The Week in Ransomware - December 9th 2022 - Wide Impact
On Tuesday, Rackspace finally confirmed everyone's fears that a ransomware attack caused the...
This ransomware gang is a right Royal pain in the AES for healthcare orgs
Newish ransomware gang Royal has been spotted targeting the healthcare sector, the US Department...
Friday Squid Blogging: China Bans Taiwanese Squid Imports
Today I have some squid geopolitical news. As usual, you can also use this squid post to talk...
Legit Android apps poisoned by sticky 'Zombinder' malware
Threat researchers have discovered an obfuscation platform that attaches malware to legitimate...
Hacking Trespass Law
This article talks about public land in the US that is completely surrounded by private land,...
Rackspace warns of phishing risks following ransomware attack
Cloud computing provider Rackspace warned customers on Thursday of increased risks of phishing...
Australia arrests 'Pig Butchering' suspects for stealing $100 million
The Australian Federal Police have arrested four suspected members of a financial investment...
Vulnerabilities by Risk level (Last 12 months)
Vulnerabilities by Vendor (Last 12 months)
| Vendor | Last 12 months | # |
| 1412 | ||
| Fedoraproject | 897 | |
| Microsoft | 810 | |
| Debian | 735 | |
| Oracle | 435 |
Latest Vulnerabilities
-
CVE-2022-39894 - Unspecified vulnerability in Google Android 10.0/11.0/12.0
3.3Improper access control vulnerability in ContactListStartActivityHelper in Phone prior to SMR Dec-2022 Release 1 allows to access sensitive information via implicit intent.
-
CVE-2022-39895 - Unspecified vulnerability in Google Android 10.0/11.0/12.0
3.3Improper access control vulnerability in ContactListUtils in Phone prior to SMR Dec-2022 Release 1 allows to access contact group information via implicit intent.
-
CVE-2022-39896 - Unspecified vulnerability in Google Android 10.0/11.0/12.0
3.3Improper access control vulnerabilities in Contacts prior to SMR Dec-2022 Release 1 allows to access sensitive information via implicit intent.
-
CVE-2022-39897 - Information Exposure Through Log Files vulnerability in Google Android 10.0/11.0/12.0
5.5Exposure of Sensitive Information vulnerability in kernel prior to SMR Dec-2022 Release 1 allows attackers to access the kernel address information via log.
-
CVE-2022-45497 - Command Injection vulnerability in Tenda W6-S Firmware 1.0.0.4(510)
9.8Tenda W6-S v1.0.0.4(510) was discovered to contain a command injection vulnerability in the tpi_get_ping_output function at /goform/exeCommand.
Latest Critical Vulnerabilities
-
CVE-2022-45497 - Command Injection vulnerability in Tenda W6-S Firmware 1.0.0.4(510)
9.8Tenda W6-S v1.0.0.4(510) was discovered to contain a command injection vulnerability in the tpi_get_ping_output function at /goform/exeCommand.
-
CVE-2022-45506 - Command Injection vulnerability in Tenda W30E Firmware 1.0.1.25(633)
9.8Tenda W30E v1.0.1.25(633) was discovered to contain a command injection vulnerability via the fileNameMit parameter at /goform/delFileName.
-
CVE-2022-45550 - Injection vulnerability in Ayacms Project Ayacms 3.1.2
9.8AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE).
-
CVE-2022-44371 - Deserialization of Untrusted Data vulnerability in Hope-Boot Project Hope-Boot 1.0.0
9.8hope-boot 1.0.0 has a deserialization vulnerability that can cause Remote Code Execution (RCE).
-
CVE-2022-46742 - Code Injection vulnerability in Paddlepaddle 2.4.0
9.8Code injection in paddle.audio.functional.get_window in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution.
-
CVE-2022-46741 - Out-of-bounds Read vulnerability in Paddlepaddle
9.1Out-of-bounds read in gather_tree in PaddlePaddle before 2.4.
-
CVE-2022-45010 - SQL Injection vulnerability in Simple Phone Book/Directory web APP Project Simple Phone Book/Directory web APP 1.0
9.8Simple Phone Book/Directory Web App v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at /PhoneBook/edit.php.
-
CVE-2022-45025 - Command Injection vulnerability in Markdown Preview Enhanced Project Markdown Preview Enhanced 0.19.6/0.6.5
9.8Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom was discovered to contain a command injection vulnerability via the PDF file import function.