Security
Headlines
HeadlinesLatestCVEs

Tag

#linux

CVE-2022-41712: Frappe 14.10.0 - Local File Read | Advisories | Fluid Attacks

Frappe version 14.10.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not correctly validate the information injected by the user in the import_file parameter.

CVE
Open in Source
#vulnerability#linux#git
CVE-2022-41705: GitHub - uasoft-indonesia/badaso: Laravel Vue headless CMS / admin panel / dashboard / builder / API CRUD generator, anything !

Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.

CVE-2022-43983: Browsershot 3.57.2 - Server Side XSS to LFR via HTML | Advisories | Fluid Attacks

Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the HTML content passed to the Browsershot::html method does not contain URL's that use the file:// protocol.

CVE-2022-23044: Tiny File Manager 2.4.8 - Remote Command Execution | Advisories | Fluid Attacks

Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application is vulnerable to CSRF, processes uploaded files server-side (instead of just returning them for download), and allows unauthenticated users to access uploaded files.

CVE-2022-43984: Browsershot 3.57.3 - Server Side XSS to LFR via HTML | Advisories | Fluid Attacks

Browsershot version 3.57.3 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the JS content imported from an external source passed to the Browsershot::html method does not contain URLs that use the file:// protocol.

Slippery RansomExx Malware Moves to Rust, Evading VirusTotal

A new, harder-to-peg version of the ransomware has been rewritten in the Rust programming language.

Update Chrome Browser Now to Patch New Actively Exploited Zero-Day Flaw

Google on Thursday released software updates to address yet another zero-day flaw in its Chrome web browser. Tracked as CVE-2022-4135, the high-severity vulnerability has been described as a heap buffer overflow in the GPU component. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the flaw on November 22, 2022. Heap-based buffer overflow bugs can be

CVE-2022-2721: Security Advisory 2022-24

In affected versions of Octopus Server it is possible for target discovery to print certain values marked as sensitive to log files in plaint-text in when verbose logging is enabled.

CVE-2022-45886: November 2022 Linux Kernel 6.0.9 Vulnerabilities in NetApp Products

An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free.

CVE-2022-45888: [PATCH] char: xillybus: Fix use-after-free in xillyusb_open()

An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race condition and use-after-free during physical removal of a USB device.