Security
Headlines
HeadlinesLatestCVEs

Tag

#ssl

Widespread Swagger-UI library vulnerability leads to DOM XSS attacks

Dozens of bugs reported with a backlog containing hundreds more

PortSwigger
Open in Source
#xss#vulnerability#web#microsoft#js#git#vmware#auth#ssl
CVE-2022-30887: Pharmacy Management System 1.0 Shell Upload ≈ Packet Storm

Pharmacy Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted image file.

CVE-2022-30551: GitHub - OPCFoundation/UA-Java-Legacy: This repository is provided by OPC Foundation as legacy support for an Java version for OPC UA.

OPC UA Legacy Java Stack 2022-04-01 allows a remote attacker to cause a server to stop processing messages by sending crafted messages that exhaust available resources.

CVE-2021-34111: Thecus N4800Eco Nas Server Control Panel Comand Injection

Thecus 4800Eco was discovered to contain a command injection vulnerability via the username parameter in /adm/setmain.php.

CVE-2022-21500: Oracle Security Alert Advisory - CVE-2022-21500

Vulnerability in Oracle E-Business Suite (component: Manage Proxies). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Suite accessible data. Note: Authentication is required for successful attack, however the user may be self-registered. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

More Than 1,000 Cybersecurity Career Pursuers Complete the (ISC)² Entry-Level Cybersecurity Certification Pilot Exam

New professional certification program establishes a pathway into the workforce for students and career changers by demonstrating their foundational knowledge, skills and abilities to employers.

CVE-2021-32934

The affected ThroughTek P2P products (SDKs using versions before 3.1.5, any versions with nossl tag, device firmware not using AuthKey for IOTC conneciton, firmware using AVAPI module without enabling DTLS mechanism, and firmware using P2PTunnel or RDT module) do not sufficiently protect data transferred between the local device and ThroughTek servers. This can allow an attacker to access sensitive information, such as camera feeds.

SAP Application Server ABAP / ABAP Platform Code Injection / SQL Injection / Missing Authorization

The SAP application server ABAP and ABAP Platform are susceptible to code injection, SQL injection, and missing authorization vulnerabilities. Multiple SAP products are affected.

Red Hat Security Advisory 2022-4644-01

Red Hat Security Advisory 2022-4644-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a privilege escalation vulnerability.