Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

CVE-2022-32200: DA's Libdwarf Vulnerabilities

libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check_string_valid in dwarf_util.c.

CVE
#vulnerability#web#mac#ubuntu#linux#dos#git#c++#perl#pdf#buffer_overflow#chrome
CVE-2022-30470: FileRun - Selfhosted File Manager with Sharing and Backup for Photos, Docs & More

In Afian Filerun 20220202 Changing the "search_tika_path" variable to a custom (and previously uploaded) jar file results in remote code execution in the context of the webserver user.

CVE-2022-30490: GitHub - yasinyildiz26/Badminton-Center-Management-System

Badminton Center Management System V1.0 is vulnerable to SQL Injection via parameter 'id' in /bcms/admin/court_rentals/update_status.php.

CVE-2021-40186: DNN CMS Server-Side Request Forgery (CVE-2021-40186)

The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke. SSRF vulnerabilities allow the attacker to exploit the target system to make network requests on their behalf, allowing a range of possible attacks. In the most common scenario, the attacker exploits SSRF vulnerabilities to attack systems behind the firewall and access sensitive information from Cloud Provider metadata services.

TrustPid is another worrying, imperfect attempt to replace tracking cookies

German ISPs are working on the introduction of TrustPid. A supercookie that is intended to replace tracking cookies. The post TrustPid is another worrying, imperfect attempt to replace tracking cookies appeared first on Malwarebytes Labs.

CVE-2022-30128

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30127.

CVE-2022-26905

Microsoft Edge (Chromium-based) Spoofing Vulnerability.

CVE-2022-30127

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30128.