Microsoft fixes driver blocklist placing users at risk from BYOVD attacks

There may be an all-new acronym for you to try and remember, as a result of Microsoft fixing a lingering issue. This issue is called Bring Your Own Vulnerable Driver BYOVD, and BYOVD has been popping up in various forms for the last few months. These attacks may have been less impactful if a...

CVE-2022-43019

OpenCATS v0.9.6 was discovered to contain a remote code execution RCE vulnerability via the getDataGridPager's ajax functionality...

Remote code execution

OpenCATS v0.9.6 was discovered to contain a remote code execution RCE vulnerability via the getDataGridPager's ajax functionality...

EUVD-2022-46068

OpenCATS v0.9.6 was discovered to contain a remote code execution RCE vulnerability via the getDataGridPager's ajax functionality...

CVE-2022-43019

CVE-2022-43019 : OpenCats/OpenCATS v0.9.6 has a remote code execution (RCE) flaw via the getDataGridPager AJAX function. The issue affects the OpenCATS web UI component and is described as a vulnerable path in the AJAX handling, leading to high-impact impact (CVE indicates CRITICAL, network acces...

PT-2022-22973 · Corsair · Corsair K63 Wireless

Name of the Vulnerable Software and Affected Versions: Corsair K63 Wireless version 3.1.3 Description: The issue concerns a lack of AES encryption, allowing physically proximate attackers to inject and sniff keystrokes via 2.4 GHz radio transmissions. Recommendations: For Corsair K63 Wireless...

CVE-2022-43019

OpenCATS v0.9.6 was discovered to contain a remote code execution RCE vulnerability via the getDataGridPager's ajax functionality...

CVE-2022-3582

A vulnerability has been found in SourceCodester Simple Cold Storage Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument change password leads to cross-site request forgery. The attack can be launched...

CVE-2022-3067

An issue has been discovered in the Import functionality of GitLab CE/EE affecting all versions starting from 14.4 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an authenticated user to read arbitrary projects'...

PT-2022-20228 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 14.4 through 15.2.5 GitLab CE/EE versions 15.3 through 15.3.4 GitLab CE/EE versions 15.4 through 15.4.1 Description: An issue in the Import functionality allows an authenticated user to read arbitrary projects' content...

CVE-2022-3067

CVE-2022-3067 affects GitLab CE/EE via the Import functionality, allowing an authenticated user to read arbitrary project contents. The flaw exists in versions: 14.4 up to 15.2.4, 15.3 up to 15.3.3, and 15.4 up to 15.4.0. The underlying cause, as described in the sources, is not fully disclosed h...

PT-2022-21317 · WordPress · Import All Xml

Name of the Vulnerable Software and Affected Versions: Import all XML, CSV & TXT WordPress plugin versions prior to 6.5.8 Description: The issue is related to the improper sanitization and escaping of imported data, which is then used in SQL statements. This leads to SQL injection, a type of atta...

[SECURITY] Fedora 36 Update: wavpack-5.5.0-2.fc36

WavPack is a completely open audio compression format providing lossless, high-quality lossy, and a unique hybrid compression mode. Although the technology is loosely based on previous versions of WavPack, the new version 4 format has been designed from the ground up to offer unparalleled...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-5667-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5667-1 advisory. Selim Enes Karaduman discovered that a race condition existed in the General notification queue implementation of the Linux kernel, leading t...

Standard policy price matching is flawed

Lines of code Vulnerability details Impact Already placed orders may be highly unlikely able to be matched and executed. An order has to be created specifically for an already existing order with the intent to match and execute it. This severely impedes the functionality of the exchange, wastes...

Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2022-2487)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2022-34726 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions 5.14 through 5.19 Description: A NULL dereference issue was discovered in the bonding functionality. The issue was introduced in version v5.14 and is fixed in Linux Kernel version v6.0. Recommendations: For Linux Kernel...

[SECURITY] Fedora 36 Update: gitqlient-1.5.0-2.fc36

GitQlient, pronounced as git+client /g=EF=BF=BD=EF=BF=BDt=EF=BF=BD=EF=BF=BDk la=EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BDnt/ is a multi-platform Git client originally forked from QGit. Nowadays it goes beyond of just a fork and adds a lot of new functionality. Some of the major feature you can find are...

Broken Access Controls in Patient Files

Description An authenticated user without document access has the ability to direct access any document in the system by using a url similar to this http://domain/openemr/controller.php?document&retrieve&patientid=2&documentid=19. The autoincrement identifier was also susceptible of being...

Cross-site Scripting (XSS)

Zinc is vulnerable to cross-site scripting. The vulnerability exists due to the delete template functionality in User.vue incorrectly escaping the id attribute before being rendered, allowing an attacker to inject and execute a malicious JavaScript payload...