Security
Headlines
HeadlinesLatestCVEs

Tag

#rce

CVE-2020-13567: TALOS-2020-1179 || Cisco Talos Intelligence Group

Multiple SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.

CVE
#sql#vulnerability#cisco#intel#php#rce
CVE-2020-6099: TALOS-2020-1032 || Cisco Talos Intelligence Group

An exploitable code execution vulnerability exists in the file format parsing functionality of Graphisoft BIMx Desktop Viewer 2019.2.2328. A specially crafted file can cause a heap buffer overflow resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2022-27652: Build software better, together

A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.

Upgrades for Spring Framework Have Stalled

Upgrading and fixing the vulnerability in the Spring Framework doesn't seem to have the same level of urgency or energy as patching the Log4j library did back in December.

CVE-2022-26919

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

CVE-2022-26918

Windows Fax Compose Form Remote Code Execution Vulnerability

CVE-2022-26917

Windows Fax Compose Form Remote Code Execution Vulnerability

CVE-2022-26916

Windows Fax Compose Form Remote Code Execution Vulnerability

CVE-2022-24495

Windows Direct Show - Remote Code Execution Vulnerability.

CVE-2022-22009

Windows Hyper-V Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22008, CVE-2022-23257, CVE-2022-24537.