Microsoft Defender for Office 365 receives highest award in SE Labs Enterprise Email Security Services test

In today’s evolving threat landscape, email represents the primary attack vector for cybercrime, making effective email protection a key component of any security strategy.1 In Q1 2022, Microsoft participated in an evaluation of email security solutions, carried out by SE labs—a testing lab focus...

CVE-2022-34206

CVE-2022-34206 concerns Jenkins Jianliao Notification Plugin (1.1 and earlier). The root cause is a missing permission check in a form-validation method, allowing attackers with Overall/Read to send HTTP POST requests to an attacker-specified URL and enabling CSRF. The issue is confirmed across m...

PT-2022-22038 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.321 through 2.355 Jenkins LTS versions 2.332.1 through 2.332.3 Description: The HTML output generated for new symbol-based SVG icons in Jenkins includes the title attribute of l:ionicon until Jenkins 2.334 and alt attribute...

Unnecessary migrate function

Lines of code Vulnerability details Impact There is no need to have a migrate function in zeroswap as there are no liquidity to vampire attack from. This function introduce a significant rug vector. Proof of Concept function migrateuint256 pid public requireaddressmigrator != address0,...

CVE-2022-1939

The Allow svg files WordPress plugin before 1.1 does not properly validate uploaded files, which could allow high privilege users such as admin to upload PHP files even when they are not allowed to...

WordPress plugin Allow svg files 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress plugin is an application plugin. WordPress Allow svg files plugin...

Adobe Illustrator out-of-bounds read vulnerability (CNVD-2022-76631)

Adobe Illustrator is a vector-based image creation software from Adobe. Adobe Illustrator suffers from an out-of-bounds read vulnerability, which stems from a boundary error when handling untrusted input. An attacker could use this vulnerability to obtain sensitive information...

Adobe Illustrator Out-of-Bounds Write Vulnerability (CNVD-2022-76633)

Adobe Illustrator is a set of vector-based image creation software from the American company Audobee Adobe. An out-of-bounds write vulnerability exists in Adobe Illustrator, which can be exploited by an attacker to execute arbitrary code on the system or cause the application to crash...

Adobe Illustrator resource management error vulnerability

Adobe Illustrator, a vector-based image creation software from Adobe, is vulnerable to a resource management error. An attacker could exploit this vulnerability to cause arbitrary code execution...

Adobe Illustrator out-of-bounds write vulnerability (CNVD-2022-76632)

An out-of-bounds write vulnerability exists in Adobe Illustrator, a vector-based image creation software from Adobe. The vulnerability stems from a boundary error when handling untrusted input. An attacker could exploit the vulnerability to execute arbitrary code on the system or cause the...

Window can read out of bounds if Read instance returns more bytes than buffer size

rdiff performs a diff of two provided strings or files. As part of its reading code it uses the return value of a Read instance to set the length of its internal character vector. If the Read implementation claims that it has read more bytes than the length of the provided buffer, the length of t...

Adobe Illustrators out-of-bounds read vulnerability

Adobe Illustrator, a vector-based image creation software from Adobe, is vulnerable to an out-of-bounds read vulnerability. An attacker could exploit this vulnerability to cause a sensitive memory leak...

D-Link DIR-850 授权问题漏洞

The D-Link DIR-850 is a wireless router from AUO D-Link of Taiwan, China. An authorization issue vulnerability exists in D-Link DIR-850L 1.21WW. An attacker can exploit this vulnerability to access the network by sending packets on data frames to the AP...

WordPress Carousel CK plugin跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Carousel CK plugin 1.1.0 and earlier versions have a cross-site scripting vulnerability tha...

Splunk 安全漏洞

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index, and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines, and cloud. A...

CVE-2022-32243

When a user opens manipulated Scalable Vector Graphics .svg, svg.x3d files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application...

CVE-2022-32243

When a user opens manipulated Scalable Vector Graphics .svg, svg.x3d files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application...

CVE-2022-31447

An XML external entity XXE injection vulnerability in Magicpin v3.4 allows attackers to access sensitive database information via a crafted SVG file...

Samast Technologies Magicpin 代码问题漏洞

Samast Technologies Magicpin is a Samast Technologies India application that combines parts of Zomato restaurant discovery and reviews and Roposo theme-based social media network on the consumer side and Freshdesk customer management application on the restaurant side. applications. A security...

Adobe Bridge 缓冲区错误漏洞

Adobe Bridge is a file viewer from the American company Audobee Adobe. A buffer error vulnerability exists in Adobe Bridge. An attacker exploiting this vulnerability could cause arbitrary code execution...