βΌ CVE-2022-21763 βΌ
π Read
via "National Vulnerability Database".
In telecom service, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07044717; Issue ID: ALPS07044708.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21782 βΌ
π Read
via "National Vulnerability Database".
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704508.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21768 βΌ
π Read
via "National Vulnerability Database".
In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06784351; Issue ID: ALPS06784351.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21775 βΌ
π Read
via "National Vulnerability Database".
In sched driver, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479032; Issue ID: ALPS06479032.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21783 βΌ
π Read
via "National Vulnerability Database".
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704482.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21766 βΌ
π Read
via "National Vulnerability Database".
In CCCI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06641673; Issue ID: ALPS06641653.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21767 βΌ
π Read
via "National Vulnerability Database".
In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06784430; Issue ID: ALPS06784430.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21781 βΌ
π Read
via "National Vulnerability Database".
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704433.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30929 βΌ
π Read
via "National Vulnerability Database".
Mini-Tmall v1.0 is vulnerable to Insecure Permissions via tomcat-embed-jasper.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21777 βΌ
π Read
via "National Vulnerability Database".
In Autoboot, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06713894; Issue ID: ALPS06713894.π Read
via "National Vulnerability Database".
π΄ Identity Access Management Is Set for Exploding Growth, Big Changes β Report π΄
π Read
via "Dark Reading".
New research says IAM spending will grow on the back of affordable subscription services, spurred by cloud and mobile adoption, IoT, and continued remote working.π Read
via "Dark Reading".
Dark Reading
Identity Access Management Is Set for Exploding Growth, Big Changes β Report
New research says IAM spending will grow on the back of affordable subscription services, spurred by cloud and mobile adoption, IoT, and continued remote working.
π΄ Cloud Misconfig Exposes 3TB of Sensitive Airport Data in Amazon S3 Bucket: 'Lives at Stake' π΄
π Read
via "Dark Reading".
The unsecured server exposed more than 1.5 million files, including airport worker ID photos and other PII, highlighting the ongoing cloud-security challenges worldwide.π Read
via "Dark Reading".
Dark Reading
Cloud Misconfig Exposes 3TB of Sensitive Airport Data in Amazon S3 Bucket: 'Lives at Stake'
The unsecured server exposed more than 1.5 million files, including airport worker ID photos and other PII, highlighting the ongoing cloud-security challenges worldwide.
β OpenSSL fixes two βone-linerβ crypto bugs β what you need to know β
π Read
via "Naked Security".
"As bad as Heartbleed"? We heard that concern a week ago, but we think it's less ungood than that...π Read
via "Naked Security".
Naked Security
OpenSSL fixes two βone-linerβ crypto bugs β what you need to know
βAs bad as Heartbleedβ? We heard that concern a week ago, but we think itβs less ungood than thatβ¦
π΄ How to Keep EVs From Taking Down the Electrical Grid π΄
π Read
via "Dark Reading".
They may be environmentally friendly, but the surging popularity of electric cars and plug-in hybrids puts the nation's electrical grid at greater risk for malfeasance.π Read
via "Dark Reading".
Dark Reading
How to Keep EVs From Taking Down the Electrical Grid
They may be environmentally friendly, but the surging popularity of electric cars and plug-in hybrids puts the nation's electrical grid at greater risk for malfeasance.
βΌ CVE-2021-3697 βΌ
π Read
via "National Vulnerability Database".
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34597 βΌ
π Read
via "National Vulnerability Database".
Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability via the function WanParameterSetting.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34595 βΌ
π Read
via "National Vulnerability Database".
Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function setipv6status.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33737 βΌ
π Read
via "National Vulnerability Database".
The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generated admin passwordπ Read
via "National Vulnerability Database".
βΌ CVE-2022-26348 βΌ
π Read
via "National Vulnerability Database".
Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. The Windows Registry setting allows an attacker using the Visitor Management Kiosk, an application designed for public use, to invoke an arbitrary SQL query that has been preloaded into the registry of the Windows Server to obtain sensitive information. This issue affects: Gallagher Command Centre 8.60 versions prior to 8.60.1652; 8.50 versions prior to 8.50.2245; 8.40 versions prior to 8.40.2216; 8.30 versions prior to 8.30.1470; version 8.20 and prior versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26078 βΌ
π Read
via "National Vulnerability Database".
Gallagher Controller 6000 is vulnerable to a Denial of Service attack via conflicting ARP packets with a duplicate IP address. This issue affects: Gallagher Gallagher Controller 6000 vCR8.60 versions prior to 220303a; vCR8.50 versions prior to 220303a; vCR8.40 versions prior to 220303a; vCR8.30 versions prior to 220303a.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33738 βΌ
π Read
via "National Vulnerability Database".
OpenVPN Access Server before 2.11 uses a weak random generator used to create user session token for the web portalπ Read
via "National Vulnerability Database".