Accelerating server technology and modernization in substations.Blog | Dell TechnologiesRead More
Vulnerabilities
Vulnerabilities
CVE-2022-26532
A argument injection vulnerability in the ‘packet-trace’ CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX
CVE-2022-1840
A vulnerability, which was classified as problematic, has been found in Home Clean Services Management System 1.0. This issue affects
CVE-2022-1839
A vulnerability classified as critical was found in Home Clean Services Management System 1.0. This vulnerability affects the file login.php.
SUSE: 2022:1150-1 suse/rmt-mariadb Security Update>
The container suse/rmt-mariadb was updated. The following patches have been included in this update:LinuxSecurity – Security AdvisoriesRead More
CVE-2022-1838
A vulnerability classified as critical has been found in Home Clean Services Management System 1.0. This affects an unknown part
Zyxel: Lücken in Access-Points, Access-Point-Controllern und Firewalls
Latest articles about FirmwareRead More
SUSE: 2022:1151-1 suse/rmt-server Security Update>
The container suse/rmt-server was updated. The following patches have been included in this update:LinuxSecurity – Security AdvisoriesRead More
April 2022 Patch Tuesday: Updates and Analysis | #linux | #linuxsecurity | #cybersecurity | #infosecurity | #hacker
Latest articles about FirmwareRead More
CVE-2022-29377 | TOTOLINK A3600R 4.1.2cu.5182_B20201102 infostat.cgi fread CONTENT_LENGTH stack-based overflow
A vulnerability has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical. Affected by this vulnerability is the function
CVE-2022-1467 | AVEVA InTouch Access Anywhere on Windows Language Bar exposure of resource (icsa-22-130-05)
A vulnerability, which was classified as critical, was found in AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere. Affected
CVE-2022-29309 | mysiteforme 2.2.1 server-side request forgery (ID 43)
A vulnerability was found in mysiteforme 2.2.1. It has been classified as critical. This affects an unknown part. The manipulation
CVE-2022-29305 | imgurl 2.31 /upload/localhost sql injection (ID 75)
A vulnerability was found in imgurl 2.31 and classified as critical. Affected by this issue is some unknown functionality of
CVE-2022-28999 | Dev-CPP 4.9.9.2 devcpp.exe permission
A vulnerability was found in Dev-CPP 4.9.9.2. It has been declared as critical. This vulnerability affects unknown code of the
CVE-2022-31263 | Mastodon up to 3.4.x Email app/models/user.rb access control
A vulnerability classified as critical has been found in Mastodon up to 3.4.x. Affected is an unknown function of the
CVE-2022-0910 | ZyXEL USG/ZyWALL Two-Factor Authentication improper authentication
A vulnerability was found in ZyXEL USG and ZyWALL. It has been rated as critical. This issue affects some unknown
CVE-2022-30017 | SourceCodester Rescue Dispatch Management System 1.0 cross site scripting
A vulnerability, which was classified as problematic, has been found in SourceCodester Rescue Dispatch Management System 1.0. Affected by this
CVE-2022-30016 | SourceCodester Rescue Dispatch Management System 1.0 admin/ access control
A vulnerability classified as critical was found in SourceCodester Rescue Dispatch Management System 1.0. Affected by this vulnerability is an
CVE-2022-30014 | Lumidek Simple Food Website 1.0 cross-site request forgery
A vulnerability has been found in Lumidek Simple Food Website 1.0 and classified as problematic. This vulnerability affects unknown code.
CVE-2022-0734 | ZyXEL USG/ZyWALL CGI Program cross site scripting
A vulnerability, which was classified as problematic, was found in ZyXEL USG and ZyWALL. This affects an unknown part of
CVE-2021-42233 | WonderCMS 3.4.1 Simple Blog Plugin cross site scripting
A vulnerability was found in WonderCMS 3.4.1. It has been classified as problematic. Affected is an unknown function of the
CVE-2022-29002 | XXL-Job 2.3.0 /gaia-job-admin/user/add cross-site request forgery (ID 2821)
A vulnerability was found in XXL-Job 2.3.0 and classified as problematic. This issue affects some unknown processing of the file
CVE-2022-1840 | Home Clean Services Management System 1.0 register.php cross site scripting
A vulnerability, which was classified as problematic, has been found in Home Clean Services Management System 1.0. This issue affects
CVE-2022-29004 | Diary Management System 1.0 search-result.php Name cross site scripting
A vulnerability has been found in Diary Management System 1.0 and classified as problematic. Affected by this vulnerability is an
CVE-2022-1819 | Student Information System 1.0 Student Roll Module admin/ cross site scripting
A vulnerability, which was classified as problematic, was found in Student Information System 1.0. Affected is an unknown function of
CVE-2022-31488 | Inout Blockchain AltExchanger 1.2.1 update_marketboxslider marketcurrency sql injection
A vulnerability was found in Inout Blockchain AltExchanger 1.2.1. It has been classified as critical. This affects an unknown part
CVE-2022-31487 | Inout Blockchain AltExchanger master.php symbol sql injection
A vulnerability was found in Inout Blockchain AltExchanger and Inout Blockchain FiatExchanger and classified as critical. Affected by this issue
CVE-2022-31489 | Inout Blockchain AltExchanger 1.2.1 index.php/home/about cookie sql injection
A vulnerability was found in Inout Blockchain AltExchanger 1.2.1. It has been declared as critical. This vulnerability affects unknown code
CVE-2022-29005 | Online Birth Certificate System 1.2 /obcs/user/profile.php fname/lname cross site scripting
A vulnerability classified as problematic has been found in Online Birth Certificate System 1.2. Affected is an unknown function of
CVE-2022-20821 | Cisco IOS XR 7.3.3 Health Check access control (cisco-sa-iosxr-redis-ABJyE5xK)
A vulnerability was found in Cisco IOS XR 7.3.3. It has been rated as critical. This issue affects some unknown
CVE-2021-32941 | Annke N48PBB up to 3.4.106 Build 200422 stack-based overflow (icsa-21-238-02)
A vulnerability, which was classified as very critical, has been found in Annke N48PBB up to 3.4.106 Build 200422. Affected
CVE-2022-30015 | SourceCodester Simple Food Website 1.0/127.0.0.1 all_users.php Full Username cross site scripting
A vulnerability classified as problematic was found in SourceCodester Simple Food Website 1.0/127.0.0.1. Affected by this vulnerability is an unknown
CVE-2022-28944 | EMCO Products Installation code download
A vulnerability, which was classified as problematic, was found in EMCO Products. This affects an unknown part of the component
CVE-2022-28932 | D-Link DSL-G2452DG 2.00 permission
A vulnerability has been found in D-Link DSL-G2452DG 2.00 and classified as critical. This vulnerability affects unknown code. The manipulation
CVE-2021-32935 | Cognex In-Sight OPC Server up to 5.7.4 deserialization (icsa-21-224-01)
A vulnerability was found in Cognex In-Sight OPC Server up to 5.7.4. It has been classified as critical. Affected is
CVE-2022-29376 | Xampp up to 8.1.4 on Windows Installation default permission
A vulnerability was found in Xampp up to 8.1.4 and classified as critical. This issue affects some unknown processing of
CVE-2021-41714 | Tipask up to 3.5.8 Attachment path information disclosure
A vulnerability was found in Tipask up to 3.5.8. It has been rated as problematic. Affected by this issue is
CVE-2021-32958 | Claroty Secure Remote Access Site 3.0/3.1/3.2 Command Line Interface authentication bypass (icsa-21-180-06)
A vulnerability was found in Claroty Secure Remote Access Site 3.0/3.1/3.2. It has been declared as critical. Affected by this
CVE-2022-31466 | Quick Heal Total Security prior 12.1.1.27 toctou
A vulnerability classified as critical was found in Quick Heal Total Security. This vulnerability affects unknown code. The manipulation leads
CVE-2022-1811 | publify up to 9.2.8 unrestricted upload
A vulnerability classified as critical has been found in publify up to 9.2.8. This affects an unknown part. The manipulation
CVE-2022-31467 | Quick Heal Total Security prior 12.1.1.27 Installation uncontrolled search path
A vulnerability, which was classified as critical, has been found in Quick Heal Total Security. This issue affects some unknown
Windows Kernel Driver in Rust (Rusty Rootkit) for Red Teamers
Latest articles about FirmwareRead More
Exploit Development: No Code Execution? No Problem! Living The Age of VBS, HVCI, and Kernel CFG
Latest articles about FirmwareRead More
CVE-2022-1837 | Home Clean Services Management System 1.0 register.php unrestricted upload
A vulnerability was found in Home Clean Services Management System 1.0. It has been rated as critical. Affected by this
Fedora 34: curl 2022-8277bef335>
– fix too eager reuse of TLS and SSH connections (CVE-2022-27782) —- – fix credential leak on redirect (CVE-2022-27774) –
Security Bulletin: This Power System update is being released to address CVE-2020-1968
Latest articles about FirmwareRead More
Security Bulletin: This Power System update is being released to address CVE 2022-22309
Latest articles about FirmwareRead More
Ubuntu 5438-1: HTMLDOC vulnerability>
HTMLDOC could be made to crash or run programs if it received specially crafted HTML files.LinuxSecurity – Security AdvisoriesRead More
CVE-2021-32958
Successful exploitation of this vulnerability on Claroty Secure Remote Access (SRA) Site versions 3.0 through 3.2 allows an attacker with
Ubuntu 5437-1: libXfixes vulnerability>
libXfixes could be made to crash or run programs if it received specially crafted input.LinuxSecurity – Security AdvisoriesRead More
CVE-2022-31487
Inout Blockchain AltExchanger 1.2.1 and Inout Blockchain FiatExchanger 2.2.1 allow Chart/TradingView/chart_content/master.php symbol SQL injection.National Vulnerability DatabaseRead More
CVE-2022-1467
Windows OS can be configured to overlay a “language bar� on top of any application. When this OS functionality is
CVE-2022-31489
Inout Blockchain AltExchanger 1.2.1 allows index.php/home/about inoutio_language cookie SQL injection.National Vulnerability DatabaseRead More
CVE-2022-31488
Inout Blockchain AltExchanger 1.2.1 allows index.php/coins/update_marketboxslider marketcurrency SQL injection.National Vulnerability DatabaseRead More
CVE-2022-29002
A Cross-Site Request Forgery (CSRF) in XXL-Job v2.3.0 allows attackers to arbitrarily create administrator accounts via the component /gaia-job-admin/user/add.National Vulnerability
CVE-2022-28999
Insecure permissions in the install directories and binaries of Dev-CPP v4.9.9.2 allows attackers to execute arbitrary code via overwriting the
CVE-2022-29376
Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute
CVE-2022-30015
In Simple Food Website 1.0, a moderation can put the Cross Site Scripting Payload in any of the fields on
CVE-2021-32935
The affected Cognex product, the In-Sight OPC Server versions v5.7.4 (96) and prior, deserializes untrusted data, which could allow a
CVE-2022-28944
Certain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check. This affects MSI Package Builder for
CVE-2022-31466
Quick Heal Total Security before 12.1.1.27 has a TOCTOU race condition that leads to privilege escalation. It may follow a
CVE-2021-32941
Annke N48PBB (Network Video Recorder) products of version 3.4.106 build 200422 and prior are vulnerable to a stack-based buffer overflow,
CVE-2022-31467
Quick Heal Total Security before 12.1.1.27 allows DLL hijacking during installation.National Vulnerability DatabaseRead More
CVE-2021-42233
The Simple Blog plugin in Wondercms 3.4.1 is vulnerable to stored cross-site scripting (XSS) vulnerability. When any user opens a
New DeadBolt Ransomware Attacks Have Been Reported by QNAP
Latest articles about FirmwareRead More
Ubuntu 5436-1: libXrender vulnerabilities>
Several security issues were fixed in libXrender.LinuxSecurity – Security AdvisoriesRead More
SUSE: 2022:1818-1 important: MozillaFirefox>
An update that fixes two vulnerabilities is now available.LinuxSecurity – Security AdvisoriesRead More
SUSE: 2022:1815-1 important: slurm_20_11>
An update that fixes two vulnerabilities is now available.LinuxSecurity – Security AdvisoriesRead More
SUSE: 2022:1796-1 important: the Linux Kernel (Live Patch 29 for SLE 12 SP5)>
An update that fixes one vulnerability is now available.LinuxSecurity – Security AdvisoriesRead More
SUSE: 2022:1819-1 moderate: python-requests>
An update that fixes one vulnerability is now available.LinuxSecurity – Security AdvisoriesRead More
SUSE: 2022:1817-1 important: rsyslog>
An update that fixes one vulnerability is now available.LinuxSecurity – Security AdvisoriesRead More
CVE-2022-1811
Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9.National Vulnerability DatabaseRead More
CVE-2021-41714
In Tipask < 3.5.9, path parameters entered by the user are not validated when downloading attachments, a registered user can
CVE-2022-30014
Lumidek Associates Simple Food Website 1.0 is vulnerable to Cross Site Request Forgery (CSRF) which allows anyone to takeover admin/moderater
CVE-2022-28932
D-Link DSL-G2452DG HW:T1\tFW:ME_2.00 was discovered to contain insecure permissions.National Vulnerability DatabaseRead More
CVE-2022-29004
Diary Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name parameter in search-result.php.National Vulnerability
CVE-2022-30017
Rescue Dispatch Management System 1.0 suffers from Stored XSS, leading to admin account takeover via cookie stealing.National Vulnerability DatabaseRead More
CVE-2022-29005
Multiple cross-site scripting (XSS) vulnerabilities in the component /obcs/user/profile.php of Online Birth Certificate System v1.2 allows attackers to execute arbitrary
CVE-2022-30016
Rescue Dispatch Management System 1.0 is vulnerable to Incorrect Access Control via http://localhost/rdms/admin/?page=system_info.National Vulnerability DatabaseRead More
CVE-2022-28998 | Xlight FTP 3.9.3.2 stack-based overflow (ID 166381)
A vulnerability has been found in Xlight FTP 3.9.3.2 and classified as critical. This vulnerability affects unknown code. The manipulation
Ubuntu 5432-1: libpng vulnerabilities>
Several security issues were fixed in libpng.LinuxSecurity – Security AdvisoriesRead More
CVE-2022-0900 | DivvyDrive aciklama cross site scripting (tr-22-0375)
A vulnerability was found in DivvyDrive. It has been classified as problematic. Affected is an unknown function. The manipulation of
CVE-2022-1810 | publify up to 9.2.8 access control
A vulnerability was found in publify up to 9.2.8 and classified as critical. This issue affects some unknown processing. The
CVE-2022-30525 (atp100_firmware, atp100w_firmware, atp200_firmware, atp500_firmware, atp700_firmware, atp800_firmware, usg_flex_100w_firmware, usg_flex_200_firmware, usg_flex_500_firmware, usg_flex_50w_firmware, usg_flex_700_firmware, usg20w-vpn_firmware, vpn100_firmware, vpn1000_firmware,….
Latest articles about FirmwareRead More
CVE-2022-28997 | CSZCMS 1.3.0 server-side request forgery (ID 166613)
A vulnerability was found in CSZCMS 1.3.0. It has been declared as critical. Affected by this vulnerability is an unknown
Ubuntu 5435-1: Thunderbird vulnerabilities>
Several security issues were fixed in Thunderbird.LinuxSecurity – Security AdvisoriesRead More
Ubuntu 5434-1: Firefox vulnerabilities>
Firefox could be made to execute JavaScript in a privileged context if it opened a malicious website.LinuxSecurity – Security AdvisoriesRead
CVE-2022-28997
CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forgery (SSRF) which can be leveraged to leak sensitive data via
CVE-2022-28998
Xlight FTP v3.9.3.2 was discovered to contain a stack-based buffer overflow which allows attackers to leak sensitive information via crafted
CVE-2022-0900
A Stored Cross-Site Scripting (XSS) vulnerability in DivvyDrive’s “aciklama” parameter could allow anyone to gain users’ session informations.National Vulnerability DatabaseRead
Update now! Nvidia released fixes for 10 flaws in Windows GPU drivers
Latest articles about FirmwareRead More
CVE-2022-1810
Improper Access Control in GitHub repository publify/publify prior to 9.2.9.National Vulnerability DatabaseRead More
CVE-2022-1816
A vulnerability, which was classified as problematic, has been found in Zoo Management System 1.0. Affected by this issue is
CVE-2022-1817
A vulnerability, which was classified as problematic, was found in Badminton Center Management System. This affects the userlist module at
CVE-2022-28874 | F-Secure Endpoint Protection PE32-Bit File heap-based overflow
A vulnerability classified as critical has been found in F-Secure Endpoint Protection. Affected is an unknown function of the component
CVE-2022-29599 | Apache maven-shared-utils up to 3.3.2 Quoted String Commandline command injection
A vulnerability was found in Apache maven-shared-utils up to 3.3.2. It has been rated as critical. This issue affects the
CVE-2021-42586 | LibreDWG up to 0.12.3 dwg File decode_r2007.c copy_bytes heap-based overflow (ID 350)
A vulnerability, which was classified as critical, has been found in LibreDWG up to 0.12.3. Affected by this issue is
CVE-2021-42585 | LibreDWG up to 0.12.3 dwg File decode_r2007.c copy_compressed_bytes heap-based overflow (ID 351)
A vulnerability classified as critical was found in LibreDWG up to 0.12.3. Affected by this vulnerability is the function copy_compressed_bytes
CVE-2022-1825 | collectiveaccess providence up to 1.7 cross site scripting
A vulnerability, which was classified as problematic, was found in collectiveaccess providence up to 1.7. This affects an unknown part.
Cyber Security Today, May 23, 2022 – A work from home warning, students are victims of ransomware, and more – IT World Canada
Latest articles about FirmwareRead More