Aggregator

复旦大学计算机科学技术学院院长兼党委副书记 杨珉；复旦大学计算机科学技术学院专任副研究员 潘旭东

A vulnerability, which was classified as very critical, has been found in VMware Spring Boot up to 2.5.11/2.6.5. Affected by this issue is some unknown functionality. The manipulation leads to code injection. This vulnerability is handled as CVE-2022-22965. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle Communications Cloud Native Core Automated Test Suite 1.9.0/22.1.0 and classified as very critical. This issue affects some unknown processing of the component Automation Test Suite. The manipulation leads to code injection. The identification of this vulnerability is CVE-2022-22965. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as very critical has been found in Oracle Communications Cloud Native Core Console 1.9.0/22.1.0. This affects an unknown part of the component CNC Console. The manipulation leads to code injection. This vulnerability is uniquely identified as CVE-2022-22965. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as very critical was found in Oracle Communications Cloud Native Core Network Exposure Function 22.1.0. This vulnerability affects unknown code of the component NEF. The manipulation leads to code injection. This vulnerability was named CVE-2022-22965. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as very critical, has been found in Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.10.0/22.1.0. This issue affects some unknown processing of the component DB Tier. The manipulation leads to code injection. The identification of this vulnerability is CVE-2022-22965. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Oracle Communications Cloud Native Core Network Repository Function 1.15.0/22.1.0 and classified as very critical. Affected by this vulnerability is an unknown functionality of the component OCNRF. The manipulation leads to code injection. This vulnerability is known as CVE-2022-22965. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle Communications Cloud Native Core Network Slice Selection Function 22.1.0/1.8.0. It has been declared as very critical. This vulnerability affects unknown code of the component NSSF. The manipulation leads to code injection. This vulnerability was named CVE-2022-22965. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as very critical was found in Oracle Communications Cloud Native Core Policy 1.15.0/22.1.0. Affected by this vulnerability is an unknown functionality of the component Policy. The manipulation leads to code injection. This vulnerability is known as CVE-2022-22965. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

U.S. and allies warn of attacks from Iran-linked actors targeting critical infrastructure through brute-force attacks in a year-long campaign. Intelligence and cybersecurity agencies from the U.S., Australia, and Canada, warn about a year-long campaign carried out by Iran-linked threat actors to break into critical infrastructure organizations via brute force and password spraying attacks. The attacks […]

A vulnerability has been found in didi DDMQ 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Console Module. The manipulation with the input /;login leads to improper authentication. This vulnerability is known as CVE-2024-10173. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

A vulnerability, which was classified as critical, was found in code-projects Blood Bank System up to 1.0. Affected is an unknown function of the file /admin/massage.php. The manipulation of the argument bid leads to sql injection. This vulnerability is traded as CVE-2024-10171. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Submit #421516 / VDB-280957

A vulnerability, which was classified as critical, has been found in code-projects Hospital Management System 1.0. This issue affects some unknown processing of the file get_doctor.php. The manipulation of the argument specilizationid leads to sql injection. The identification of this vulnerability is CVE-2024-10170. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in code-projects Hospital Management System 1.0. This vulnerability affects unknown code of the file change-password.php. The manipulation of the argument cpass leads to sql injection. This vulnerability was named CVE-2024-10169. The attack can be initiated remotely. Furthermore, there is an exploit available.

Het Nederlandse bedrijf DeltaQuad gaat geavanceerde Intelligence, Surveillance & Reconnaissance (ISR)-drones leveren aan Oekraïne. Het ministerie van Defensie schaft de drones aan voor een bedrag van €42,6 miljoen.

Submit #426282 / VDB-280956

Submit #426440 / VDB-280955

Submit #425745 / VDB-280954

A vulnerability classified as critical has been found in Codezips Sales Management System 1.0. This affects an unknown part of the file deletecustind.php. The manipulation of the argument id leads to sql injection. This vulnerability is uniquely identified as CVE-2024-10167. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.