π΄ Apple's Zero-Day Woes Continue π΄
π Read
via "Dark Reading".
Two new bugs in macOS and iOS disclosed this week add to the growing list of zero-days the company has rushed to patch over the past year.π Read
via "Dark Reading".
Dark Reading
Apple's Zero-Day Woes Continue
Two new bugs in macOS and iOS disclosed this week add to the growing list of zero-days the company has rushed to patch over the past year.
βΌ CVE-2022-22963 βΌ
π Read
via "National Vulnerability Database".
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27177 βΌ
π Read
via "National Vulnerability Database".
A Python format string issue leading to information disclosure and potentially remote code execution in ConsoleMe for all versions prior to 1.2.2π Read
via "National Vulnerability Database".
βΌ CVE-2022-25156 βΌ
π Read
via "National Vulnerability Database".
Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to login to the product by using a password reversed from a previously eavesdropped password hash.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1098 βΌ
π Read
via "National Vulnerability Database".
Delta Electronics DIAEnergie (all versions prior to 1.8.02.004) are vulnerable to a DLL hijacking condition. When combined with the Incorrect Default Permissions vulnerability of 4.2.2 above, this makes it possible for an attacker to escalate privilegesπ Read
via "National Vulnerability Database".
βΌ CVE-2022-26417 βΌ
π Read
via "National Vulnerability Database".
Omron CX-Position (versions 2.5.3 and prior) is vulnerable to a use after free memory condition while processing a specific project file, which may allow an attacker to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0489 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab CE/EE affecting all versions starting with 8.15 . It was possible to trigger a DOS by using the math feature with a specific formula in issue comments.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25959 βΌ
π Read
via "National Vulnerability Database".
Omron CX-Position (versions 2.5.3 and prior) is vulnerable to memory corruption while processing a specific project file, which may allow an attacker to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22950 βΌ
π Read
via "National Vulnerability Database".
n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1068 βΌ
π Read
via "National Vulnerability Database".
Modbus Tools Modbus Slave (versions 7.4.2 and prior) is vulnerable to a stack-based buffer overflow in the registration field. This may cause the program to crash when a long character string is used.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26624 βΌ
π Read
via "National Vulnerability Database".
An local privilege escalation vulnerability due to a "runasroot" command in eScan Anti-Virus. This vulnerability is due to invalid arguments and insufficient execution conditions related to "runasroot" command. This vulnerability can induce remote attackers to exploit root privileges by manipulating parameter values.π Read
via "National Vulnerability Database".
βΌ CVE-2019-14839 βΌ
π Read
via "National Vulnerability Database".
It was observed that while login into Business-central console, HTTP request discloses sensitive information like username and password when intercepted using some tool like burp suite etc.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25160 βΌ
π Read
via "National Vulnerability Database".
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to disclose a file in a legitimate user's product by using previously eavesdropped cleartext information and to counterfeit a legitimate user's system.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22570 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow vulnerability found in the UniFi Door Access Reader LiteΓ’β¬β’s (UA Lite) firmware (Version 3.8.28.24 and earlier) allows a malicious actor who has gained access to a network to control all connected UA devices. This vulnerability is fixed in Version 3.8.31.13 and later.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26419 βΌ
π Read
via "National Vulnerability Database".
Omron CX-Position (versions 2.5.3 and prior) is vulnerable to multiple stack-based buffer overflow conditions while parsing a specific project file, which may allow an attacker to locally execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27534 βΌ
π Read
via "National Vulnerability Database".
Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to execute arbitrary code. The fix was delivered automatically. Credits: Georgy Zaytsev (Positive Technologies).π Read
via "National Vulnerability Database".
βΌ CVE-2021-23288 βΌ
π Read
via "National Vulnerability Database".
The vulnerability exists due to insufficient validation of input from certain resources by the IPP software. The attacker would need access to the local Subnet and an administrator interaction to compromise the system. This issue affects: Intelligent Power Protector versions prior to 1.69.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26022 βΌ
π Read
via "National Vulnerability Database".
Omron CX-Position (versions 2.5.3 and prior) is vulnerable to an out-of-bounds write while processing a specific project file, which may allow an attacker to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25157 βΌ
π Read
via "National Vulnerability Database".
Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to disclose or tamper with the information in the product by using an eavesdropped password hash.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21830 βΌ
π Read
via "National Vulnerability Database".
A blind self XSS vulnerability exists in RocketChat LiveChat <v1.9 that could allow an attacker to trick a victim pasting malicious code in their chat instance.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23247 βΌ
π Read
via "National Vulnerability Database".
A command injection vulerability found in quick game engine allows arbitrary remote code in quick app. Allows remote attacke0rs to gain arbitrary code execution in quick game engineπ Read
via "National Vulnerability Database".