PT-2022-27786

Name of the Vulnerable Software and Affected Versions authentik versions prior to 2022.10.4 authentik versions prior to 2022.11.4 Description The issue allows any authenticated user to create an arbitrary number of accounts through the default flows, which can circumvent policies where it is...

Directus 安全漏洞

Directus is a real-time Api and application dashboard. It is used to manage Sql database content. A security vulnerability exists in Directus versions prior to 9.7.0 that stems from the default setting of CORSORIGIN and CORSENABLED to true...

CVE-2022-47943

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is an out-of-bounds read and OOPS for SMB2WRITE, when there is a large length in the zero DataOffset case...

CVE-2022-3805

The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Unauthenticated users can use an easily available nonce, obtained from pages edited by the plugin, to update the...

CVE-2022-3805

The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Unauthenticated users can use an easily available nonce, obtained from pages edited by the plugin, to update the...

Authorization

The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Unauthenticated users can use an easily available nonce, obtained from pages edited by the plugin, to update the...

CVE-2022-3805 Jeg Elementor Kit <= 2.5.6 - Unauthenticated Authorization Bypass

The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Unauthenticated users can use an easily available nonce, obtained from pages edited by the plugin, to update the...

DEBIAN-CVE-2022-26384

If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox 98, Firefox ESR 91.7, and Thunderbird 91....

WordPress plugin Jeg Elementor Kit 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress Cron Enabled

The wp-cron.php file is responsible for scheduled events in a WordPress website. By default, when a request is made, WordPress will generate an additional request from it to the wp-cron.php file. By generating a large number of requests to the website, it is therefore possible to make the site...

FBI, FDA OCI, and USDA Release Joint Cybersecurity Advisory Regarding Business Email Compromise Schemes Used to Steal Food

The Federal Bureau of Investigation FBI, the Food and Drug Administration Office of Criminal Investigations FDA OCI, and the U.S. Department of Agriculture USDA have released a joint Cybersecurity Advisory CSA detailing recently observed incidents of criminal actors using business email compromis...

Authentication flaw

This issue was addressed by enabling hardened runtime. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. An app may be able to bypass Privacy preferences...

MCCrash: Cross-platform DDoS botnet targets private Minecraft servers

Malware operations continue to rapidly evolve as threat actors add new capabilities to existing botnets, increasingly targeting and recruiting new types of devices. Attackers update malware to target additional operating systems, ranging from PCs to IoT devices, growing their infrastructure...

HCL BigFix Multiple Vulnerabilities (KB0098998)

The version of HCL BigFix Client installed on the remote host is affected by multiple vulnerabilities, including the following: - An improper authentication vulnerability exists in the curl subcomponent which might allow reuse OAUTH2-authenticated connections without properly making sure that the...

reactor-netty: specific redirect configuration allows for a credentials leak

The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirect...

GHSA-VR8J-HGMM-JH9R Denial of service by double-checked locking in openssl-src

If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems most widely: Windows this results in a denial of service when the affected process hangs. Policy processing being enabled o...

PT-2022-27018 · Unknown · Sicam Pas/Pqs

Name of the Vulnerable Software and Affected Versions: SICAM PAS/PQS versions prior to V7.0 Description: A security issue has been identified where the affected software transmits database credentials for the inbuilt SQL server in cleartext. This, combined with the default enabled xp cmdshell...

CVE-2022-42446

Starting with Sametime 12, anonymous users are enabled by default. After logging in as an anonymous user, one has the ability to browse the User Directory and potentially create chats with internal users...

CVE-2022-33187

Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The vulnerability could allow an attacker with admin privilege to read sensitive information...

CVE-2022-33187

The CVE-2022-33187 issue affects Brocade SANnav before v2.2.1. Root cause: usernames and encoded passwords are logged in debug-enabled logs, allowing an admin with privileges to read sensitive information. Impact details consistently mention potential exposure of credentials within logs. The prac...