CVE-2022-38444 Adobe Dimension versions 3.4.5 is vulnerable to a Use After Free vulnerability that could result in arbitrary code execution in the user's context.
An attacker could leverage social engineering or email spoofing to interact with a user and convince them to open the malicious file.
CVE Solution: Update
CVE-2022-38423 ColdFusion versions Update 14 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory vulnerability. This could result in information disclosure.
In most cases, attackers would be required to have access to the server on which ColdFusion is installed. However, ColdFusion can be installed on a
CVE-2022-42232 The v1.0 version of the Cold Storage Management System is vulnerable to SQL Injection.
A successful exploit could result in unauthorized deletion of storage items or even system takeover. The Master.php?f=delete_storage SQL command can be
CVE-2022-39011 The HISP module has a vulnerability that allows access in the kernel space. Successful exploitation may cause unauthorized access.
To view this information, a user only needs to add a specific string of characters to the end of the request. In other words, an
CVE-2022-41576 The rphone module has a script that can be modified to cause irreversible programs to be implanted on user devices.
This vulnerability is currently being exploited in the wild via drive-by-downloads and email campaigns.
In order to exploit this vulnerability, a remote attacker must convince
Episode
00:00:00
00:00:00