Security
Headlines
HeadlinesLatestCVEs

Tag

#java

CVE-2022-32294: Zimbra Security Advisories - Zimbra :: Tech Center

Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password (from the "zmprove ca" command). It is visible in cleartext on port UDP 514 (aka the syslog port).

CVE
Open in Source
#xss#csrf#vulnerability#web#apache#memcached#nodejs#js#git#java#php#nginx#ssrf#buffer_overflow#auth#ssl
CVE-2022-2353: update · microweber/microweber@79c6914

Prior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a user.

CVE-2022-22370: Security Bulletin: A Cross Site Scripting vulnerability was fixed in the IBM Security Verify Access Product.

IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 221194.

CVE-2022-34167: IBM CICS TX Standard is vulnerable to a stored cross-site scripting attack (CVE-2022-34167)

IBM CICS TX Standard and Advanced 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229432.

CVE-2022-34166: IBM CICS TX Standard is vulnerable to cross-site scripting (CVE-2022-34166)

IBM CICS TX Standard and Advanced 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229430.

CVE-2022-35406: Professional / Community 2022.6

A URL disclosure issue was discovered in Burp Suite before 2022.6. If a user views a crafted response in the Repeater or Intruder, it may be incorrectly interpreted as a redirect.

CVE-2022-32115: Known: social publishing for groups and individuals

An issue in the isSVG() function of Known v1.2.2+2020061101 allows attackers to execute arbitrary code via a crafted SVG file.

Experts Uncover 350 Browser Extension Variants Used in ABCsoup Adware Campaign

A malicious browser extension with 350 variants is masquerading as a Google Translate add-on as part of an adware campaign targeting Russian users of Google Chrome, Opera, and Mozilla Firefox browsers. Mobile security firm Zimperium dubbed the malware family ABCsoup, stating the "extensions are installed onto a victim's machine via a Windows-based executable, bypassing most endpoint security