‼ CVE-2022-34762 ‼
📖 Read
via "National Vulnerability Database".
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized firmware image loading when unsigned images are added to the firmware image path. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and later), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34761 ‼
📖 Read
via "National Vulnerability Database".
A CWE-476: NULL Pointer Dereference vulnerability exists that could cause a denial of service of the webserver when parsing JSON content type. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and later), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32308 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in uBlock Origin extension before 1.41.1 allows remote attackers to run arbitrary code via a spoofed 'MessageSender.url' to the browser renderer process.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34757 ‼
📖 Read
via "National Vulnerability Database".
A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, which may allow an attacker to observe protected communication details. Affected Products: Easergy P5 (V01.401.102 and prior)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34765 ‼
📖 Read
via "National Vulnerability Database".
A CWE-73: External Control of File Name or Path vulnerability exists that could cause loading of unauthorized firmware images when user-controlled data is written to the file path. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and later), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34756 ‼
📖 Read
via "National Vulnerability Database".
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution or the crash of HTTPs stack which is used for the device Web HMI. Affected Products: Easergy P5 (V01.401.102 and prior)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34758 ‼
📖 Read
via "National Vulnerability Database".
A CWE-20: Improper Input Validation vulnerability exists that could cause the device watchdog function to be disabled if the attacker had access to privileged user credentials. Affected Products: Easergy P5 (V01.401.102 and prior)📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21967 ‼
📖 Read
via "National Vulnerability Database".
File upload vulnerability in the Catalog feature in Prestashop 1.7.6.7 allows remote attackers to run arbitrary code via the add new file page.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34754 ‼
📖 Read
via "National Vulnerability Database".
A CWE-269: Improper Privilege Management vulnerability exists that could allow elevated functionality when guessing credentials. Affected Products: Acti9 PowerTag Link C (A9XELC10-A) (V1.7.5 and prior), Acti9 PowerTag Link C (A9XELC10-B) (V2.12.0 and prior)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34759 ‼
📖 Read
via "National Vulnerability Database".
A CWE-787: Out-of-bounds Write vulnerability exists that could cause a denial of service of the webserver due to improper parsing of the HTTP Headers. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V1.0), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)📖 Read
via "National Vulnerability Database".
🕴 Researchers Devise New Speculative Execution Attacks Against Some Intel, AMD CPUs 🕴
📖 Read
via "Dark Reading".
"Retbleed" bypasses a commonly used mechanism for protecting against a certain kind of side-channel attack.📖 Read
via "Dark Reading".
Dark Reading
Researchers Devise New Speculative Execution Attacks Against Some Intel, AMD CPUs
"Retbleed" bypasses a commonly used mechanism for protecting against a certain kind of side-channel attack.
‼ CVE-2022-35857 ‼
📖 Read
via "National Vulnerability Database".
kvf-admin through 2022-02-12 allows remote attackers to execute arbitrary code because deserialization is mishandled. The rememberMe parameter is encrypted with a hardcoded key from the com.kalvin.kvf.common.shiro.ShiroConfig file.📖 Read
via "National Vulnerability Database".
👍2
‼ CVE-2017-20129 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in LogoStore. It has been classified as critical. Affected is an unknown function of the file /LogoStore/search.php. The manipulation of the argument query with the input test' UNION ALL SELECT CONCAT(CONCAT('qqkkq','VnPVWVaYxljWqGpLLbEIyPIHBjjjjASQTnaqfKaV'),'qvvpq'),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- oCrh&search= leads to sql injection. It is possible to launch the attack remotely.📖 Read
via "National Vulnerability Database".
🗓️ Microsoft Teams security vulnerability left users open to XSS via flawed stickers feature 🗓️
📖 Read
via "The Daily Swig".
The friendly image sent by your colleague on a teleconference may be hiding a malicious secret📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Microsoft Teams security vulnerability left users open to XSS via flawed stickers feature
The friendly image sent by your colleague on a teleconference may be hiding a malicious secret
🕴 The Next Generation of Threat Detection Will Require Both Human and Machine Expertise 🕴
📖 Read
via "Dark Reading".
To be truly effective, threat detection and response need to combine the strengths of people and technology.📖 Read
via "Dark Reading".
Dark Reading
The Next Generation of Threat Detection Will Require Both Human and Machine Expertise
To be truly effective, threat detection and response need to combine the strengths of people and technology.
🕴 Virtual CISOs Are the Best Defense Against Accelerating Cyber-Risks 🕴
📖 Read
via "Dark Reading".
A poor, permanent hire can be a very expensive error, whereas a mis-hire on a virtual CISO can be rapidly corrected.📖 Read
via "Dark Reading".
Dark Reading
Virtual CISOs Are the Best Defense Against Accelerating Cyber-Risks
A poor, permanent hire can be a very expensive error, whereas a mis-hire on a virtual CISO can be rapidly corrected.
‼ CVE-2022-30113 ‼
📖 Read
via "National Vulnerability Database".
Electronic mall system 1.0_build20200203 is affected vulnerable to SQL Injection.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28369 ‼
📖 Read
via "National Vulnerability Database".
Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not validate the user-provided URL within the crtcmode function's enable_ssh sub-operation of the crtcrpc JSON listener (found at /lib/functions/wnc_jsonsh/crtcmode.sh) A remote attacker on the local network can provide a malicious URL. The data (found at that URL) is written to /usr/sbin/dropbear and then executed as root.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2396 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in SourceCodester Simple e-Learning System 1.0. Affected by this vulnerability is an unknown functionality of the file /vcs/claire_blake. The manipulation of the argument Bio with the input "><script>alert(document.cookie)</script> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28375 ‼
📖 Read
via "National Vulnerability Database".
Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the crtcswitchsimprofile function of the crtcrpc JSON listener. A remote attacker on the local network can inject shell metacharacters into /usr/lib/lua/5.1/luci/controller/rpc.lua to achieve remote code execution as root,📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28372 ‼
📖 Read
via "National Vulnerability Database".
On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints provide a means of provisioning a firmware update for the device via crtc_fw_upgrade or crtcfwimage. The URL provided is not validated, and thus allows for arbitrary file upload to the device. This occurs in /lib/lua/luci/crtc.lua (IDU) and /lib/functions/wnc_jsonsh/wnc_crtc_fw.sh (ODU).📖 Read
via "National Vulnerability Database".