Aggregator

CVE-2022-43551 | Apple macOS up to 13.2.1 curl cleartext transmission (HT213670 / Nessus ID 211153)

Vuldb Updates
20 hours 10 minutes ago
A vulnerability labeled as problematic has been found in Apple macOS up to 13.2.1. This affects an unknown part of the component curl. Such manipulation leads to cleartext transmission of sensitive information. This vulnerability is uniquely identified as CVE-2022-43551. The attack can only be initiated within the local network. No exploit exists. The affected component should be upgraded.
vuldb.com

CVE-2022-43551 | Oracle MySQL Server up to 5.7.41/8.0.32 Packaging information disclosure (Nessus ID 211153)

Vuldb Updates
20 hours 10 minutes ago
A vulnerability identified as critical has been detected in Oracle MySQL Server up to 5.7.41/8.0.32. Affected by this vulnerability is an unknown functionality of the component Packaging. The manipulation leads to information disclosure. This vulnerability is referenced as CVE-2022-43551. Remote exploitation of the attack is possible. No exploit is available.
vuldb.com

Survey: Most Security Incidents Involve Identity Attacks

Security Boulevard
20 hours 14 minutes ago

A survey of 512 cybersecurity professionals finds 76% report that over half (54%) of the security incidents that occurred in the past 12 months involved some issue relating to identity management. Conducted by Permiso Security, a provider of an identity security platform, the survey also finds 95% are either very confident (52%) or somewhat confident..

The post Survey: Most Security Incidents Involve Identity Attacks appeared first on Security Boulevard.

Michael Vizard

CVE-2025-48957:AstrBot AI路径遍历与认证绕过后端调用链深度解析

先知技术社区
20 hours 32 minutes ago
漏洞简介AstrBot 是一款大型语言模型聊天机器人和开发框架。在 3.4.4 至 3.5.12 版本中存在一个路径遍历漏洞,可能导致信息泄露,例如泄露大语言模型提供商的 API 密钥、账户密码及其他敏感数据漏洞影响评分:7.5(高危)版本:3.4.4 <=,<3.5.12漏洞分析前端请求攻击者构造恶意请求包后端调用链外网可访问,且端口固定为6185在这里:如果请求路径恰好匹配 /ap

CVE-2019-12749 | dbus up to 1.10.27/1.12.15/1.13.11 /.dbus-keyrings improper authentication (RHSA-2019:1726 / Nessus ID 266270)

Vuldb Updates
20 hours 35 minutes ago
A vulnerability has been found in dbus up to 1.10.27/1.12.15/1.13.11 and classified as critical. This affects an unknown part of the file /.dbus-keyrings. The manipulation leads to improper authentication. This vulnerability is documented as CVE-2019-12749. The attack needs to be performed locally. There is not any exploit available. The affected component should be upgraded.
vuldb.com

CVE-2022-35737 | SQLite 3.39.0/3.39.1 C API array index (Nessus ID 236624)

Vuldb Updates
20 hours 35 minutes ago
A vulnerability marked as critical has been reported in SQLite 3.39.0/3.39.1. This affects an unknown part of the component C API. The manipulation leads to improper validation of array index. This vulnerability is traded as CVE-2022-35737. Access to the local network is required for this attack to succeed. There is no exploit available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2022-35737 | Oracle Communications Convergent Charging Controller 6.0.1.0.0/12.0.1.0.0/12.0.5.0.0 Common denial of service (Nessus ID 236624)

Vuldb Updates
20 hours 35 minutes ago
A vulnerability was found in Oracle Communications Convergent Charging Controller 6.0.1.0.0/12.0.1.0.0/12.0.5.0.0 and classified as critical. This vulnerability affects unknown code of the component Common. Executing a manipulation can lead to denial of service. This vulnerability is registered as CVE-2022-35737. It is possible to launch the attack remotely. No exploit is available.
vuldb.com

CVE-2022-35737 | Oracle Communications Network Charging and Control 6.0.1.0.0/12.0.1.0.0/12.0.5.0.0 Common denial of service (Nessus ID 236624)

Vuldb Updates
20 hours 35 minutes ago
A vulnerability was found in Oracle Communications Network Charging and Control 6.0.1.0.0/12.0.1.0.0/12.0.5.0.0. It has been rated as critical. The affected element is an unknown function of the component Common. This manipulation causes denial of service. This vulnerability appears as CVE-2022-35737. The attack may be initiated remotely. There is no available exploit.
vuldb.com

CVE-2022-35737 | Oracle Communications Cloud Native Core Policy up to 22.4.4/23.1.1 denial of service (Nessus ID 236624)

Vuldb Updates
20 hours 35 minutes ago
A vulnerability was found in Oracle Communications Cloud Native Core Policy up to 22.4.4/23.1.1. It has been declared as critical. This impacts an unknown function of the component Policy. Such manipulation leads to denial of service. This vulnerability is referenced as CVE-2022-35737. It is possible to launch the attack remotely. No exploit is available.
vuldb.com

CVE-2018-1160 | netatalk up to 3.1.11 dsi_opensess.c out-of-bounds write (SA_18_62 / EDB-46048)

Vuldb Updates
20 hours 35 minutes ago
A vulnerability labeled as critical has been found in netatalk up to 3.1.11. This vulnerability affects unknown code of the file dsi_opensess.c. The manipulation results in out-of-bounds write. This vulnerability was named CVE-2018-1160. The attack may be performed from remote. In addition, an exploit is available. The affected component should be upgraded.
vuldb.com

CVE-2022-42916 | cURL up to 7.85.x HSTS missing encryption (FEDORA-2022-01ffde372c / Nessus ID 211079)

Vuldb Updates
20 hours 35 minutes ago
A vulnerability was found in cURL up to 7.85.x. It has been declared as problematic. Impacted is an unknown function of the component HSTS Handler. Executing a manipulation can lead to missing encryption of sensitive data. This vulnerability is registered as CVE-2022-42916. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2022-42916 | Apple macOS curl cleartext transmission (HT213605 / Nessus ID 211079)

Vuldb Updates
20 hours 35 minutes ago
A vulnerability identified as problematic has been detected in Apple macOS. Impacted is an unknown function of the component curl. This manipulation causes cleartext transmission of sensitive information. This vulnerability is registered as CVE-2022-42916. The attack requires access to the local network. No exploit is available. You should upgrade the affected component.
vuldb.com

Managed ad