‼ CVE-2021-4031 ‼
📖 Read
via "National Vulnerability Database".
Syltek application before its 10.22.00 version, does not correctly check that a product ID has a valid payment associated to it. This could allow an attacker to forge a request and bypass the payment system by marking items as payed without any verification.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22633 ‼
📖 Read
via "National Vulnerability Database".
A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22634 ‼
📖 Read
via "National Vulnerability Database".
A buffer overflow was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. A malicious application may be able to execute arbitrary code with kernel privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22591 ‼
📖 Read
via "National Vulnerability Database".
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25193 ‼
📖 Read
via "National Vulnerability Database".
By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22620 ‼
📖 Read
via "National Vulnerability Database".
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8). Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22584 ‼
📖 Read
via "National Vulnerability Database".
A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.3, iOS 15.3 and iPadOS 15.3, watchOS 8.4, macOS Monterey 12.2. Processing a maliciously crafted file may lead to arbitrary code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22604 ‼
📖 Read
via "National Vulnerability Database".
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22644 ‼
📖 Read
via "National Vulnerability Database".
A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to access information about a user's contacts.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22621 ‼
📖 Read
via "National Vulnerability Database".
This issue was addressed with improved checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions.📖 Read
via "National Vulnerability Database".
❌ Agencies Warn on Satellite Hacks & GPS Jamming Affecting Airplanes, Critical Infrastructure ❌
📖 Read
via "Threat Post".
The Russian invasion of Ukraine has coincided with the jamming of airplane navigation systems and hacks on the SATCOM networks that empower critical infrastructure.📖 Read
via "Threat Post".
Threat Post
Agencies Warn on Satellite Hacks & GPS Jamming Affecting Airplanes, Critical Infrastructure
The Russian invasion of Ukraine has coincided with the jamming of airplane navigation systems and hacks on the SATCOM networks that empower critical infrastructure.
‼ CVE-2022-22665 ‼
📖 Read
via "National Vulnerability Database".
A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25182 ‼
📖 Read
via "National Vulnerability Database".
Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft Windows systems.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22640 ‼
📖 Read
via "National Vulnerability Database".
A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. An application may be able to execute arbitrary code with kernel privileges.📖 Read
via "National Vulnerability Database".
🕴 Code-Sabotage Incident in Protest of Ukraine War Exposed Open Source Risks 🕴
📖 Read
via "Dark Reading".
The maintainer of a widely used npm module served up an unwelcome surprise for developers.📖 Read
via "Dark Reading".
Dark Reading
Code-Sabotage Incident in Protest of Ukraine War Exposed Open Source Risks
The maintainer of a widely used npm module served up an unwelcome surprise for developers.
🕴 Half of Orgs Use Web Application Firewalls to Paper Over Flaws 🕴
📖 Read
via "Dark Reading".
WAFs remain a popular backfill for complex and fraught patch management.📖 Read
via "Dark Reading".
Dark Reading
Half of Orgs Use Web Application Firewalls to Paper Over Flaws
WAFs remain a popular backfill for complex and fraught patch management.
‼ CVE-2022-25453 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the time parameter in the saveParentControlInfo function.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25458 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the cmdinput parameter in the exeCommand function.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25461 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the startip parameter in the SetPptpServerCfg function.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25441 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the vlanid parameter in the SetIPTVCfg function.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25452 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the URLs parameter in the saveParentControlInfo function.📖 Read
via "National Vulnerability Database".