CVE-2022-36668

Garage Management System 1.0 is vulnerable to Stored Cross Site Scripting XSS on several parameters. The vulnerabilities exist during creating or editing the parts under parameters. Using the XSS payload, the Stored XSS triggered and can be used for further attack vector...

Red Hat Keycloak 安全漏洞

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. Red Hat Keycloak suffers from a security vulnerability that originates from an attacker being able to register with a username that is the same...

Linux kernel 安全漏洞

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A security vulnerability exists in the Linux kernel that stems from a flaw found in the Linux kernel memory deduplication mechanism, which can be exploited by an attacker to attack memory deduplication v...

Researchers Warn of Ongoing Mass Exploitation of Zimbra RCE Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added two flaws to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The two high-severity issues relate to weaknesses in Zimbra Collaboration, both of which could be chained to achieve...

Intel IPP Cryptography 安全漏洞

Intel IPP Cryptography is an Intel Integrated Performance Primitives IPP cryptography software library from Intel Corporation. A security vulnerability exists in Intel IPP Cryptography. An attacker could exploit this vulnerability to disclose sensitive information...

Autodesk Design Review 缓冲区错误漏洞

Autodesk Design Review ADR is a suite of AutoCAD drafting software assistance software from Autodesk. The software supports viewing, marking, measuring, printing, and tracking changes to 2D and 3D design files. A buffer error vulnerability exists in Autodesk Design Review. An attacker could explo...

PT-2022-9262 · Ovarro · Ovarro Twinsoft

Name of the Vulnerable Software and Affected Versions: Ovarro TWinSoft affected versions not specified Description: An attacker may use TWinSoft and a malicious source project file TPG to extract files on the machine executing Ovarro TWinSoft, which could lead to code execution. Recommendations: ...

CVE-2022-36912

A missing permission check in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

Samsung KnoxCustomManagerService Access Control Error Vulnerability

Samsung KnoxCustomManagerService is an open source Android platform-based security solution from South Korea's Samsung Samsung that can enhance security across the board through a combination of physical means and software systems, while being perfectly compatible with the Android and Google...

GnuPG through 2.3.6 in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g. use of GPGME) are met allows signature forgery via injection into the status line.

...

The vulnerability of Microsoft Excel and Microsoft Office Web Apps Server packages lies in the lack of proper input validation, allowing attackers to execute arbitrary code.

The vulnerability of Microsoft Excel and Microsoft Office Web Apps Server programs is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created malicious file...

WordPress Site Offline or Coming Soon plugin跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Site Offline or Coming Soon plugin version 1.6.6 and earlier are vulnerable to cross-site request...

[H-03] Attacker can mint unbound amount of iPTs (on APWine)

Lines of code Vulnerability details Note that I've reported a similar vulnerability, on a different 'Principals' and POC\attack vector is a bit different. I will leave it to the judge to decide if these should be grouped as 1 report or not - but I wanted to be specific at the POC instead of...

CVE-2022-34204

A missing permission check in Jenkins EasyQA Plugin 1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server...

Detecting malicious key extractions by compromised identities for Azure Cosmos DB

Azure Cosmos DB is a fully managed NoSQL cloud database service for modern app development. It offers a variety of advanced built-in features, such as automatic worldwide data replication, lightning-fast response types, and a variety of APIs. In this blog post, we describe security practices for...

CVE-2022-34206

CVE-2022-34206 concerns Jenkins Jianliao Notification Plugin (1.1 and earlier). The root cause is a missing permission check in a form-validation method, allowing attackers with Overall/Read to send HTTP POST requests to an attacker-specified URL and enabling CSRF. The issue is confirmed across m...

D-Link DIR-850 授权问题漏洞

The D-Link DIR-850 is a wireless router from AUO D-Link of Taiwan, China. An authorization issue vulnerability exists in D-Link DIR-850L 1.21WW. An attacker can exploit this vulnerability to access the network by sending packets on data frames to the AP...

WordPress Carousel CK plugin跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Carousel CK plugin 1.1.0 and earlier versions have a cross-site scripting vulnerability tha...

Splunk 安全漏洞

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index, and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines, and cloud. A...

Adobe Bridge 缓冲区错误漏洞

Adobe Bridge is a file viewer from the American company Audobee Adobe. A buffer error vulnerability exists in Adobe Bridge. An attacker exploiting this vulnerability could cause arbitrary code execution...