CVE-2022-39365 : PIMCORE UP TO 10.5.8 TWIG TEMPLATE CODE INJECTION
Description Pimcore is an open source data and experience management platform. Prior to version 10.5.9, the user controlled twig templates
CVE-2022-2421 : SOCKET.IO JS LIBRARY ATTACHMENT PARSER SQL INJECTION
Description Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the _placeholder
CVE-2022-30541 : ABODE IOTA ALL-IN-ONE SECURITY KIT 6.9X/6.9Z XCMD SETUPNP OS COMMAND INJECTION
Description An OS command injection vulnerability exists in the XCMD setUPnP functionality of Abode Systems, Inc. iota All-In-One Security Kit
CVE-2022-3649 : LINUX KERNEL BPF FS/NILFS2/INODE.C NILFS_NEW_INODE USE AFTER FREE
Description A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of
CVE-2022-3203 : ORING IAP-420 2.0M TELNET SERVER HARD-CODED CREDENTIALS
Description On ORing net IAP-420(+) with FW version 2.0m a telnet server is enabled by default and cannot permanently be
CVE-2022-27625 : SYNOLOGY DSM/DS3622XS+/FS3410/HD6500 PRIOR 7.1.1-42962-2 MESSAGE MEMORY CORRUPTION
Description A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message
CVE-2022-25720 : QUALCOMM SNAPDRAGON AUTO WLAN MEMORY CORRUPTION
Description Memory corruption in WLAN due to out of bound array access during connect/roaming in Snapdragon Auto, Snapdragon Compute, Snapdragon
What Is PCI DSS? What Are The Requirements Of PCI DSS Compliance?
What is PCI DSS? The Payment Card industry data security (PCI DSS), was unfolded to encourage and enhance card holder
CVE-2022-22978 : ORACLE UTILITIES TESTING ACCELERATOR 6.0.0.1.3/6.0.0.2.4/6.0.0.3.3 TOOLS REMOTE CODE EXECUTION
Description In Spring Security versions 5.5.6 and 5.6.3 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed
CVE-2022-3569 : SYNACOR ZIMBRA COLLABORATION SUITE UP TO 9.0.0 POSTFIX PRIVILEGE DROPPING / LOWERING ERRORS
Description Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue
CVE-2022-3530 : LINUX KERNEL IPROUTE2 IP/IPADDRESS.C IPADDR_LINK_GET MEMORY LEAK
Description A vulnerability was found in Linux Kernel and classified as problematic. Affected by this issue is the function ipaddr_link_get
CVE-2022-42719 : LINUX KERNEL UP TO 5.19.14 MAC80211 STACK USE AFTER FREE
Description A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.14 could
CVE-2022-0030 : PALO ALTO PAN-OS UP TO 8.1.23 WEB INTERFACE AUTHENTICATION SPOOFING
Description An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific
What Is SSL, TLS And HTTPS?
What is SSL? SSL stands for Secure Sockets Layer. It is a standard technology for establishing an encrypted link between
CVE-2022-42717 : HASHICORP PACKER UP TO 2.3.0 SUDO PRIVILEGE ESCALATION
Description An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure.
CVE-2022-36063 : AZURE RTOS USBX PRIOR 6.1.12 _UX_HOST_CLASS_CDC_ECM_MAC_ADDRESS_GET INTEGER UNDERFLOW
Description Azure RTOS USBx is a USB host, device, and on-the-go (OTG) embedded stack, fully integrated with Azure RTOS ThreadX
CVE-2022-40684 : FORTINET FORTIOS/FORTIPROXY ADMINISTRATIVE INTERFACE IMPROPER AUTHORIZATION
Description A vulnerability was found in Fortinet FortiOS and FortiProxy. It has been classified as very critical. This affects an
What Is Directory Traversal?
What is Directory Traversal? Directory traversal is also known as file path traversal. It is a web security flaw that
CVE-2022-39959 : PANINI EVEREST ENGINE 2.0.4 EVEREST.EXE UNTRUSTED SEARCH PATH
Description Panini Everest Engine 2.0.4 allows unprivileged users to create a file named Everest.exe in the %PROGRAMDATA%\Panini folder. This leads
What Is Credential Stuffing? How To Prevent Using WAF?
What Is Credential Stuffing? A cyberattack known as “credential stuffing” occurs when a cybercriminal gains access to user accounts at
CVE-2022-42457 : GENEREX CS141 PRIOR 2.08 WEB INTERFACE GXSERVE-UPDATE.SH RUN_UPDATE PRIVILEGE ESCALATION
Description Generex CS141 before 2.08 allows remote command execution by administrators via a web interface that reaches run_update in /usr/bin/gxserve-update.sh
CVE-2022-36961 : SOLARWINDS ORION PLATFORM VERB SQL INJECTION
Description A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege
CVE-2022-42302 : VERITAS NETBACKUP UP TO 10.0 NBFSMCLIENT SERVICE SQL INJECTION
Description An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable
What Is REST API? How To Provide Security To REST API?
What is REST API? REST is the acronym of Representational State Transfer (REST). It is an architectural style or pattern