‼ CVE-2022-3349 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in Sony PS4 and PS5. It has been classified as critical. This affects the function UVFAT_readupcasetable of the component exFAT Handler. The manipulation of the argument dataLength leads to heap-based buffer overflow. It is possible to launch the attack on the physical device. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-209679.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2760 ‼
📖 Read
via "National Vulnerability Database".
In affected versions of Octopus Deploy it is possible to reveal the Space ID of spaces that the user does not have access to view in an error message when a resource is part of another Space.📖 Read
via "National Vulnerability Database".
🗓️ Rancher stored secrets in plaintext, exposed Kubernetes clusters to takeover 🗓️
📖 Read
via "The Daily Swig".
Maintainers patch vulnerability and offer mitigation advice over bug that affects all Kubernetes objects📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Rancher stored sensitive values in plaintext, exposed Kubernetes clusters to takeover
Maintainers patch vulnerability and offer mitigation advice over bug that affects Rancher-owned objects
🕴 Illumio Introduces New Solution to Stop Endpoint Ransomware from Spreading Across the Hybrid Attack Surface 🕴
📖 Read
via "Dark Reading".
Illumio Endpoint extends zero trust segmentation to see risk and set policy across macOS and Windows devices.📖 Read
via "Dark Reading".
Dark Reading
Illumio Introduces New Solution to Stop Endpoint Ransomware from Spreading Across the Hybrid Attack Surface
Illumio Endpoint extends zero trust segmentation to see risk and set policy across macOS and Windows devices.
🗓️ Vulnerability in Apache Pulsar allowed manipulator-in-the-middle attacks 🗓️
📖 Read
via "The Daily Swig".
Clients vulnerable due to improper certificate validation📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Vulnerability in Apache Pulsar allowed manipulator-in-the-middle attacks
Clients vulnerable due to improper certificate validation
🛠 nfstream 6.5.2 🛠
📖 Read
via "Packet Storm Security".
nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.📖 Read
via "Packet Storm Security".
Packetstormsecurity
nfstream 6.5.2 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🛠 Suricata IDPE 6.0.8 🛠
📖 Read
via "Packet Storm Security".
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Suricata IDPE 6.0.8 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
‼ CVE-2022-40083 ‼
📖 Read
via "National Vulnerability Database".
Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery (SSRF).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22524 ‼
📖 Read
via "National Vulnerability Database".
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an unauthenticated remote attacker could utilize a SQL-Injection vulnerability to gain full database access, modify users and stop services .📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22522 ‼
📖 Read
via "National Vulnerability Database".
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain full access to the device.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40912 ‼
📖 Read
via "National Vulnerability Database".
ETAP Lighting International NV ETAP Safety Manager 1.0.0.32 is vulnerable to Cross Site Scripting (XSS). Input passed to the GET parameter 'action' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22523 ‼
📖 Read
via "National Vulnerability Database".
An improper authentication vulnerability exists in the Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 Web-App which allows an authentication bypass to the context of an unauthorised user if free-access is disabled.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28816 ‼
📖 Read
via "National Vulnerability Database".
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy is prone to reflected XSS which only affects the Sentilo service.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40082 ‼
📖 Read
via "National Vulnerability Database".
Hertz v0.3.0 ws discovered to contain a path traversal vulnerability via the normalizePath function.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22526 ‼
📖 Read
via "National Vulnerability Database".
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a missing authentication allows for full access via API.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39261 ‼
📖 Read
via "National Vulnerability Database".
Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a user input. It is possible to use the `source` or `include` statement to read arbitrary files from outside the templates' directory when using a namespace like `@somewhere/../some.file`. In such a case, validation is bypassed. Versions 1.44.7, 2.15.3, and 3.4.3 contain a fix for validation of such template names. There are no known workarounds aside from upgrading.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28813 ‼
📖 Read
via "National Vulnerability Database".
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of an SQL-injection to gain access to a volatile temporary database with the current states of the device.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40942 ‼
📖 Read
via "National Vulnerability Database".
Tenda TX3 US_TX3V1.0br_V16.03.13.11 is vulnerable to stack overflow via compare_parentcontrol_time.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22525 ‼
📖 Read
via "National Vulnerability Database".
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an remote attacker with admin rights could execute arbitrary commands due to missing input sanitization in the backup restore function📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28811 ‼
📖 Read
via "National Vulnerability Database".
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could utilize an improper input validation on an API-submitted parameter to execute arbitrary OS commands.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28815 ‼
📖 Read
via "National Vulnerability Database".
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy server was discovered to contain a SQL injection vulnerability allowing an attacker to query other tables of the Sentilo service.📖 Read
via "National Vulnerability Database".