Skip to content
GeekWire
  • HOME
  • NEWS
    • CERT
    • EXPLOITS
    • NCSC
    • NVD
    • SECURELIST
    • US-CERT
  • BLOG
    • Books
    • OSINT
    • Pentest
    • Privacy
  • GHDB
  • CHDB
  • OSINT
  • ARCHIVE
  • ABOUT
    • Privacy Policy
    • Terms of Use
    • External Links
    • Sitemap
GeekWire
GeekWire
  • HOME
  • NEWS
    • CERT
    • EXPLOITS
    • NCSC
    • NVD
    • SECURELIST
    • US-CERT
  • BLOG
    • Books
    • OSINT
    • Pentest
    • Privacy
  • GHDB
  • CHDB
  • OSINT
  • ARCHIVE
  • ABOUT
    • Privacy Policy
    • Terms of Use
    • External Links
    • Sitemap

CERT

VU#473698: uClibc, uClibc-ng libraries have monotonically increasing DNS transaction ID

9 May 2022

Overview

The uClibc and uClibc-ng libraries are vulnerable to DNS cache poisoning due to the use of predicatble …

Tags CERT

VU#473698: CVE-2022-30295 – uClibc, uClibc-ng Libraries Have Monotonically Increasing DNS Transaction ID

9 May 2022

Overview

The uClibc and uClibc-ng libraries are vulnerable to DNS cache poisoning due to the use of predicatble …

Tags CERT

VU#730007: Tychon is vulnerable to privilege escalation due to OPENSSLDIR location

28 April 2022

Overview

Tychon contains a privilege escalation vulnerability due to the use of an OPENSSLDIR …

Tags CERT

VU#411271: Qt allows for privilege escalation due to hard-coding of qt_prfxpath value

28 April 2022

Overview

Prior to version 5.14, Qt hard-codes the qt_prfxpath value to a fixed value, which may lead …

Tags CERT

VU#970766: Spring Framework insecurely handles PropertyDescriptor objects with data binding

31 March 2022

Overview

The Spring Framework insecurely handles PropertyDescriptor objects, which may allow a remote, …

Tags CERT

VU#383864: Visual Voice Mail (VVM) services transmit unencrypted credentials via SMS

24 February 2022

Overview

Visual Voice Mail (VVM) services transmit unencrypted credentials via SMS. An attacker with the ability …

Tags CERT

VU#229438: Mobile device monitoring services do not authenticate API requests

22 February 2022

Overview

The backend infrastructure shared by multiple mobile device monitoring services does not adequately …

Tags CERT

VU#796611: InsydeH2O UEFI software impacted by multiple vulnerabilities in SMM

1 February 2022

Overview

The InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related …

Tags CERT

VU#119678: Samba vfs_fruit module insecurely handles extended file attributes

31 January 2022

Overview

The Samba vfs_fruit …

Tags CERT

VU#287178: McAfee Agent for Windows is vulnerable to privilege escalation due to OPENSSLDIR location

20 January 2022

Overview

McAfee Agent contains a privilege escalation vulnerability due to the use of an OPENSSLDIR …

Tags CERT

VU#142629: Silicon Labs Z-Wave chipsets contain multiple vulnerabilities

7 January 2022

Overview

Various Silicon Labs Z-Wave chipsets do not support encryption, can be downgraded to not use weaker …

Tags CERT

VU#692873: Saviynt Enterprise Identity Cloud vulnerable to local user enumeration and authentication bypass

22 December 2021

Overview

Saviynt Enterprise Identity Cloud contains user enumeration and authentication bypass vulnerabilities in …

Tags CERT

VU#930724: Apache Log4j allows insecure JNDI lookups

15 December 2021

Overview

Apache Log4j allows insecure JNDI lookups that could allow an unauthenticated, remote attacker to …

Tags CERT

VU#999008: Compilers permit Unicode control and homoglyph characters

9 November 2021

Overview

Attacks that allow for unintended control of Unicode and homoglyphic characters, described by the …

Tags CERT
Post navigation
Older posts
Page1 Page2 … Page16 Next →
Cookie-Free

NVD

  • CVE-2022-30701 – An uncontrolled search path element vulnerability in Trend Micro Apex One and Apex One as …27 May 2022
  • CVE-2022-1898 – Use After Free in GitHub repository vim/vim prior to 8.2. …27 May 2022
  • CVE-2022-1907 – Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. …27 May 2022
  • CVE-2022-1908 – Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. …27 May 2022
  • CVE-2022-1909 – Cross-site Scripting (XSS) – Stored in GitHub repository causefx/organizr prior to 2.1.220 …27 May 2022
  • CVE-2022-28394 – EOL Product CVE – Installer of Trend Micro Password Manager (Consumer) versions 3.7.0.1223 …27 May 2022

EXPLOITS

  • qdPM 9.1 – Remote Code Execution (RCE) (Authenticated) (v2)26 May 2022
  • m1k1o’s Blog v.10 – Remote Code Execution (RCE) (Authenticated)23 May 2022
  • OpenCart v3.x Newsletter Module – Blind SQLi23 May 2022
  • Showdoc 2.10.3 – Stored Cross-Site Scripting (XSS)17 May 2022
  • SolarView Compact 6.0 – OS Command Injection17 May 2022
  • T-Soft E-Commerce 4 – SQLi (Authenticated)17 May 2022

SECURELIST

  • IT threat evolution in Q1 2022. Mobile statistics27 May 2022
  • IT threat evolution Q1 202227 May 2022
  • IT threat evolution in Q1 2022. Non-mobile statistics27 May 2022
  • Managed detection and response in 202126 May 2022
  • The Verizon 2022 DBIR25 May 2022
  • What’s wrong with automotive mobile apps?25 May 2022

Information Cyber Network Enterprise Security News

Copyright © 2022 GeekWire | Cookie-Free | Privacy Policy | We are not responsible for the content of external sites.

GeekWire Information Cyber Network Enterprise Security News

Next Page »