35 matches found
EUVD-2022-42327
Malicious code in bioql PyPI...
EUVD-2022-42329
Malicious code in bioql PyPI...
EUVD-2022-42332
Malicious code in bioql PyPI...
CVE-2022-39887
Improper access control vulnerability in clearAllGlobalProxy in MiscPolicy prior to SMR Nov-2022 Release 1 allows local attacker to configure EDM setting...
Security Bulletin: Vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus (Multiple CVEs)
Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus. These were disclosed as part of the IBM Java SDK updates in November 2022 and February 2023. Vulnerability Details CVEID:CVE-2022-21426 DESCRIPTION: An...
New Botnet named Zerobot Exploiting Multiple Vulnerabilities
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A new botnet named ‘Zerobot’ has two variants, both are written in Go programming language, the first variant discovered on 18 Nov 2022, and within a short time on 24 Nov 2022 second variant was...
rejent.com.pl Cross Site Scripting vulnerability OBB-3073564
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
nszzpkielce.pl Cross Site Scripting vulnerability OBB-3071249
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
seeu.edu.mk Cross Site Scripting vulnerability OBB-3052279
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Security Updates for Microsoft Exchange Server (Nov 2022)
The Microsoft Exchange Server installed on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities as referenced in the Nov, 2022 security bulletin. - Microsoft Exchange Server Spoofing Vulnerability CVE-2022-41078, CVE-2022-41079 - Microsoft Exchange...
Security Updates for Microsoft Visual Studio Products (Nov 2022)
The Microsoft Visual Studio Products are missing security updates. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability. An attacker can exploit Heap Overflow vulnerbaility in Visual Studio to bypass authentication and execute unauthorized arbitrary...
CVE-2022-39885
Improper access control vulnerability in BootCompletedReceiverCMCC in DeviceManagement prior to SMR Nov-2022 Release 1 allows local attacker to access to Device information...
CVE-2022-39883
Improper authorization vulnerability in StorageManagerService prior to SMR Nov-2022 Release 1 allows local attacker to call privileged API...
CVE-2022-39882
Heap overflow vulnerability in sflacffalbytespeek function in libsmat.so library prior to SMR Nov-2022 Release 1 allows local attacker to execute arbitrary code...
CVE-2022-39879
Improper authorization vulnerability in?CallBGProvider prior to SMR Nov-2022 Release 1 allows local attacker to grant permission for accessing information with phone uid...
Heap overflow
Heap overflow vulnerability in sflacffalbytespeek function in libsmat.so library prior to SMR Nov-2022 Release 1 allows local attacker to execute arbitrary code...
Improper access control
Improper access control vulnerability in IpcRxServiceModeBigDataInfo in RIL prior to SMR Nov-2022 Release 1 allows local attacker to access Device information...
Improper access control
Improper access control vulnerability in clearAllGlobalProxy in MiscPolicy prior to SMR Nov-2022 Release 1 allows local attacker to configure EDM setting...
Authorization
Improper authorization vulnerability in?CallBGProvider prior to SMR Nov-2022 Release 1 allows local attacker to grant permission for accessing information with phone uid...
Improper access control
Improper access control vulnerability in BootCompletedReceiverCMCC in DeviceManagement prior to SMR Nov-2022 Release 1 allows local attacker to access to Device information...