info@cirt.gov.bd
+88-02-5500 7183
Facebook Page LinkedIn Page Twitter Page

CVE

Home » CVE

CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults

19 Oct 2022

Vulnerability Description:Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is “${prefix:name}”, where “prefix” is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances...

Read more


CVE-2022-41352: Remote Code Execution Vulnerability in Zimbra Collaboration Suite

17 Oct 2022

CVSS 3.0: 9.8 (Critical) Vulnerability DescriptionAn issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavisd via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is...

Read more


CVE-2022-40684: Critical Authentication Bypass in FortiOS and FortiProxy

16 Oct 2022

An authentication bypass using an alternate path or channel vulnerability [CWE-288] in FortiOS, FortiProxy and FortiSwitchManager may allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests. Exploitation Status: Fortinet recommends immediately validating systems against the following indicator of compromise in the...

Read more


photo courtesy: https://www.wordfence.com/

CVE-2022-40684: Critical Authentication Bypass in FortiOS and FortiProxy

14 Oct 2022

An authentication bypass using an alternate path or channel vulnerability [CWE-288] in FortiOS, FortiProxy and FortiSwitchManager may allow an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests. Exploitation Status: Fortinet recommends immediately validating systems against the following indicator of compromise in the...

Read more


Palo Alto Recognizes Vulnerability Impacting PAN-OS® (CVE-2022-0028)

Palo Alto Recognizes Vulnerability Impacting PAN-OS® (CVE-2022-0028)

05 Sep 2022

Global Critical Infrastructure Potentially Vulnerable To Reflected Amplification-Based Denial-Of-Service (RDoS) Attacks Introduction Over the past few weeks, Cyble Research & Intelligence Labs has observed the active exploitation of a recently discovered vulnerability found in the Palo Alto Networks’ PAN-OS operating system that runs the firewalls and could allows a remote...

Read more


Page 1 of 512345