‼ CVE-2022-25165 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Amazon AWS VPN Client 2.0.0. A TOCTOU race condition exists during the validation of VPN configuration files. This allows parameters outside of the AWS VPN Client allow list to be injected into the configuration file prior to the AWS VPN Client service (running as SYSTEM) processing the file. Dangerous arguments can be injected by a low-level user such as log, which allows an arbitrary destination to be specified for writing log files. This leads to an arbitrary file write as SYSTEM with partial control over the files content. This can be abused to cause an elevation of privilege or denial of service.📖 Read
via "National Vulnerability Database".
🕴 Inside a Data Center Outage: Lessons About Resilience 🕴
📖 Read
via "Dark Reading".
A power failure at a major London data center shows that a truly resilient network is flexible, not just redundant.📖 Read
via "Dark Reading".
Dark Reading
Inside a Data Center Outage: Lessons About Resilience
A power failure at a major London data center shows that a truly resilient network is flexible, not just redundant.
‼ CVE-2022-22391 ‼
📖 Read
via "National Vulnerability Database".
IBM Aspera High-Speed Transfer 4.3.1 and earlier could allow an authenticated user to obtain information from non sensitive operating system files that they should not have access to. IBM X-Force ID: 222059.📖 Read
via "National Vulnerability Database".
🕴 New Malware Tools Pose 'Clear and Present Threat' to ICS Environments 🕴
📖 Read
via "Dark Reading".
The recent discovery of highly customized malware targeting programmable logic controllers has renewed concerns about the vulnerability of critical infrastructure.📖 Read
via "Dark Reading".
Dark Reading
New Malware Tools Pose 'Clear and Present Threat' to ICS Environments
The recent discovery of highly customized malware targeting programmable logic controllers has renewed concerns about the vulnerability of critical infrastructure.
‼ CVE-2021-21939 ‼
📖 Read
via "National Vulnerability Database".
A heap-based buffer overflow vulnerability exists in the XWD parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40425 ‼
📖 Read
via "National Vulnerability Database".
An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B_03 of Webroot Secure Anywhere 21.4. A specially-crafted executable can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability. An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B_03 of Webroot Secure Anywhere 21.4. An IOCTL_B03 request with specific invalid data causes a similar issue in the device driver WRCore_x64. An attacker can issue an ioctl to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21234 ‼
📖 Read
via "National Vulnerability Database".
An SQL injection vulnerability exists in the EchoAssets.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25166 ‼
📖 Read
via "National Vulnerability Database".
An improper verification of the cryptographic signature of firmware updates of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to generate valid firmware updates with arbitrary content that can be used to tamper with devices.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25162 ‼
📖 Read
via "National Vulnerability Database".
A XPath injection vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows unauthenticated remote attackers to access sensitive information and escalate privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40392 ‼
📖 Read
via "National Vulnerability Database".
An information disclosure vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. Network sniffing can lead to a disclosure of sensitive information. An attacker can sniff network traffic to exploit this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25164 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to recover user credentials of the administrative interface.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40402 ‼
📖 Read
via "National Vulnerability Database".
An out-of-bounds read vulnerability exists in the RS-274X aperture macro multiple outline primitives functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.7.1 and 2.8.0. A specially-crafted Gerber file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43257 ‼
📖 Read
via "National Vulnerability Database".
Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an unprivileged attacker to execute code or gain access to information when a user opens the csv_export.php generated CSV file in Excel.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44354 ‼
📖 Read
via "National Vulnerability Database".
Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28505 ‼
📖 Read
via "National Vulnerability Database".
On affected Arista EOS platforms, if a VXLAN match rule exists in an IPv4 access-list that is applied to the ingress of an L2 or an L3 port/SVI, the VXLAN rule and subsequent ACL rules in that access list will ignore the specified IP protocol.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21947 ‼
📖 Read
via "National Vulnerability Database".
Two heap-based buffer overflow vulnerabilities exists in the JPEG-JFIF lossless Huffman image parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities. Placeholder📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21948 ‼
📖 Read
via "National Vulnerability Database".
A heap-based buffer overflow vulnerability exists in the readDatHeadVec functionality of AnyCubic Chitubox AnyCubic Plugin 1.0.0. A specially-crafted GF file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21210 ‼
📖 Read
via "National Vulnerability Database".
An SQL injection vulnerability exists in the AssetActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40424 ‼
📖 Read
via "National Vulnerability Database".
An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B_03 of Webroot Secure Anywhere 21.4. A specially-crafted executable can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability. An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B_03 of Webroot Secure Anywhere 21.4. The GetProcessCommandLine IOCTL request could cause an out-of-bounds read in the device driver WRCore_x64. An attacker can issue an ioctl to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21945 ‼
📖 Read
via "National Vulnerability Database".
Two heap-based buffer overflow vulnerabilities exist in the TIFF parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities. Placeholder📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21946 ‼
📖 Read
via "National Vulnerability Database".
Two heap-based buffer overflow vulnerabilities exists in the JPEG-JFIF lossless Huffman image parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities. Placeholder📖 Read
via "National Vulnerability Database".