‼ CVE-2022-20229 ‼
📖 Read
via "National Vulnerability Database".
In bta_hf_client_handle_cind_list_item of bta_hf_client_at.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224536184📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20219 ‼
📖 Read
via "National Vulnerability Database".
In multiple functions of StorageManagerService.java and UserManagerService.java, there is a possible way to leave user's directories unencrypted due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224585613📖 Read
via "National Vulnerability Database".
🕴 Nearly Half of Enterprise Endpoints Present Significant Security Risks 🕴
📖 Read
via "Dark Reading".
.📖 Read
via "Dark Reading".
Dark Reading
Nearly Half of Enterprise Endpoints Present Significant Security Risks
🤯1
🕴 Mozilla: EU's eIDAS Proposal Attracts Growing Criticism 🕴
📖 Read
via "Dark Reading".
In the wrong hands, the changes could enable state-sponsored internet surveillance says Mozilla's Chief Security Officer📖 Read
via "Dark Reading".
Dark Reading
Mozilla: EU's eIDAS Proposal Attracts Growing Criticism
In the wrong hands, the changes could enable state-sponsored internet surveillance says Mozilla's Chief Security Officer
🕴 Report: Financial Institutions Overly Complacent About Current Authentication Methods 🕴
📖 Read
via "Dark Reading".
New research report finds most financial organizations have experienced a breach due to an authentication weakness, yet only a third took action📖 Read
via "Dark Reading".
Dark Reading
Report: Financial Institutions Overly Complacent About Current Authentication Methods
New research report finds most financial organizations have experienced a breach due to an authentication weakness, yet only a third took action
🕴 CyberRatings.org Issues AAA Rating on Forcepoint's Cloud Network Firewall 🕴
📖 Read
via "Dark Reading".
Forcepoint's test results are second in a series of publications on this new technology.📖 Read
via "Dark Reading".
Dark Reading
CyberRatings.org Issues AAA Rating on Forcepoint's Cloud Network Firewall
Forcepoint's test results are second in a series of publications on this new technology.
‼ CVE-2022-34763 ‼
📖 Read
via "National Vulnerability Database".
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists that could cause loading of unauthorized firmware images due to improper verification of the firmware signature. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and later), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34764 ‼
📖 Read
via "National Vulnerability Database".
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service when parsing the URL. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V1.0), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32114 ‼
📖 Read
via "National Vulnerability Database".
An unrestricted file upload vulnerability in the Add New Assets function of Strapi v4.1.12 allows attackers to execute arbitrary code via a crafted file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34760 ‼
📖 Read
via "National Vulnerability Database".
A CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability exists that could cause a denial of service of the webserver due to improper handling of the cookies. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V1.0), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31145 ‼
📖 Read
via "National Vulnerability Database".
FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. In versions 1.1.30 and prior, authenticated users using an external identity provider can continue to use Access Tokens and ID Tokens even after they expire. Users who use FlyteAdmin as the OAuth2 Authorization Server are unaffected by this issue. A patch is available on the `master` branch of the repository. As a workaround, rotating signing keys immediately will invalidate all open sessions and force all users to attempt to obtain new tokens. Those who use this workaround should continue to rotate keys until FlyteAdmin has been upgraded and hide FlyteAdmin deployment ingress URL from the internet.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34762 ‼
📖 Read
via "National Vulnerability Database".
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized firmware image loading when unsigned images are added to the firmware image path. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and later), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34761 ‼
📖 Read
via "National Vulnerability Database".
A CWE-476: NULL Pointer Dereference vulnerability exists that could cause a denial of service of the webserver when parsing JSON content type. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and later), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32308 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in uBlock Origin extension before 1.41.1 allows remote attackers to run arbitrary code via a spoofed 'MessageSender.url' to the browser renderer process.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34757 ‼
📖 Read
via "National Vulnerability Database".
A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, which may allow an attacker to observe protected communication details. Affected Products: Easergy P5 (V01.401.102 and prior)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34765 ‼
📖 Read
via "National Vulnerability Database".
A CWE-73: External Control of File Name or Path vulnerability exists that could cause loading of unauthorized firmware images when user-controlled data is written to the file path. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and later), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34756 ‼
📖 Read
via "National Vulnerability Database".
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution or the crash of HTTPs stack which is used for the device Web HMI. Affected Products: Easergy P5 (V01.401.102 and prior)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34758 ‼
📖 Read
via "National Vulnerability Database".
A CWE-20: Improper Input Validation vulnerability exists that could cause the device watchdog function to be disabled if the attacker had access to privileged user credentials. Affected Products: Easergy P5 (V01.401.102 and prior)📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21967 ‼
📖 Read
via "National Vulnerability Database".
File upload vulnerability in the Catalog feature in Prestashop 1.7.6.7 allows remote attackers to run arbitrary code via the add new file page.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34754 ‼
📖 Read
via "National Vulnerability Database".
A CWE-269: Improper Privilege Management vulnerability exists that could allow elevated functionality when guessing credentials. Affected Products: Acti9 PowerTag Link C (A9XELC10-A) (V1.7.5 and prior), Acti9 PowerTag Link C (A9XELC10-B) (V2.12.0 and prior)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34759 ‼
📖 Read
via "National Vulnerability Database".
A CWE-787: Out-of-bounds Write vulnerability exists that could cause a denial of service of the webserver due to improper parsing of the HTTP Headers. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V1.0), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)📖 Read
via "National Vulnerability Database".