PT-2022-12912 · Huawei · Emui +2

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The issue is related to defects in the basic framework and setting module, which were introduced during the design phase. Successful exploitation of this issue may impact system...

CVE-2022-31885

Marval MSM v14.19.0.12476 is vulnerable to OS Command Injection due to the insecure handling of VBScripts...

CISA Releases Guidance on Switching to Modern Auth in Exchange Online before October 1

CISA has released guidance on switching from Basic Authentication “Basic Auth” in Microsoft Exchange Online to Modern Authentication "Modern Auth" before Microsoft begins permanently disabling Basic Auth on October 1, 2022. Basic Auth is a legacy authentication method that does not support...

MAL-2022-3846 Malicious code in inno-basic-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1dea540841d9a859aa1222528a344af66c4b9a58666cb31f7bebe265be460014 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

TRENDnet TEW-831DR 跨站脚本漏洞

The TRENDnet TEW-831DR is a router from Trendnet, Inc. A security vulnerability exists in the TRENDnet TEW-831DR version 1.0 601.130.1.1356, which stems from the vulnerability of the Network Pre-Shared Key field on the web interface to cross-site scripting attacks. An attacker can use a simple XS...

MAL-2022-4613 Malicious code in misk-web-tab-template-basic (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware af5ad7e61d179d5150addce9f3bd9838c06999a4f076ed576677b36505796638 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

H3C Magic R100 缓冲区错误漏洞

H3C Magic R100 is a router from H3C. H3C Magic R100R100V100R005 version has a buffer overflow vulnerability, which originates from a stack overflow problem in the EditBasicSSID5G parameter in /goform/aspForm, and can be exploited by remote attackers to execute arbitrary code...

CLSA-2022-1654525948 Fixed CVEs in python2-pip-18.module_el8.4.0+2051+0b56c8de: CVE-2021-3733, CVE-2021-3737, CVE-2022-0391, CVE-2021-4189

CVE-2021-3733: urllib: Regular expression DoS in AbstractBasicAuthHandler rhbz2047376 - CVE-2021-3737: urllib: HTTP client possible infinite loop on a 100 Continue response rhbz2047376 - CVE-2021-4189: ftplib should not use the host from the PASV response rhbz2047376 - CVE-2022-0391: urllib.parse...

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.

...

Missing inheritance makes fulfillBasicOrder() in Consideration.sol non-functional

Lines of code Vulnerability details Impact fulfillBasicOrder in Consideration.sol would not function properly since the call in line 83 - validateAndFulfillBasicOrder is not possible as there's no existing function for it due to a missing inheritance. Users will not be able to fulfill any Basic...

CVE-2022-1669 Circutor COMPACT DC-S BASIC

A buffer overflow vulnerability has been detected in the firewall function of the device management web portal. The device runs a CGI binary index.cgi to offer a management web application. Once authenticated with valid credentials in this web portal, a potential attacker could submit any "Addres...

GHSA-JMRX-5G74-6V2F Kubernetes client-go library logs may disclose credentials to unauthorized users

The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components such as kube-apiserver prior to v1.16.0, which make use of basic or bearer token authentication, and run ...

GHSA-R3FQ-CMMW-CPMM Containous Traefik Exposes Password Hashes

types/types.go in Containous Traefik 1.7.x through 1.7.11, when the --api flag is used and the API is publicly reachable and exposed without sufficient access control which is contrary to the API documentation, allows remote authenticated users to discover password hashes by reading the Basic HTT...

new packages: paktype-naskh-basic-fonts

An update is available for paktype-naskh-basic-fonts. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see th...

Basic SEO Features (seo_basics) extension TYPO3 vulnerable to Cross-site Scripting

Cross-site scripting XSS vulnerability in Basic SEO Features seobasics extension before 0.8.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

GHSA-7P53-8WJR-J8H4 Basic SEO Features (seo_basics) extension TYPO3 vulnerable to Cross-site Scripting

Cross-site scripting XSS vulnerability in Basic SEO Features seobasics extension before 0.8.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Django XSS Vulnerability

The utils.http.issafeurl function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting XSS attacks via a URL containing basic authentication, as demonstrated by...

Weak Security Controls and Practices Routinely Exploited for Initial Access

The cybersecurity authorities of the United States, Canada, New Zealand, the Netherlands, and the United Kingdom have issued a joint Cybersecurity Advisory CSA on 10 routinely exploited weak security controls, poor configurations, and bad practices that allow malicious actors to compromise...

Circutor COMPACT DC-S BASIC 安全漏洞

Circutor COMPACT DC-S BASIC is a compact DC concentrator from Circutor Spain. A security vulnerability exists in Circutor COMPACT DC-S BASIC CIRCDCv1.2.17 version, which originates from a buffer overflow in the firewall function of the provisioning management portal. An attacker could send a long...

FormCraft Basic < 1.2.6 - Admin+ Stored Cross Site Scripting

The plugin does not sanitise and escape Field Labels, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload into a Field Label and save: The XSS will be triggered when accessing the form...