Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

CVE-2022-4855: webray.com.cn/leadmanasql.md at main · joinia/webray.com.cn

A vulnerability, which was classified as critical, was found in SourceCodester Lead Management System 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-217020.

CVE
Open in Source
#sql#vulnerability#web#windows#apple#apache#php#auth#chrome#webkit
BitKeep Confirms Cyber Attack, Loses Over $9 Million in Digital Currencies

Decentralized multi-chain crypto wallet BitKeep on Wednesday confirmed a cyberattack that allowed threat actors to distribute fraudulent versions of its Android app with the goal of stealing users' digital currencies. "With maliciously implanted code, the altered APK led to the leak of user's private keys and enabled the hacker to move funds," BitKeep CEO Kevin Como said, describing it as a "

CVE-2022-26969: Cross-Origin Resource Sharing (CORS) - HTTP | MDN

In Directus before 9.7.0, the default settings of CORS_ORIGIN and CORS_ENABLED are true.

Microsoft Patch Tuesday December 2022: SPNEGO RCE, Mark of the Web Bypass, Edge Memory Corruptions

Hello everyone! This episode will be about Microsoft Patch Tuesday for December 2022, including vulnerabilities that were added between November and December Patch Tuesdays. As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. Alternative video link (for Russia): https://vk.com/video-149273431_456239112 But let’s start with an older vulnerability. This will be another example why […]

CVE-2022-46492: 🛡️ Nbnbk has an arbitrary file read vulnerability · Issue #3 · Fanli2012/nbnbk

nbnbk commit 879858451d53261d10f77d4709aee2d01c72c301 was discovered to contain an arbitrary file read vulnerability via the component /api/Index/getFileBinary.

CVE-2022-36354: TALOS-2022-1629 || Cisco Talos Intelligence Group

A heap out-of-bounds read vulnerability exists in the RLA format parser of OpenImageIO master-branch-9aeece7a and v2.3.19.0. More specifically, in the way run-length encoded byte spans are handled. A malformed RLA file can lead to an out-of-bounds read of heap metadata which can result in sensitive information leak. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2022-36316: Security Vulnerabilities fixed in Firefox 103

When using the Performance API, an attacker was able to notice subtle differences between PerformanceEntries and thus learn whether the target URL had been subject to a redirect. This vulnerability affects Firefox < 103.

CVE-2022-36314: Security Vulnerabilities fixed in Firefox ESR 102.1

When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.<br>This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 102.1, Firefox < 103, and Thunderbird < 102.1.

CVE-2022-36318: Security Vulnerabilities fixed in Thunderbird 91.12

When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12.