Customer portal
Category

CVE Top 10

"SOS
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 29 August 2022

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 


 

1.  CVE-2021-3590

A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

https://nvd.nist.gov/vuln/detail/CVE-2021-3590

 


 

2. CVE-2021-0887

In PVRSRVBridgeHeapCfgHeapConfigName, there is a possible leak of kernel heap content due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-236848817

https://nvd.nist.gov/vuln/detail/CVE-2021-0887

 


 

3. CVE-2018-17144

Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.

https://nvd.nist.gov/vuln/detail/CVE-2018-17144

 


 

4. CVE-2021-3736

A flaw was found in the Linux kernel. A memory leak problem was found in mbochs_ioctl in samples/vfio-mdev/mbochs.c in Virtual Function I/O (VFIO) Mediated devices. This flaw could allow a local attacker to leak internal kernel information.

https://nvd.nist.gov/vuln/detail/CVE-2021-3736

 


 

5. CVE-2021-0698

In PVRSRVBridgeHeapCfgHeapDetails, there is a possible leak of kernel heap content due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-236848165

https://nvd.nist.gov/vuln/detail/CVE-2021-0698

 


 

6. CVE-2022-22963

An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file).

https://nvd.nist.gov/vuln/detail/CVE-2022-22963

 


 

7. CVE-2022-29154

An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file).

https://nvd.nist.gov/vuln/detail/CVE-2022-29154

 


 

8. CVE-2021-30975

This issue was addressed by disabling execution of JavaScript when viewing a scripting dictionary. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious OSAX scripting addition may bypass Gatekeeper checks and circumvent sandbox restrictions.

https://nvd.nist.gov/vuln/detail/CVE-2021-30975

 


 

9. CVE-2021-3690

A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.

https://nvd.nist.gov/vuln/detail/CVE-2021-3690

 


 

10. CVE-2021-3905

A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.

https://nvd.nist.gov/vuln/detail/CVE-2021-3905

 


"SOS
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 22 August 2022

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 


 

1.  CVE-2022-35110

SWFTools commit 772e55a2 was discovered to contain a memory leak via /lib/mem.c.

https://nvd.nist.gov/vuln/detail/CVE-2022-35110

 


 

2. CVE-2020-12720

vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control.

https://nvd.nist.gov/vuln/detail/CVE-2020-12720

 


 

3. CVE-2022-35433

ffjpeg commit caade60a69633d74100bd3c2528bddee0b6a1291 was discovered to contain a memory leak via /src/jfif.c.

https://nvd.nist.gov/vuln/detail/CVE-2022-35433

 


 

4. CVE-2022-1400

Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. This issue affects: Device42 CMDB versions prior to 18.01.00.

https://nvd.nist.gov/vuln/detail/CVE-2022-1400

 


 

5. CVE-2022-37042

Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication (i.e., not having an authtoken), an attacker can upload arbitrary files to the system, leading to directory traversal and remote code execution. NOTE: this issue exists because of an incomplete fix for CVE-2022-27925.

https://nvd.nist.gov/vuln/detail/CVE-2022-37042

 


 

6. CVE-2022-36152

tifig v0.2.2 was discovered to contain a memory leak via operator new[](unsigned long) at /asan/asan_new_delete.cpp.

https://nvd.nist.gov/vuln/detail/CVE-2022-36152

 


 

7. CVE-2022-37438

In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information (for example, username, email, and real name) about Splunk users, when visited by another user through the drilldown component. The vulnerability requires user access to create and share dashboards using Splunk Web.

https://nvd.nist.gov/vuln/detail/CVE-2022-37438

 


 

8. CVE-2012-2459

Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.6, 0.5.x before 0.5.5, 0.6.0.x before 0.6.0.7, and 0.6.x before 0.6.2 allows remote attackers to cause a denial of service (block-processing outage and incorrect block count) via unknown behavior on a Bitcoin network.

https://nvd.nist.gov/vuln/detail/CVE-2012-2459

 


 

9. CVE-2021-26639

This vulnerability is caused by the lack of validation of input values for specific functions if WISA Smart Wing CMS. Remote attackers can use this vulnerability to leak all files in the server without logging in system.

https://nvd.nist.gov/vuln/detail/CVE-2021-26639

 


 

10. CVE-2022-2610

Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

https://nvd.nist.gov/vuln/detail/CVE-2022-2610

 


"SOS
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 15 August 2022

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 


 

1.  CVE-2022-20259

In Telephony, there is a possible leak of ICCID and EID due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-221431393

https://nvd.nist.gov/vuln/detail/CVE-2022-20259

 


 

2. CVE-2022-2610

Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

https://nvd.nist.gov/vuln/detail/CVE-2022-2610

 


 

3. CVE-2021-33646

The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak.

https://nvd.nist.gov/vuln/detail/CVE-2021-33646

 


 

4. CVE-2021-33645

The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak.

https://nvd.nist.gov/vuln/detail/CVE-2021-33645

 


 

5. CVE-2020-12720

vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control.

https://nvd.nist.gov/vuln/detail/CVE-2020-12720

 


 

6. CVE-2022-24086

Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.

https://nvd.nist.gov/vuln/detail/CVE-2022-24086

 


 

7. CVE-2022-30190

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.

https://nvd.nist.gov/vuln/detail/CVE-2022-30190

 


 

8. CVE-2022-1215

A format string vulnerability was found in libinput

https://nvd.nist.gov/vuln/detail/CVE-2022-1215

 


 

9. CVE-2022-30075

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.

https://nvd.nist.gov/vuln/detail/CVE-2022-30075

 


 

10. CVE-2022-24087

Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.

https://nvd.nist.gov/vuln/detail/CVE-2022-24087

 


"SOS
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 08 August 2022

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 


 

1.  CVE-2022-1215

A format string vulnerability was found in libinput

https://nvd.nist.gov/vuln/detail/CVE-2022-1215

 


 

2. CVE-2022-34918

An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.

https://nvd.nist.gov/vuln/detail/CVE-2022-34918

 


 

3. CVE-2022-36446

software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.

https://nvd.nist.gov/vuln/detail/CVE-2022-36446

 


 

4. CVE-2010-3972

Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka “IIS FTP Service Heap Buffer Overrun Vulnerability.” NOTE: some of these details are obtained from third party information.

https://nvd.nist.gov/vuln/detail/CVE-2010-3972

 


 

5. CVE-2019-1040

A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection, aka ‘Windows NTLM Tampering Vulnerability’.

https://nvd.nist.gov/vuln/detail/CVE-2019-1040

 


 

6. CVE-2022-26134

An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form request to post a file whose filename is not initially sanitized. This allows directory traversal, in which the file is saved outside of the intended storage location. If anonymous content creation is enabled, this allows an unauthenticated attacker to upload an executable file, such as a .jsp file, that can lead to remote code execution.

https://nvd.nist.gov/vuln/detail/CVE-2022-26134

 


 

7. CVE-2022-35918

Streamlit is a data oriented application development framework for python. Users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially other sensitive information. An attacker can craft a malicious URL with file paths and the streamlit server would process that URL and return the contents of that file or overwrite existing files on the web-server. This issue has been resolved in version 1.11.1. Users are advised to upgrade. There are no known workarounds for this issue.

https://nvd.nist.gov/vuln/detail/CVE-2022-35918

 


 

8. CVE-2022-2652

Depending on the way the format strings in the card label are crafted it’s possible to leak kernel stack memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when providing the card label on request (reproduce e.g. with many %s modifiers in a row).

https://nvd.nist.gov/vuln/detail/CVE-2022-2652

 


 

9. CVE-2022-22620

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8). Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

https://nvd.nist.gov/vuln/detail/CVE-2022-22620

 


 

10. CVE-2022-1012

A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem.

https://nvd.nist.gov/vuln/detail/CVE-2022-1012

 


"SOS
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 01 August 2022

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 


 

1.  CVE-2018-17144

Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.

https://nvd.nist.gov/vuln/detail/CVE-2018-17144

 


 

2. CVE-2012-2459

Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.6, 0.5.x before 0.5.5, 0.6.0.x before 0.6.0.7, and 0.6.x before 0.6.2 allows remote attackers to cause a denial of service (block-processing outage and incorrect block count) via unknown behavior on a Bitcoin network.

https://nvd.nist.gov/vuln/detail/CVE-2012-2459

 


 

3. CVE-2022-34570

WAVLINK WN579 X3 M79X3.V5030.191012/M79X3.V5030.191012 contains an information leak which allows attackers to obtain the key information via accessing the messages.txt page.

https://nvd.nist.gov/vuln/detail/CVE-2022-34570

 


 

4. CVE-2022-1488

Inappropriate implementation in Extensions API in Google Chrome prior to 101.0.4951.41 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension.

https://nvd.nist.gov/vuln/detail/CVE-2022-1488

 


 

5. CVE-2022-1501

Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

https://nvd.nist.gov/vuln/detail/CVE-2022-1501

 


 

6. CVE-2022-1873

Insufficient policy enforcement in COOP in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

https://nvd.nist.gov/vuln/detail/CVE-2022-1873

 


 

7. CVE-2022-24086

Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.

https://nvd.nist.gov/vuln/detail/CVE-2022-24086

 


 

8. CVE-2022-1637

Inappropriate implementation in Web Contents in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

https://nvd.nist.gov/vuln/detail/CVE-2022-1637

 


 

9. CVE-2022-1875

Inappropriate implementation in PDF in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

https://nvd.nist.gov/vuln/detail/CVE-2022-1875

 


 

10. CVE-2022-1498

Inappropriate implementation in HTML Parser in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

https://nvd.nist.gov/vuln/detail/CVE-2022-1498

 


"SOS
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 25 July 2022

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 


 

1.  CVE-2022-1139

Inappropriate implementation in Background Fetch API in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

https://nvd.nist.gov/vuln/detail/CVE-2022-1139

 


 

2. CVE-2022-1137

Inappropriate implementation in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to leak potentially sensitive information via a crafted HTML page.

https://nvd.nist.gov/vuln/detail/CVE-2022-1137

 


 

3. CVE-2022-1128

Inappropriate implementation in Web Share API in Google Chrome on Windows prior to 100.0.4896.60 allowed an attacker on the local network segment to leak cross-origin data via a crafted HTML page.

https://nvd.nist.gov/vuln/detail/CVE-2022-1128

 


 

4. CVE-2012-2459

Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.6, 0.5.x before 0.5.5, 0.6.0.x before 0.6.0.7, and 0.6.x before 0.6.2 allows remote attackers to cause a denial of service (block-processing outage and incorrect block count) via unknown behavior on a Bitcoin network.

https://nvd.nist.gov/vuln/detail/CVE-2012-2459

 


 

5. CVE-2022-1146

Inappropriate implementation in Resource Timing in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

https://nvd.nist.gov/vuln/detail/CVE-2022-1146

 


 

6. CVE-2022-31162

Slack Morphism is an async client library for Rust. Prior to 0.41.0, it was possible for Slack OAuth client information to leak in application debug logs. Stricter and more secure debug formatting was introduced in v0.41.0 for OAuth secret types to reduce the possibility of printing sensitive information in application logs. As a workaround, do not print/output requests and responses for OAuth and client configurations in logs.

https://nvd.nist.gov/vuln/detail/CVE-2022-31162

 


 

7. CVE-2018-17144

Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.

https://nvd.nist.gov/vuln/detail/CVE-2018-17144

 


 

8. CVE-2020-14126

Information leakage vulnerability exists in the Mi Sound APP. This vulnerability is caused by illegal calls of some sensitive JS interfaces, which can be exploited by attackers to leak sensitive information.

https://nvd.nist.gov/vuln/detail/CVE-2020-14126

 


 

9. CVE-2017-8570

Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka “Microsoft Office Remote Code Execution Vulnerability”. This CVE ID is unique from CVE-2017-0243.

https://nvd.nist.gov/vuln/detail/CVE-2017-8570

 


 

10. CVE-2022-23141

ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information.

https://nvd.nist.gov/vuln/detail/CVE-2022-23141

 


"SOS
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 18 July 2022

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 


 

1.  CVE-2012-2459

Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.6, 0.5.x before 0.5.5, 0.6.0.x before 0.6.0.7, and 0.6.x before 0.6.2 allows remote attackers to cause a denial of service (block-processing outage and incorrect block count) via unknown behavior on a Bitcoin network.

https://nvd.nist.gov/vuln/detail/CVE-2012-2459

 


 

2. CVE-2017-7479

OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.

https://nvd.nist.gov/vuln/detail/CVE-2017-7479

 


 

3. CVE-2015-1774

OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.

https://nvd.nist.gov/vuln/detail/CVE-2015-1774

 


 

4. CVE-2015-2684

OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.

https://nvd.nist.gov/vuln/detail/CVE-2015-2684

 


 

5. CVE-2013-7441

OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.

https://nvd.nist.gov/vuln/detail/CVE-2013-7441

 


 

6. CVE-2017-7508

OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.

https://nvd.nist.gov/vuln/detail/CVE-2017-7508

 


 

7. CVE-2017-7520

OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.

https://nvd.nist.gov/vuln/detail/CVE-2017-7520

 


 

8. CVE-2017-7521

OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.

https://nvd.nist.gov/vuln/detail/CVE-2017-7521

 


 

9. CVE-2015-3988

OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.

https://nvd.nist.gov/vuln/detail/CVE-2015-3988

 


 

10. CVE-2015-0847

OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.

https://nvd.nist.gov/vuln/detail/CVE-2015-0847

 


"SOS
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 11 July 2022

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 


 

1.  CVE-2018-17144

Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.

https://nvd.nist.gov/vuln/detail/CVE-2018-17144

 


 

2. CVE-2012-2459

Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.6, 0.5.x before 0.5.5, 0.6.0.x before 0.6.0.7, and 0.6.x before 0.6.2 allows remote attackers to cause a denial of service (block-processing outage and incorrect block count) via unknown behavior on a Bitcoin network.

https://nvd.nist.gov/vuln/detail/CVE-2012-2459

 


 

3. CVE-2015-0847

The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write.

https://nvd.nist.gov/vuln/detail/CVE-2015-0847

 


 

4. CVE-2015-1774

The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write.

https://nvd.nist.gov/vuln/detail/CVE-2015-1774

 


 

5. CVE-2015-3988

The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write.

https://nvd.nist.gov/vuln/detail/CVE-2015-3988

 


 

6. CVE-2017-7479

The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write.

https://nvd.nist.gov/vuln/detail/CVE-2017-7479

 


 

7. CVE-2017-7508

The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write.

https://nvd.nist.gov/vuln/detail/CVE-2017-7508

 


 

8. CVE-2015-2684

The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write.

https://nvd.nist.gov/vuln/detail/CVE-2015-2684

 


 

9. CVE-2017-7521

The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write.

https://nvd.nist.gov/vuln/detail/CVE-2017-7521

 


 

10. CVE-2013-7441

The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write.

https://nvd.nist.gov/vuln/detail/CVE-2013-7441

 


"SOS
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 04 July 2022

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 


 

1.  CVE-2018-17144

Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.

https://nvd.nist.gov/vuln/detail/CVE-2018-17144

 


 

2. CVE-2012-2459

Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.6, 0.5.x before 0.5.5, 0.6.0.x before 0.6.0.7, and 0.6.x before 0.6.2 allows remote attackers to cause a denial of service (block-processing outage and incorrect block count) via unknown behavior on a Bitcoin network.

https://nvd.nist.gov/vuln/detail/CVE-2012-2459

 


 

3. CVE-2017-7521

OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.

https://nvd.nist.gov/vuln/detail/CVE-2017-7521

 


 

4. CVE-2015-0847

OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.

https://nvd.nist.gov/vuln/detail/CVE-2015-0847

 


 

5. CVE-2015-1774

OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.

https://nvd.nist.gov/vuln/detail/CVE-2015-1774

 


 

6. CVE-2015-3988

OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.

https://nvd.nist.gov/vuln/detail/CVE-2015-3988

 


 

7. CVE-2017-8109

OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.

https://nvd.nist.gov/vuln/detail/CVE-2017-8109

 


 

8. CVE-2013-7441

OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.

https://nvd.nist.gov/vuln/detail/CVE-2013-7441

 


 

9. CVE-2017-7520

OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.

https://nvd.nist.gov/vuln/detail/CVE-2017-7520

 


 

10. CVE-2017-7508

OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.

https://nvd.nist.gov/vuln/detail/CVE-2017-7508

 


"SOS
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 27 June 2022

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 


 

1.  CVE-2018-17144

Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.

https://nvd.nist.gov/vuln/detail/CVE-2018-17144

 


 

2. CVE-2012-2459

Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.6, 0.5.x before 0.5.5, 0.6.0.x before 0.6.0.7, and 0.6.x before 0.6.2 allows remote attackers to cause a denial of service (block-processing outage and incorrect block count) via unknown behavior on a Bitcoin network.

https://nvd.nist.gov/vuln/detail/CVE-2012-2459

 


 

3. CVE-2022-26134

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.

https://nvd.nist.gov/vuln/detail/CVE-2022-26134

 


 

4. CVE-2017-7508

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character.

https://nvd.nist.gov/vuln/detail/CVE-2017-7508

 


 

5. CVE-2017-7520

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character.

https://nvd.nist.gov/vuln/detail/CVE-2017-7520

 


 

6. CVE-2017-7521

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character.

https://nvd.nist.gov/vuln/detail/CVE-2017-7521

 


 

7. CVE-2017-7512

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character.

https://nvd.nist.gov/vuln/detail/CVE-2017-7512

 


 

8. CVE-2016-6316

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character.

https://nvd.nist.gov/vuln/detail/CVE-2016-6316

 


 

9. CVE-2017-7522

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character.

https://nvd.nist.gov/vuln/detail/CVE-2017-7522

 


 

10. CVE-2022-32969

Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)

https://nvd.nist.gov/vuln/detail/CVE-2022-32969

 


1 2 11 12 13 14
Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Youtube
Consent to display content from - Youtube
Vimeo
Consent to display content from - Vimeo
Google Maps
Consent to display content from - Google
Spotify
Consent to display content from - Spotify
Sound Cloud
Consent to display content from - Sound