‼ CVE-2022-22982 ‼
📖 Read
via "National Vulnerability Database".
The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28888 ‼
📖 Read
via "National Vulnerability Database".
Spryker Commerce OS 1.4.2 allows Remote Command Execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20218 ‼
📖 Read
via "National Vulnerability Database".
In PermissionController, there is a possible way to get and retain permissions without user's consent due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-223907044📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20226 ‼
📖 Read
via "National Vulnerability Database".
In finishDrawingWindow of WindowManagerService.java, there is a possible tapjacking due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-213644870📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20236 ‼
📖 Read
via "National Vulnerability Database".
A drm driver have oob problem, could cause the system crash or EOPProduct: AndroidVersions: Android SoCAndroid ID: A-233124709📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20216 ‼
📖 Read
via "National Vulnerability Database".
android exported is used to set third-party app access permissions, and the default value of intent-filter is true. com.sprd.firewall has set exported as true.Product: AndroidVersions: Android SoCAndroid ID: A-231911916📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20222 ‼
📖 Read
via "National Vulnerability Database".
In read_attr_value of gatt_db.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-228078096📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20221 ‼
📖 Read
via "National Vulnerability Database".
In avrc_ctrl_pars_vendor_cmd of avrc_pars_ct.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-205571133📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20228 ‼
📖 Read
via "National Vulnerability Database".
In various functions of C2DmaBufAllocator.cpp, there is a possible memory corruption due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-213850092📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20227 ‼
📖 Read
via "National Vulnerability Database".
In USB driver, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216825460References: Upstream kernel📖 Read
via "National Vulnerability Database".
‼ CVE-2017-20127 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in KB Login Authentication Script 1.1 and classified as critical. Affected by this issue is some unknown functionality. The manipulation of the argument username/password with the input 'or''=' leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20229 ‼
📖 Read
via "National Vulnerability Database".
In bta_hf_client_handle_cind_list_item of bta_hf_client_at.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224536184📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20219 ‼
📖 Read
via "National Vulnerability Database".
In multiple functions of StorageManagerService.java and UserManagerService.java, there is a possible way to leave user's directories unencrypted due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224585613📖 Read
via "National Vulnerability Database".
🕴 Nearly Half of Enterprise Endpoints Present Significant Security Risks 🕴
📖 Read
via "Dark Reading".
.📖 Read
via "Dark Reading".
Dark Reading
Nearly Half of Enterprise Endpoints Present Significant Security Risks
🤯1
🕴 Mozilla: EU's eIDAS Proposal Attracts Growing Criticism 🕴
📖 Read
via "Dark Reading".
In the wrong hands, the changes could enable state-sponsored internet surveillance says Mozilla's Chief Security Officer📖 Read
via "Dark Reading".
Dark Reading
Mozilla: EU's eIDAS Proposal Attracts Growing Criticism
In the wrong hands, the changes could enable state-sponsored internet surveillance says Mozilla's Chief Security Officer
🕴 Report: Financial Institutions Overly Complacent About Current Authentication Methods 🕴
📖 Read
via "Dark Reading".
New research report finds most financial organizations have experienced a breach due to an authentication weakness, yet only a third took action📖 Read
via "Dark Reading".
Dark Reading
Report: Financial Institutions Overly Complacent About Current Authentication Methods
New research report finds most financial organizations have experienced a breach due to an authentication weakness, yet only a third took action
🕴 CyberRatings.org Issues AAA Rating on Forcepoint's Cloud Network Firewall 🕴
📖 Read
via "Dark Reading".
Forcepoint's test results are second in a series of publications on this new technology.📖 Read
via "Dark Reading".
Dark Reading
CyberRatings.org Issues AAA Rating on Forcepoint's Cloud Network Firewall
Forcepoint's test results are second in a series of publications on this new technology.
‼ CVE-2022-34763 ‼
📖 Read
via "National Vulnerability Database".
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists that could cause loading of unauthorized firmware images due to improper verification of the firmware signature. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and later), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34764 ‼
📖 Read
via "National Vulnerability Database".
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service when parsing the URL. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V1.0), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32114 ‼
📖 Read
via "National Vulnerability Database".
An unrestricted file upload vulnerability in the Add New Assets function of Strapi v4.1.12 allows attackers to execute arbitrary code via a crafted file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34760 ‼
📖 Read
via "National Vulnerability Database".
A CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability exists that could cause a denial of service of the webserver due to improper handling of the cookies. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V1.0), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)📖 Read
via "National Vulnerability Database".