Samsung Calendar Information Disclosure Vulnerability (CNVD-2022-76488)

Samsung Calendar, a calendar module for Samsung mobile devices, is vulnerable to information disclosure in versions prior to Samsung Calendar 12.3.05.10000. The vulnerability stems from a lack of protection for information in the calendar, which can be exploited to gain access to the calendar...

Elastic: Synthetics Recorder: Code injection when recording website with malicious content

A vulnerability was discovered in the Synthetics Recorder tool, which allows attackers to inject arbitrary code into a recording session. The waitForNavigation event calls quote within the context of a multi-line comment, which can be escaped with a specially crafted URL. This can lead to code...

BSA-2022-1729

Security Advisory ID : BSA-2022-1729 Component : Oracle Java SE Revision : 1.0 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 7u321, 8u311; Oracle GraalVM Enterprise Edition:...

Siemens RUGGEDCOM ROX

1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM ROX Vulnerability: Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker with administrative privileges to gain root...

SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2022:2289-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2289-1 advisory. - If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object...

Rocky Linux 8 : firefox (RLSA-2022:5469)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:5469 advisory. - The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these bugs showed evidence of memory corruption and ...

CVE-2022-32449

TOTOLINK EX300V2 V4.0.3c.7484 was discovered to contain a command injection vulnerability via the langType parameter in the setLanguageCfg function. This vulnerability is exploitable via a crafted MQTT data packet...

Bently Nevada ADAPT 3701/4X Series and 60M100

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Bently Nevada Equipment: 3701/4X series and 60M100 3701/60 Condition Monitoring System Vulnerabilities: Use of Hard-coded Credentials, Missing Authentication for Critical Function CISA is aware of a...

U.S. Dept Of Defense: Unauthenticated SQL Injection at █████████ [HtUS]

Summary Hi team, I found Unauthenticated SQL Injection at ██████. Because of non-filter and non-escape input at API /api/organizations/, attacker can inject malicious payload after single quote ' to exploit and extract database. Step to Reproduce: Execute Request GET...

Ubuntu 18.04 LTS / 20.04 LTS : Firefox vulnerabilities (USN-5504-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5504-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could...

Mozilla: Use-after-free in nsSHistory

The Mozilla Foundation Security Advisory describes this flaw as: Session history navigations may have led to a use-after-free and potentially exploitable crash...

Mozilla: Use-after-free in nsSHistory

The Mozilla Foundation Security Advisory describes this flaw as: Session history navigations may have led to a use-after-free and potentially exploitable crash...

Mozilla: Use-after-free in nsSHistory

The Mozilla Foundation Security Advisory describes this flaw as: Session history navigations may have led to a use-after-free and potentially exploitable crash...

Mozilla: Use-after-free in nsSHistory

The Mozilla Foundation Security Advisory describes this flaw as: Session history navigations may have led to a use-after-free and potentially exploitable crash...

Mozilla: Use-after-free in nsSHistory

The Mozilla Foundation Security Advisory describes this flaw as: Session history navigations may have led to a use-after-free and potentially exploitable crash...

Mozilla: Use-after-free in nsSHistory

The Mozilla Foundation Security Advisory describes this flaw as: Session history navigations may have led to a use-after-free and potentially exploitable crash...

Mozilla: Use-after-free in nsSHistory

The Mozilla Foundation Security Advisory describes this flaw as: Session history navigations may have led to a use-after-free and potentially exploitable crash...

Mozilla: Use-after-free in nsSHistory

The Mozilla Foundation Security Advisory describes this flaw as: Session history navigations may have led to a use-after-free and potentially exploitable crash...

CODESYS Gateway Server (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: CODESYS GmbH Equipment: CODESYS Gateway Server Vulnerability: Heap Based Buffer Overflow 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-15-258-02 3S...

CVE-2017-20120

A vulnerability classified as problematic was found in TrueConf Server 4.3.7. This vulnerability affects unknown code of the file /admin/service/stop/. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may ...