Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2022-3240: follow-me.php in follow-me/trunk – WordPress Plugin Repository

The "Follow Me Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.1. This is due to missing nonce validation on the FollowMeIgniteSocialMedia_options_page() function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE
Open in Source
#sql#web#android#windows#google#js#java#wordpress#php#auth
RHSA-2022:8100: Red Hat Security Advisory: swtpm security and bug fix update

An update for swtpm is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23645: swtpm: Unchecked header size indicator against expected size

CVE-2022-42978: Unauthenticated Arbitrary File Read

In the Netic User Export add-on before 1.3.5 for Atlassian Confluence, authorization is mishandled. An unauthenticated attacker could access files on the remote system.

CVE-2022-35613: CVE-ID: CVE-2022-35613

Konker v2.3.9 was to discovered to contain a Cross-Site Request Forgery (CSRF).

Researchers Sound Alarm on Dangerous BatLoader Malware Dropper

BatLoader has spread rapidly to roost in systems globally, tailoring payloads to its victims.

CVE-2022-3903: [git:media_stage/master] media: mceusb: Use new usb_control_msg_*() routines

An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system.

CVE-2022-3993: No Rate Limit On migrate-email Endpoint Leads to Brute-force Attack in kavita

Authentication Bypass by Primary Weakness in GitHub repository kareadita/kavita prior to 0.6.0.3.

CVE-2022-35719: IBM MQ Internet Pass-Thru traces sensitive data (CVE-2022-35719)

IBM MQ Internet Pass-Thru 2.1, 9.2 LTS and 9.2 CD stores potentially sensitive information in trace files that could be read by a local user.

Backdoor.Win32.RemServ.d MVID-2022-0655 Remote Command Execution

Backdoor.Win32.RemServ.d malware suffers from a remote command execution vulnerability.

New "Earth Longzhi" APT Targets Ukraine and Asian Countries with Custom Cobalt Strike Loaders

Entities located in East and Southeast Asia as well as Ukraine have been targeted at least since 2020 by a previously undocumented subgroup of APT41, a prolific Chinese advanced persistent threat (APT). Cybersecurity firm Trend Micro, which christened the espionage crew Earth Longzhi, said the actor's long-running campaign can be split into two based on the toolset deployed to attack its victims