βΌ CVE-2022-26562 βΌ
π Read
via "National Vulnerability Database".
An issue in provider/libserver/ECKrbAuth.cpp of Kopano-Core v11.0.2.51 contains an issue which allows attackers to authenticate even if the user account or password is expired.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23156 βΌ
π Read
via "National Vulnerability Database".
Wyse Device Agent version 14.6.1.4 and below contain an Improper Authentication vulnerability. A malicious user could potentially exploit this vulnerability by providing invalid input in order to obtain a connection to WMS server.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23155 βΌ
π Read
via "National Vulnerability Database".
Dell Wyse Management Suite versions 2.0 through 3.5.2 contain an unrestricted file upload vulnerability. A malicious user with admin privileges can exploit this vulnerability in order to execute arbitrary code on the system.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24066 βΌ
π Read
via "National Vulnerability Database".
The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of [CVE-2022-24433](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2421199) which only patches against the git fetch attack vector. A similar use of the --upload-pack feature of git is also supported for git clone, which the prior fix didn't cover.π Read
via "National Vulnerability Database".
π΄ Apple's Zero-Day Woes Continue π΄
π Read
via "Dark Reading".
Two new bugs in macOS and iOS disclosed this week add to the growing list of zero-days the company has rushed to patch over the past year.π Read
via "Dark Reading".
Dark Reading
Apple's Zero-Day Woes Continue
Two new bugs in macOS and iOS disclosed this week add to the growing list of zero-days the company has rushed to patch over the past year.
βΌ CVE-2022-22963 βΌ
π Read
via "National Vulnerability Database".
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27177 βΌ
π Read
via "National Vulnerability Database".
A Python format string issue leading to information disclosure and potentially remote code execution in ConsoleMe for all versions prior to 1.2.2π Read
via "National Vulnerability Database".
βΌ CVE-2022-25156 βΌ
π Read
via "National Vulnerability Database".
Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to login to the product by using a password reversed from a previously eavesdropped password hash.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1098 βΌ
π Read
via "National Vulnerability Database".
Delta Electronics DIAEnergie (all versions prior to 1.8.02.004) are vulnerable to a DLL hijacking condition. When combined with the Incorrect Default Permissions vulnerability of 4.2.2 above, this makes it possible for an attacker to escalate privilegesπ Read
via "National Vulnerability Database".
βΌ CVE-2022-26417 βΌ
π Read
via "National Vulnerability Database".
Omron CX-Position (versions 2.5.3 and prior) is vulnerable to a use after free memory condition while processing a specific project file, which may allow an attacker to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0489 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab CE/EE affecting all versions starting with 8.15 . It was possible to trigger a DOS by using the math feature with a specific formula in issue comments.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25959 βΌ
π Read
via "National Vulnerability Database".
Omron CX-Position (versions 2.5.3 and prior) is vulnerable to memory corruption while processing a specific project file, which may allow an attacker to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22950 βΌ
π Read
via "National Vulnerability Database".
n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1068 βΌ
π Read
via "National Vulnerability Database".
Modbus Tools Modbus Slave (versions 7.4.2 and prior) is vulnerable to a stack-based buffer overflow in the registration field. This may cause the program to crash when a long character string is used.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26624 βΌ
π Read
via "National Vulnerability Database".
An local privilege escalation vulnerability due to a "runasroot" command in eScan Anti-Virus. This vulnerability is due to invalid arguments and insufficient execution conditions related to "runasroot" command. This vulnerability can induce remote attackers to exploit root privileges by manipulating parameter values.π Read
via "National Vulnerability Database".
βΌ CVE-2019-14839 βΌ
π Read
via "National Vulnerability Database".
It was observed that while login into Business-central console, HTTP request discloses sensitive information like username and password when intercepted using some tool like burp suite etc.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25160 βΌ
π Read
via "National Vulnerability Database".
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to disclose a file in a legitimate user's product by using previously eavesdropped cleartext information and to counterfeit a legitimate user's system.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22570 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow vulnerability found in the UniFi Door Access Reader LiteΓ’β¬β’s (UA Lite) firmware (Version 3.8.28.24 and earlier) allows a malicious actor who has gained access to a network to control all connected UA devices. This vulnerability is fixed in Version 3.8.31.13 and later.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26419 βΌ
π Read
via "National Vulnerability Database".
Omron CX-Position (versions 2.5.3 and prior) is vulnerable to multiple stack-based buffer overflow conditions while parsing a specific project file, which may allow an attacker to locally execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27534 βΌ
π Read
via "National Vulnerability Database".
Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to execute arbitrary code. The fix was delivered automatically. Credits: Georgy Zaytsev (Positive Technologies).π Read
via "National Vulnerability Database".
βΌ CVE-2021-23288 βΌ
π Read
via "National Vulnerability Database".
The vulnerability exists due to insufficient validation of input from certain resources by the IPP software. The attacker would need access to the local Subnet and an administrator interaction to compromise the system. This issue affects: Intelligent Power Protector versions prior to 1.69.π Read
via "National Vulnerability Database".