π¨ CVE-2021-32473
It was possible for a student to view their quiz grade before it had been released, using a quiz web service. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected
π@cveNotify
It was possible for a student to view their quiz grade before it had been released, using a quiz web service. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected
π@cveNotify
π¨ CVE-2021-32009
Cross-site Scripting (XSS) vulnerability in firmware section of Secomea GateManager allows logged in user to inject javascript in browser session. This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions.
π@cveNotify
Cross-site Scripting (XSS) vulnerability in firmware section of Secomea GateManager allows logged in user to inject javascript in browser session. This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions.
π@cveNotify
Secomea
Cybersecurity Advisory
Secomea is an official CVE Numbering Authority (CNA), the first in Denmark. Please follow our Cybersecurity Advisory process to report suspected security risks.
π¨ CVE-2021-26341
Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage.
π@cveNotify
Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage.
π@cveNotify
AMD
AMD CPUs May Transiently Execute Beyond Unconditional Direct Branch
π¨ CVE-2021-26401
LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.
π@cveNotify
LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.
π@cveNotify
AMD
LFENCE/JMP Mitigation Update for CVE-2017-5715
π¨ CVE-2021-44667
A Cross Site Scripting (XSS) vulnerability exists in Nacos 2.0.3 in auth/users via the (1) pageSize and (2) pageNo parameters.
π@cveNotify
A Cross Site Scripting (XSS) vulnerability exists in Nacos 2.0.3 in auth/users via the (1) pageSize and (2) pageNo parameters.
π@cveNotify
GitHub
This is XSS vulnerabilities Β· Issue #7359 Β· alibaba/nacos
Nacos has xss vulnerability Trigger condition: no verification required version: Nacos 2.0.3 payload1:/nacos/v1/auth/users?pageNo=1&pageSize=<script>alert(1)</script&am...
π¨ CVE-2021-4198
A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an attacker to arbitrarily crash product processes and generate crashdump files. This issue affects: Bitdefender Total Security versions prior to 26.0.3.29. Bitdefender Internet Security versions prior to 26.0.3.29. Bitdefender Antivirus Plus versions prior to 26.0.3.29. Bitdefender Endpoint Security Tools versions prior to 7.2.2.92. Bitdefender VPN Standalone versions prior to 25.5.0.48.
π@cveNotify
A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an attacker to arbitrarily crash product processes and generate crashdump files. This issue affects: Bitdefender Total Security versions prior to 26.0.3.29. Bitdefender Internet Security versions prior to 26.0.3.29. Bitdefender Antivirus Plus versions prior to 26.0.3.29. Bitdefender Endpoint Security Tools versions prior to 7.2.2.92. Bitdefender VPN Standalone versions prior to 25.5.0.48.
π@cveNotify
Bitdefender
messaging_ipc.dll NULL Pointer Dereference in multiple Bitdefender products (VA-10016) - Bitdefender
A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an attacker to arbitrarily crash product processes and generateβ¦
π¨ CVE-2021-41181
Nextcloud talk is a self hosting messaging service. In versions prior to 12.3.0 the Nextcloud Android Talk application did not properly detect the lockscreen state when a call was incoming. If an attacker got physical access to the locked phone, and the victim received a phone call the attacker could gain access to the chat messages and files of the user. It is recommended that the Nextcloud Android Talk App is upgraded to 12.3.0. There are no known workarounds.
π@cveNotify
Nextcloud talk is a self hosting messaging service. In versions prior to 12.3.0 the Nextcloud Android Talk application did not properly detect the lockscreen state when a call was incoming. If an attacker got physical access to the locked phone, and the victim received a phone call the attacker could gain access to the chat messages and files of the user. It is recommended that the Nextcloud Android Talk App is upgraded to 12.3.0. There are no known workarounds.
π@cveNotify
GitHub
Talk app did allow access to sensitive chat messages on lockscreen
### Impact
The Nextcloud Android Talk application did not properly detect the lockscreen state when a call was incoming. If an attacker got physical access to the locked phone, and the victim re...
The Nextcloud Android Talk application did not properly detect the lockscreen state when a call was incoming. If an attacker got physical access to the locked phone, and the victim re...
π¨ CVE-2022-0896
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository microweber/microweber prior to 1.3.
π@cveNotify
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository microweber/microweber prior to 1.3.
π@cveNotify
π¨ CVE-2022-25839
The package url-js before 2.1.0 are vulnerable to Improper Input Validation due to improper parsing, which makes it is possible for the hostname to be spoofed. http://\\\\\\\\localhost and http://localhost are the same URL. However, the hostname is not parsed as localhost, and the backslash is reflected as it is.
π@cveNotify
The package url-js before 2.1.0 are vulnerable to Improper Input Validation due to improper parsing, which makes it is possible for the hostname to be spoofed. http://\\\\\\\\localhost and http://localhost are the same URL. However, the hostname is not parsed as localhost, and the backslash is reflected as it is.
π@cveNotify
GitHub
Fix potential vulnerability for "http://\\\\localhost" Β· duzun/URL.js@9dc9fcc
Parse and format URLs. Contribute to duzun/URL.js development by creating an account on GitHub.
π¨ CVE-2022-0881
Insecure Storage of Sensitive Information in GitHub repository chocobozzz/peertube prior to 4.1.1.
π@cveNotify
Insecure Storage of Sensitive Information in GitHub repository chocobozzz/peertube prior to 4.1.1.
π@cveNotify
GitHub
Remove exif tags when processing images Β· Chocobozzz/PeerTube@0c058f2
ActivityPub-federated video streaming platform using P2P directly in your web browser - Remove exif tags when processing images Β· Chocobozzz/PeerTube@0c058f2
π¨ CVE-2020-17456
SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the system_log.cgi page.
π@cveNotify
SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the system_log.cgi page.
π@cveNotify
Seowon-SlC-130-And-SLR-120S-Exploit
Seowon SLC-130 And SLR-120S Router-RCE Exploit + Unlocking method ( CVE-2020-17456 )
Seowon SLC-130 And SLR-120S Routers Exploit
π¨ CVE-2022-24319
A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA web server are intercepted. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)
π@cveNotify
A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA web server are intercepted. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)
π@cveNotify
π¨ CVE-2022-24421
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
π@cveNotify
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
π@cveNotify
π¨ CVE-2022-24420
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
π@cveNotify
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
π@cveNotify
π¨ CVE-2022-24419
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
π@cveNotify
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
π@cveNotify
π¨ CVE-2022-24416
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
π@cveNotify
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
π@cveNotify
π¨ CVE-2022-24415
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
π@cveNotify
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
π@cveNotify
π¨ CVE-2022-24320
A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA database server are intercepted. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)
π@cveNotify
A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA database server are intercepted. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)
π@cveNotify
π¨ CVE-2022-26318
Null pointer dereference in WatchGuard Firebox and XTM appliances allows an unauthenticated remote attacker to potentially execute arbitrary code via exposed management access. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.
π@cveNotify
Null pointer dereference in WatchGuard Firebox and XTM appliances allows an unauthenticated remote attacker to potentially execute arbitrary code via exposed management access. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.
π@cveNotify