CVE-2022-39030
smart eVision has inadequate authorization for system information query function. An unauthenticated remote attacker, who is not explicitly authorized to access the information, can access sensitive i ...
Continue Reading
September 27, 2022
CVE-2022-39032
Smart eVision has an improper privilege management vulnerability. A remote attacker with general user privilege can exploit this vulnerability to escalate to administrator privilege, and then perform ...
Continue Reading
September 27, 2022
[SECURITY] Fedora 37 Update: knot-resolver-5.5.3-1.fc37
The Knot Resolver is a DNSSEC-enabled caching full resolver implementation written in C and LuaJIT, including both a resolver library and a daemon. Modular architecture of the library keeps the core t ...
Continue Reading
September 27, 2022
Apache SOAP’s RPCRouterServlet allows reading of arbitrary files over HTTP
An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP. This issue affects Apache SOAP version 2 ...
Continue Reading
September 27, 2022
Apache SOAP’s RPCRouterServlet allows reading of arbitrary files over HTTP
An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP. This issue affects Apache SOAP version 2 ...
Continue Reading
September 27, 2022
[SECURITY] Fedora 37 Update: python-lxml-4.9.1-1.fc37
lxml is a Pythonic, mature binding for the libxml2 and libxslt libraries. It provides safe and convenient access to these libraries using the ElementTre e It extends the ElementTree API significantly ...
Continue Reading
September 24, 2022
CVE-2021-41803
HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed in 1 ...
Continue Reading
September 24, 2022
CVE-2021-41803
HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed in 1 ...
Continue Reading
September 23, 2022
Metasploit Weekly Wrap-Up
## Have you built out that awesome media room?  If your guilty pleasures include using a mobile devic ...
Continue Reading
September 23, 2022
Bitbucket Git Command Injection Exploit
Various versions of Bitbucket Server and Data Center are vulnerable to an unauthenticated command injection vulnerability in multiple API endpoints. The /rest/api/latest/projects/{projectKey}/repos/{r ...
Continue Reading
September 23, 2022
