βΌ CVE-2022-21767 βΌ
π Read
via "National Vulnerability Database".
In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06784430; Issue ID: ALPS06784430.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21781 βΌ
π Read
via "National Vulnerability Database".
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704433.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30929 βΌ
π Read
via "National Vulnerability Database".
Mini-Tmall v1.0 is vulnerable to Insecure Permissions via tomcat-embed-jasper.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21777 βΌ
π Read
via "National Vulnerability Database".
In Autoboot, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06713894; Issue ID: ALPS06713894.π Read
via "National Vulnerability Database".
π΄ Identity Access Management Is Set for Exploding Growth, Big Changes β Report π΄
π Read
via "Dark Reading".
New research says IAM spending will grow on the back of affordable subscription services, spurred by cloud and mobile adoption, IoT, and continued remote working.π Read
via "Dark Reading".
Dark Reading
Identity Access Management Is Set for Exploding Growth, Big Changes β Report
New research says IAM spending will grow on the back of affordable subscription services, spurred by cloud and mobile adoption, IoT, and continued remote working.
π΄ Cloud Misconfig Exposes 3TB of Sensitive Airport Data in Amazon S3 Bucket: 'Lives at Stake' π΄
π Read
via "Dark Reading".
The unsecured server exposed more than 1.5 million files, including airport worker ID photos and other PII, highlighting the ongoing cloud-security challenges worldwide.π Read
via "Dark Reading".
Dark Reading
Cloud Misconfig Exposes 3TB of Sensitive Airport Data in Amazon S3 Bucket: 'Lives at Stake'
The unsecured server exposed more than 1.5 million files, including airport worker ID photos and other PII, highlighting the ongoing cloud-security challenges worldwide.
β OpenSSL fixes two βone-linerβ crypto bugs β what you need to know β
π Read
via "Naked Security".
"As bad as Heartbleed"? We heard that concern a week ago, but we think it's less ungood than that...π Read
via "Naked Security".
Naked Security
OpenSSL fixes two βone-linerβ crypto bugs β what you need to know
βAs bad as Heartbleedβ? We heard that concern a week ago, but we think itβs less ungood than thatβ¦
π΄ How to Keep EVs From Taking Down the Electrical Grid π΄
π Read
via "Dark Reading".
They may be environmentally friendly, but the surging popularity of electric cars and plug-in hybrids puts the nation's electrical grid at greater risk for malfeasance.π Read
via "Dark Reading".
Dark Reading
How to Keep EVs From Taking Down the Electrical Grid
They may be environmentally friendly, but the surging popularity of electric cars and plug-in hybrids puts the nation's electrical grid at greater risk for malfeasance.
βΌ CVE-2021-3697 βΌ
π Read
via "National Vulnerability Database".
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34597 βΌ
π Read
via "National Vulnerability Database".
Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability via the function WanParameterSetting.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34595 βΌ
π Read
via "National Vulnerability Database".
Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function setipv6status.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33737 βΌ
π Read
via "National Vulnerability Database".
The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generated admin passwordπ Read
via "National Vulnerability Database".
βΌ CVE-2022-26348 βΌ
π Read
via "National Vulnerability Database".
Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. The Windows Registry setting allows an attacker using the Visitor Management Kiosk, an application designed for public use, to invoke an arbitrary SQL query that has been preloaded into the registry of the Windows Server to obtain sensitive information. This issue affects: Gallagher Command Centre 8.60 versions prior to 8.60.1652; 8.50 versions prior to 8.50.2245; 8.40 versions prior to 8.40.2216; 8.30 versions prior to 8.30.1470; version 8.20 and prior versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26078 βΌ
π Read
via "National Vulnerability Database".
Gallagher Controller 6000 is vulnerable to a Denial of Service attack via conflicting ARP packets with a duplicate IP address. This issue affects: Gallagher Gallagher Controller 6000 vCR8.60 versions prior to 220303a; vCR8.50 versions prior to 220303a; vCR8.40 versions prior to 220303a; vCR8.30 versions prior to 220303a.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33738 βΌ
π Read
via "National Vulnerability Database".
OpenVPN Access Server before 2.11 uses a weak random generator used to create user session token for the web portalπ Read
via "National Vulnerability Database".
βΌ CVE-2021-3695 βΌ
π Read
via "National Vulnerability Database".
A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34598 βΌ
π Read
via "National Vulnerability Database".
The udpserver in H3C Magic R100 V200R004 and V100R005 has the 9034 port opened, allowing attackers to execute arbitrary commands.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34596 βΌ
π Read
via "National Vulnerability Database".
Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function WanParameterSetting.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3696 βΌ
π Read
via "National Vulnerability Database".
A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.π Read
via "National Vulnerability Database".
π΄ Marriott Data Breach Exposes PII, Credit Cards π΄
π Read
via "Dark Reading".
The hospitality giant said data from 300-400 individuals was compromised by a social-engineering scam targeting the Baltimore airport.π Read
via "Dark Reading".
Dark Reading
Marriott Data Breach Exposes PII, Credit Cards
The hospitality giant said data from 300-400 individuals was compromised by a social-engineering scam targeting the Baltimore airport.
π΄ I Built a Cheap 'Warshipping' Device in Just Three Hours β And So Can You π΄
π Read
via "Dark Reading".
Here's how I did it and how you can protect your company against such physical/digital hybrid attacks.π Read
via "Dark Reading".
Dark Reading
I Built a Cheap 'Warshipping' Device in Just 3 Hours β and So Can You
Here's how I did it and how you can protect your company against such physical/digital hybrid attacks.