‼ CVE-2022-22523 ‼
📖 Read
via "National Vulnerability Database".
An improper authentication vulnerability exists in the Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 Web-App which allows an authentication bypass to the context of an unauthorised user if free-access is disabled.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28816 ‼
📖 Read
via "National Vulnerability Database".
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy is prone to reflected XSS which only affects the Sentilo service.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40082 ‼
📖 Read
via "National Vulnerability Database".
Hertz v0.3.0 ws discovered to contain a path traversal vulnerability via the normalizePath function.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22526 ‼
📖 Read
via "National Vulnerability Database".
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a missing authentication allows for full access via API.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39261 ‼
📖 Read
via "National Vulnerability Database".
Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a user input. It is possible to use the `source` or `include` statement to read arbitrary files from outside the templates' directory when using a namespace like `@somewhere/../some.file`. In such a case, validation is bypassed. Versions 1.44.7, 2.15.3, and 3.4.3 contain a fix for validation of such template names. There are no known workarounds aside from upgrading.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28813 ‼
📖 Read
via "National Vulnerability Database".
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of an SQL-injection to gain access to a volatile temporary database with the current states of the device.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40942 ‼
📖 Read
via "National Vulnerability Database".
Tenda TX3 US_TX3V1.0br_V16.03.13.11 is vulnerable to stack overflow via compare_parentcontrol_time.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22525 ‼
📖 Read
via "National Vulnerability Database".
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an remote attacker with admin rights could execute arbitrary commands due to missing input sanitization in the backup restore function📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28811 ‼
📖 Read
via "National Vulnerability Database".
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could utilize an improper input validation on an API-submitted parameter to execute arbitrary OS commands.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28815 ‼
📖 Read
via "National Vulnerability Database".
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy server was discovered to contain a SQL injection vulnerability allowing an attacker to query other tables of the Sentilo service.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43980 ‼
📖 Read
via "National Vulnerability Database".
The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28814 ‼
📖 Read
via "National Vulnerability Database".
Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 was discovered to be vulnerable to a relative path traversal vulnerability which enables remote attackers to read arbitrary files and gain full control of the device.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28812 ‼
📖 Read
via "National Vulnerability Database".
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain SuperUser access to the device.📖 Read
via "National Vulnerability Database".
🕴 The Countdown to DORA 🕴
📖 Read
via "Dark Reading".
With provisional agreement reached on the Digital Operational Resilience Act, the clock is now ticking for banks and information and communications technology (ICT) services companies with European operations. Here's what you need to know.📖 Read
via "Dark Reading".
Dark Reading
The Countdown to DORA
With provisional agreement reached on the Digital Operational Resilience Act, the clock is now ticking for banks and information and communications technology (ICT) services companies with European operations. Here's what you need to know.
🕴 Chaos Malware Resurfaces With All-New DDoS & Cryptomining Modules 🕴
📖 Read
via "Dark Reading".
The previously identified ransomware builder has veered in an entirely new direction, targeting consumers and business of all sizes by exploiting known CVEs through brute-forced and/or stolen SSH keys.📖 Read
via "Dark Reading".
Dark Reading
Chaos Malware Resurfaces With All-New DDoS & Cryptomining Modules
The previously identified ransomware builder has veered in an entirely new direction, targeting consumers and business of all sizes by exploiting known CVEs through brute-forced and/or stolen SSH keys.
🔏 Data Protection – Are We Focused on the Correct Areas? 🔏
📖 Read
via "".
How do you deploy a strategy for the data loss you can't see? The breaches you don't hear about? Our Wade Barisoff draws parallels between WWII airplanes and data protection to find the answer.📖 Read
via "".
‼ CVE-2022-39236 ‼
📖 Read
via "National Vulnerability Database".
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer. This is patched in matrix-js-sdk v19.7.0. Redacting applicable events, waiting for the sync processor to store data, and restarting the client are possible workarounds. Alternatively, redacting the applicable events and clearing all storage will fix the further perceived issues. Downgrading to an unaffected version, noting that such a version may be subject to other vulnerabilities, will additionally resolve the issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36771 ‼
📖 Read
via "National Vulnerability Database".
IBM QRadar User Behavior Analytics could allow an authenticated user to obtain sensitive information from that they should not have access to. IBM X-Force ID: 232791.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36448 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. There is an SMM memory corruption vulnerability in the Software SMI handler in the PnpSmm driver.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3354 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been found in Open5GS up to 2.4.10 and classified as problematic. This vulnerability affects unknown code in the library lib/core/ogs-tlv-msg.c of the component UDP Packet Handler. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-209686 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35722 ‼
📖 Read
via "National Vulnerability Database".
IBM Jazz for Service Management is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231381.📖 Read
via "National Vulnerability Database".