Security
Headlines
HeadlinesLatestCVEs

Tag

#firefox

CVE-2022-36605: ywoa SQL inject Bypass and Analysis of the article · Issue #24 · cloudwebsoft/ywoa

Yimioa v6.1 was discovered to contain a SQL injection vulnerability via the orderbyGET parameter.

CVE
#sql#xss#vulnerability#web#mac#windows#js#java#intel#c++#auth#firefox
DoNot Team Hackers Updated its Malware Toolkit with Improved Capabilities

The Donot Team threat actor has updated its Jaca Windows malware toolkit with improved capabilities, including a revamped stealer module designed to plunder information from Google Chrome and Mozilla Firefox browsers. The improvements also include a new infection chain that incorporates previously undocumented components to the modular framework, Morphisec researchers Hido Cohen and Arnold

CVE-2022-34488: INTEL-SA-00712

Improper buffer restrictions in the firmware for some Intel(R) NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable escalation of privilege via local access.

CVE-2022-30944: INTEL-SA-00709

Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable information disclosure via local access.

CVE-2022-28709: INTEL-SA-00593

Improper access control in the firmware for some Intel(R) E810 Ethernet Controllers before version 1.6.2.9 may allow a privileged user to potentially enable denial of service via local access.

CVE-2022-21229: INTEL-SA-00665

Improper buffer restrictions for some Intel(R) NUC 9 Extreme Laptop Kit drivers before version 2.2.0.22 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2022-26844: INTEL-SA-00701

Insufficiently protected credentials in the installation binaries for Intel(R) SEAPI in all versions may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2022-25899: INTEL-SA-00694

Authentication bypass for the Open AMT Cloud Toolkit software maintained by Intel(R) before versions 2.0.2 and 2.2.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

CVE-2022-25841: INTEL-SA-00678

Uncontrolled search path elements in the Intel(R) Datacenter Group Event Android application, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.