Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

Guidance for CVE-2022-23278 spoofing in Microsoft Defender for Endpoint

Microsoft released a security update to address CVE-2022-23278 in Microsoft Defender for Endpoint. This important class spoofing vulnerability impacts all platforms. We wish to thank Falcon Force for the collaboration on addressing this issue through coordinated vulnerability disclosure. Cybercriminals are looking for any opening to tamper with security protections in order to blind, confuse, or often shut off customer defenses.

msrc-blog
#vulnerability#web#ios#android#mac#windows#apple#google#microsoft#linux
CVE-2021-26948: SEGV on unknown address 0x000000000000 · Issue #410 · michaelrsweet/htmldoc

Null pointer dereference in the htmldoc v1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service via a crafted html file.

CVE-2021-26948: SEGV on unknown address 0x000000000000 · Issue #410 · michaelrsweet/htmldoc

Null pointer dereference in the htmldoc v1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service via a crafted html file.

CVE-2022-22700: CyberArk Identity Release Notes

CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. In certain configurations, that response header contains different, predictable value ranges which can be used to determine whether a user exists in the tenant.

CVE-2022-22706: Arm Security Updates | Mali GPU Driver Vulnerabilities – Arm Developer

An Arm product family through 2022-01-03 has an Exposed Dangerous Method or Function.

CVE-2022-24573: Element-IT software products news

A stored cross-site scripting (XSS) vulnerability in the admin interface in Element-IT HTTP Commander 7.0.0 allows unauthenticated users to get admin access by injecting a malicious script in the User-Agent field.

CVE-2022-23387: There is SQL blind injection at "Comment Update" · Issue #23 · taogogo/taocms

An issue was discovered in taocms 3.0.2. This is a SQL blind injection that can obtain database data through the Comment Update field.

CVE-2022-23380: There is SQL blind injection at "Admin Edit" · Issue #16 · taogogo/taocms

There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action=admin&id=2&ctrl=edit.

CVE-2022-26332: Offensive Security’s Exploit Database Archive

Cipi 3.1.15 allows Add Server stored XSS via the /api/servers name field.

CVE-2022-25148: WordPress Plugin WP Statistics <= 13.1.5 - Multiple Unauthenticated SQL Injection vulnerabilities

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_id parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.5.