βΌ CVE-2022-21941 βΌ
π Read
via "National Vulnerability Database".
All versions of iSTAR Ultra prior to version 6.8.9.CU01are vulnerable to a command injection that could allow an unauthenticated user root access to the system.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1508 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds read flaw was found in the Linux kernelΓ’β¬β’s io_uring module in the way a user triggers the io_read() function with some special parameters. This flaw allows a local user to read some memory out of bounds.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37122 βΌ
π Read
via "National Vulnerability Database".
Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the 'file' GET parameter through the 'logdownload.cgi' Bash script is not properly verified before being used to download log files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30318 βΌ
π Read
via "National Vulnerability Database".
Honeywell ControlEdge through R151.1 uses Hard-coded Credentials. According to FSCT-2022-0056, there is a Honeywell ControlEdge hardcoded credentials issue. The affected components are characterized as: SSH. The potential impact is: Remote code execution, manipulate configuration, denial of service. The Honeywell ControlEdge PLC and RTU product line exposes an SSH service on port 22/TCP. Login as root to this service is permitted and credentials for the root user are hardcoded without automatically changing them upon first commissioning. The credentials for the SSH service are hardcoded in the firmware. The credentials grant an attacker access to a root shell on the PLC/RTU, allowing for remote code execution, configuration manipulation and denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38152 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct WOLFSSL. If the server reuses the previous session structure (struct WOLFSSL) by calling wolfSSL_clear(WOLFSSL* ssl) on it, the next received Client Hello (that resumes the previous session) crashes the server. Note that this bug is only triggered when resuming sessions using TLS session resumption. Only servers that use wolfSSL_clear instead of the recommended SSL_free; SSL_new sequence are affected. Furthermore, wolfSSL_clear is part of wolfSSL's compatibility layer and is not enabled by default. It is not part of wolfSSL's native API.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3028 βΌ
π Read
via "National Vulnerability Database".
A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30317 βΌ
π Read
via "National Vulnerability Database".
Honeywell Experion LX through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0055, there is a Honeywell Experion LX Control Data Access (CDA) EpicMo protocol with unauthenticated functionality issue. The affected components are characterized as: Honeywell Control Data Access (CDA) EpicMo (55565/TCP). The potential impact is: Firmware manipulation, Denial of service. The Honeywell Experion LX Distributed Control System (DCS) utilizes the Control Data Access (CDA) EpicMo protocol (55565/TCP) for device diagnostics and maintenance purposes. This protocol does not have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality. There is no authentication functionality on the protocol in question. An attacker capable of invoking the protocols' functionalities could issue firmware download commands potentially allowing for firmware manipulation and reboot devices causing denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28625 βΌ
π Read
via "National Vulnerability Database".
A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. A low privileged user could locally exploit this vulnerability to disclose sensitive information resulting in a complete loss of confidentiality, integrity, and availability. To exploit this vulnerability, HPE OneView must be configured with credential access to external repositories. HPE has provided a software update to resolve this vulnerability in HPE OneView.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2866 βΌ
π Read
via "National Vulnerability Database".
FATEK FvDesigner version 1.5.103 and prior is vulnerable to an out-of-bounds write while processing project files. If a valid user is tricked into using maliciously crafted project files, an attacker could achieve arbitrary code execution.π Read
via "National Vulnerability Database".
β URGENT! Apple quietly slips out zero-day update for older iPhones β
π Read
via "Naked Security".
Patch as soon as you can - that recent WebKit zero-day affecting new iPhones is apparently being used against older models, too.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ Google Fixes 24 Vulnerabilities with New Chrome Update π΄
π Read
via "Dark Reading".
But one issue that lets websites overwrite content on a user's system clipboard appears unfixed in the new Version 105 of Chrome.π Read
via "Dark Reading".
Dark Reading
Google Fixes 24 Vulnerabilities With New Chrome Update
But one issue that lets websites overwrite content on a user's system clipboard appears unfixed in the new Version 105 of Chrome.
βΌ CVE-2022-38812 βΌ
π Read
via "National Vulnerability Database".
AeroCMS 0.1.1 is vulnerable to SQL Injection via the author parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37183 βΌ
π Read
via "National Vulnerability Database".
Piwigo 12.3.0 is vulnerable to Cross Site Scripting (XSS) via /search/1940/created-monthly-list.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36046 βΌ
π Read
via "National Vulnerability Database".
Next.js is a React framework that can provide building blocks to create web applications. All of the following must be true to be affected by this CVE: Next.js version 12.2.3, Node.js version above v15.0.0 being used with strict `unhandledRejection` exiting AND using next start or a [custom server](https://nextjs.org/docs/advanced-features/custom-server). Deployments on Vercel ([vercel.com](https://vercel.com/)) are not affected along with similar environments where `next-server` isn't being shared across requests.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36566 βΌ
π Read
via "National Vulnerability Database".
Rengine v1.3.0 was discovered to contain a command injection vulnerability via the scan engine function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37184 βΌ
π Read
via "National Vulnerability Database".
The application manage_website.php on Garage Management System 1.0 is vulnerable to Shell File Upload. The already authenticated malicious user, can upload a dangerous RCE or LCE exploit file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37128 βΌ
π Read
via "National Vulnerability Database".
In D-Link DIR-816 A2_v1.10CNB04.img the network can be initialized without authentication via /goform/wizard_end.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38153 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in wolfSSL before 5.5.0 (when --enable-session-ticket is used); however, only version 5.3.0 is exploitable. Man-in-the-middle attackers or a malicious server can crash TLS 1.2 clients during a handshake. If an attacker injects a large ticket (more than 256 bytes) into a NewSessionTicket message in a TLS 1.2 handshake, and the client has a non-empty session cache, the session cache frees a pointer that points to unallocated memory, causing the client to crash with a "free(): invalid pointer" message. NOTE: It is likely that this is also exploitable during TLS 1.3 handshakes between a client and a malicious server. With TLS 1.3, it is not possible to exploit this as a man-in-the-middle.π Read
via "National Vulnerability Database".
π’ Gov to force through tough telecoms regulations to boost network security π’
π Read
via "ITPro".
Regulator Ofcom will have powers to monitor, investigate and fine providers that fail to meet the new requirementsπ Read
via "ITPro".
IT PRO
Gov to force through tough telecoms regulations to boost network security | IT PRO
Regulator Ofcom will have powers to monitor, investigate and fine providers that fail to meet the new requirements
π’ Cuba ransomware group claims attack on Montenegro government π’
π Read
via "ITPro".
The double extortion specialists claim to have stolen the data days before Montenegro announced a sustained and co-ordinated series of cyber attacks targeting it from Russiaπ Read
via "ITPro".
IT PRO
Cuba ransomware group claims attack on Montenegro government | IT PRO
The double extortion specialists claim to have stolen the data days before Montenegro announced a sustained and co-ordinated series of cyber attacks targeting it from Russia
π’ MI5 reveals it has been working with an AI non-profit on national security since 2017 π’
π Read
via "ITPro".
The security service has been working with The Alan Turing Institute and has decided to unveil the partnership today to allow the pair to work more closely togetherπ Read
via "ITPro".
IT PRO
MI5 reveals it has been working with an AI non-profit on national security since 2017 | IT PRO
The security service has been working with The Alan Turing Institute and has decided to unveil the partnership today to allow the pair to work more closely together