βΌ CVE-2022-20083 βΌ
π Read
via "National Vulnerability Database".
In Modem 2G/3G CC, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution when decoding combined FACILITY with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00803883; Issue ID: MOLY00803883.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21772 βΌ
π Read
via "National Vulnerability Database".
In TEEI driver, there is a possible type confusion due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06493842; Issue ID: ALPS06493842.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21780 βΌ
π Read
via "National Vulnerability Database".
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704526.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23173 βΌ
π Read
via "National Vulnerability Database".
this vulnerability affect user that even not allowed to access via the web interface. First of all, the attacker needs to access the "Login menu - demo site" then he can see in this menu all the functionality of the application. If the attacker will try to click on one of the links, he will get an answer that he is not authorized because he needs to log in with credentials. after he performed log in to the system there are some functionalities that the specific user is not allowed to perform because he was configured with low privileges however all the attacker need to do in order to achieve his goals is to change the value of the prog step parameter from 0 to 1 or more and then the attacker could access to some of the functionality the web application that he couldn't perform it before the parameter changed.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21774 βΌ
π Read
via "National Vulnerability Database".
In TEEI driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06641447; Issue ID: ALPS06641447.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21776 βΌ
π Read
via "National Vulnerability Database".
In MDP, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06545450; Issue ID: ALPS06545450.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23172 βΌ
π Read
via "National Vulnerability Database".
An attacker can access to "Forgot my password" button, as soon as he puts users is valid in the system, the system would issue a message that a password reset email had been sent to user. This way you can verify which users are in the system and which are not.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21763 βΌ
π Read
via "National Vulnerability Database".
In telecom service, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07044717; Issue ID: ALPS07044708.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21782 βΌ
π Read
via "National Vulnerability Database".
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704508.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21768 βΌ
π Read
via "National Vulnerability Database".
In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06784351; Issue ID: ALPS06784351.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21775 βΌ
π Read
via "National Vulnerability Database".
In sched driver, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479032; Issue ID: ALPS06479032.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21783 βΌ
π Read
via "National Vulnerability Database".
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704482.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21766 βΌ
π Read
via "National Vulnerability Database".
In CCCI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06641673; Issue ID: ALPS06641653.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21767 βΌ
π Read
via "National Vulnerability Database".
In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06784430; Issue ID: ALPS06784430.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21781 βΌ
π Read
via "National Vulnerability Database".
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704433.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30929 βΌ
π Read
via "National Vulnerability Database".
Mini-Tmall v1.0 is vulnerable to Insecure Permissions via tomcat-embed-jasper.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21777 βΌ
π Read
via "National Vulnerability Database".
In Autoboot, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06713894; Issue ID: ALPS06713894.π Read
via "National Vulnerability Database".
π΄ Identity Access Management Is Set for Exploding Growth, Big Changes β Report π΄
π Read
via "Dark Reading".
New research says IAM spending will grow on the back of affordable subscription services, spurred by cloud and mobile adoption, IoT, and continued remote working.π Read
via "Dark Reading".
Dark Reading
Identity Access Management Is Set for Exploding Growth, Big Changes β Report
New research says IAM spending will grow on the back of affordable subscription services, spurred by cloud and mobile adoption, IoT, and continued remote working.
π΄ Cloud Misconfig Exposes 3TB of Sensitive Airport Data in Amazon S3 Bucket: 'Lives at Stake' π΄
π Read
via "Dark Reading".
The unsecured server exposed more than 1.5 million files, including airport worker ID photos and other PII, highlighting the ongoing cloud-security challenges worldwide.π Read
via "Dark Reading".
Dark Reading
Cloud Misconfig Exposes 3TB of Sensitive Airport Data in Amazon S3 Bucket: 'Lives at Stake'
The unsecured server exposed more than 1.5 million files, including airport worker ID photos and other PII, highlighting the ongoing cloud-security challenges worldwide.
β OpenSSL fixes two βone-linerβ crypto bugs β what you need to know β
π Read
via "Naked Security".
"As bad as Heartbleed"? We heard that concern a week ago, but we think it's less ungood than that...π Read
via "Naked Security".
Naked Security
OpenSSL fixes two βone-linerβ crypto bugs β what you need to know
βAs bad as Heartbleedβ? We heard that concern a week ago, but we think itβs less ungood than thatβ¦
π΄ How to Keep EVs From Taking Down the Electrical Grid π΄
π Read
via "Dark Reading".
They may be environmentally friendly, but the surging popularity of electric cars and plug-in hybrids puts the nation's electrical grid at greater risk for malfeasance.π Read
via "Dark Reading".
Dark Reading
How to Keep EVs From Taking Down the Electrical Grid
They may be environmentally friendly, but the surging popularity of electric cars and plug-in hybrids puts the nation's electrical grid at greater risk for malfeasance.