains a SQL Injection into the SQLite3 Database that is handling the authentication process of the SystemUsers. In order to exploit this vulnerability the atta...
๐จ CVE-2022-0821
Improper Authorization in GitHub repository orchardcms/orchardcore prior to 1.3.0.
๐@cveNotify
Improper Authorization in GitHub repository orchardcms/orchardcore prior to 1.3.0.
๐@cveNotify