Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

Simmeth System GmbH Supplier Manager LFI / SQL Injection / Bypass

Simmeth System GmbH Supplier Manager (Lieferantenmanager) versions prior to 5.6 suffer from authentication bypass, code execution, cross site scripting, information leakage, remote SQL injection, and various other vulnerabilities.

Packet Storm
Open in Source
#sql#xss#vulnerability#web#windows#js#java#rce#perl#auth#ssl
Red Hat Security Advisory 2022-8100-01

Red Hat Security Advisory 2022-8100-01 - SWTPM is a TPM emulator built on libtpms providing TPM functionality for QEMU VMs.

CVE-2022-3240: follow-me.php in follow-me/trunk – WordPress Plugin Repository

The "Follow Me Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.1. This is due to missing nonce validation on the FollowMeIgniteSocialMedia_options_page() function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

RHSA-2022:8100: Red Hat Security Advisory: swtpm security and bug fix update

An update for swtpm is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23645: swtpm: Unchecked header size indicator against expected size

CVE-2022-42978: Unauthenticated Arbitrary File Read

In the Netic User Export add-on before 1.3.5 for Atlassian Confluence, authorization is mishandled. An unauthenticated attacker could access files on the remote system.

CVE-2022-35613: CVE-ID: CVE-2022-35613

Konker v2.3.9 was to discovered to contain a Cross-Site Request Forgery (CSRF).

Researchers Sound Alarm on Dangerous BatLoader Malware Dropper

BatLoader has spread rapidly to roost in systems globally, tailoring payloads to its victims.

CVE-2022-3903: [git:media_stage/master] media: mceusb: Use new usb_control_msg_*() routines

An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system.

CVE-2022-3993: No Rate Limit On migrate-email Endpoint Leads to Brute-force Attack in kavita

Authentication Bypass by Primary Weakness in GitHub repository kareadita/kavita prior to 0.6.0.3.

CVE-2022-35719: IBM MQ Internet Pass-Thru traces sensitive data (CVE-2022-35719)

IBM MQ Internet Pass-Thru 2.1, 9.2 LTS and 9.2 CD stores potentially sensitive information in trace files that could be read by a local user.