βΌ CVE-2022-26671 βΌ
π Read
via "National Vulnerability Database".
Taiwan Secom Dr.ID Access Control systemΓ’β¬β’s login page has a hard-coded credential in the source code. An unauthenticated remote attacker can use the hard-coded credential to acquire partial system information and modify system setting to cause partial disrupt of service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0677 βΌ
π Read
via "National Vulnerability Database".
Improper Handling of Length Parameter Inconsistency vulnerability in the Update Server component of Bitdefender Endpoint Security Tools (in relay role), GravityZone (in Update Server role) allows an attacker to cause a Denial-of-Service. This issue affects: Bitdefender Update Server versions prior to 3.4.0.276. Bitdefender GravityZone versions prior to 26.4-1. Bitdefender Endpoint Security Tools for Linux versions prior to 6.2.21.171. Bitdefender Endpoint Security Tools for Windows versions prior to 7.4.1.111.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22514 βΌ
π Read
via "National Vulnerability Database".
An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. This causes a null pointer dereference in the CmpSettings component of the affected CODESYS products and leads to a crash.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25595 βΌ
π Read
via "National Vulnerability Database".
ASUS RT-AC86U has improper user request handling, which allows an unauthenticated LAN attacker to cause a denial of service by sending particular request a server-to-client reply attempt.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43432 βΌ
π Read
via "National Vulnerability Database".
A Cross Site Scripting (XSS) vulnerability exists in Exrick XMall Admin Panel as of 11/7/2021 via the GET parameter in product-add.jsp.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25594 βΌ
π Read
via "National Vulnerability Database".
MicroprogramΓ’β¬β’s parking lot management system is vulnerable to sensitive information exposure. An unauthorized remote attacker can input specific URLs to acquire partial system configuration information.π Read
via "National Vulnerability Database".
π2
βΌ CVE-2022-22517 βΌ
π Read
via "National Vulnerability Database".
An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25597 βΌ
π Read
via "National Vulnerability Database".
ASUS RT-AC86UΓ’β¬β’s LPD service has insufficient filtering for special characters in the user request, which allows an unauthenticated LAN attacker to perform command injection attack, execute arbitrary commands and disrupt or terminate service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0935 βΌ
π Read
via "National Vulnerability Database".
Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23971 βΌ
π Read
via "National Vulnerability Database".
ASUS RT-AX56UΓ’β¬β’s update_PLC/PORT file has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another PLC/PORT file with the same file name, which results in service disruption.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22518 βΌ
π Read
via "National Vulnerability Database".
A bug in CmpUserMgr component can lead to only partially applied security policies. This can result in enabled, anonymous access to components part of the applied security policy.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23973 βΌ
π Read
via "National Vulnerability Database".
ASUS RT-AX56UΓ’β¬β’s user profile configuration function is vulnerable to stack-based buffer overflow due to insufficient validation for parameter length. An unauthenticated LAN attacker can execute arbitrary code to perform arbitrary operations or disrupt service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26676 βΌ
π Read
via "National Vulnerability Database".
aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the API function to upload and execute malicious scripts to control the system or disrupt service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25596 βΌ
π Read
via "National Vulnerability Database".
ASUS RT-AC56UΓ’β¬β’s configuration function has a heap-based buffer overflow vulnerability due to insufficient validation for the decryption parameter length, which allows an unauthenticated LAN attacker to execute arbitrary code, perform arbitrary operations and disrupt service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43430 βΌ
π Read
via "National Vulnerability Database".
An Access Control vulnerability exists in BigAntSoft BigAnt office messenger 5.6 via im_webserver, which could let a malicious user upload PHP Trojan files.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26675 βΌ
π Read
via "National Vulnerability Database".
aEnrich a+HRD has inadequate filtering for special characters in URLs. An unauthenticated remote attacker can bypass authentication and perform path traversal attacks to access arbitrary files under website root directory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23970 βΌ
π Read
via "National Vulnerability Database".
ASUS RT-AX56UΓ’β¬β’s update_json function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another file with the same file name, which results in service disruption.π Read
via "National Vulnerability Database".
π΄ Scan This: There's Danger in QR Codes π΄
π Read
via "Dark Reading".
Trendy restaurant tables now feature QR codes that lead to menus, payment apps, and CISO nightmares.π Read
via "Dark Reading".
Dark Reading
Scan This: There's Danger in QR Codes
Trendy restaurant tables now feature QR codes that lead to menus, payment apps, and CISO nightmares.
π΄ Ukrainian Member of Notorious FIN7 Cybercrime Group Sentenced π΄
π Read
via "Dark Reading".
Denys Iarmak is the third member of FIN7 to go to prison.π Read
via "Dark Reading".
Dark Reading
Ukrainian Member of Notorious FIN7 Cybercrime Group Sentenced
Denys Iarmak is the third member of FIN7 to go to prison.
π΄ BlackCat Purveyor Shows Ransomware Operators Have Nine Lives π΄
π Read
via "Dark Reading".
Members of BlackMatter, and possibly REvil, have likely resurfaced in the new ransomware-as-a-service group ALPHV, whose primary tool is the BlackCat malware.π Read
via "Dark Reading".
Dark Reading
BlackCat Purveyor Shows Ransomware Operators Have 9 Lives
Members of BlackMatter, and possibly REvil, have likely resurfaced in the new ransomware-as-a-service group ALPHV, whose primary tool is the BlackCat malware.
βΌ CVE-2021-36202 βΌ
π Read
via "National Vulnerability Database".
Server-Side Request Forgery (SSRF) vulnerability in Johnson Controls Metasys could allow an authenticated attacker to inject malicious code into the MUI PDF export feature. This issue affects: Johnson Controls Metasys All 10 versions versions prior to 10.1.5; All 11 versions versions prior to 11.0.2.π Read
via "National Vulnerability Database".