βΌ CVE-2022-4364 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in Teledyne FLIR AX8 up to 1.46.16. Affected is an unknown function of the file palette.php of the component Web Service Handler. The manipulation of the argument palette leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-215118 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45506 βΌ
π Read
via "National Vulnerability Database".
Tenda W30E v1.0.1.25(633) was discovered to contain a command injection vulnerability via the fileNameMit parameter at /goform/delFileName.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38754 βΌ
π Read
via "National Vulnerability Database".
A potential vulnerability has been identified in Micro Focus Operations Bridge - Containerized. The vulnerability could be exploited by a malicious authenticated OBM (Operations Bridge Manager) user to run Java Scripts in the browser context of another OBM user. Please note: The vulnerability is only applicable if the Operations Bridge Manager capability is deployed. A potential vulnerability has been identified in Micro Focus Operations Bridge Manager (OBM). The vulnerability could be exploited by a malicious authenticated OBM user to run Java Scripts in the browser context of another OBM user. This issue affects: Micro Focus Micro Focus Operations Bridge Manager versions prior to 2022.11. Micro Focus Micro Focus Operations Bridge- Containerized versions prior to 2022.11.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45505 βΌ
π Read
via "National Vulnerability Database".
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the cmdinput parameter at /goform/exeCommand.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39904 βΌ
π Read
via "National Vulnerability Database".
Exposure of Sensitive Information vulnerability in Samsung Settings prior to SMR Dec-2022 Release 1 allows local attackers to access the Network Access Identifier via log.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45508 βΌ
π Read
via "National Vulnerability Database".
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the new_account parameter at /goform/editUserName.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4123 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45507 βΌ
π Read
via "National Vulnerability Database".
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the editNameMit parameter at /goform/editFileName.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45513 βΌ
π Read
via "National Vulnerability Database".
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/P2pListFilter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45512 βΌ
π Read
via "National Vulnerability Database".
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeEmailFilter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39895 βΌ
π Read
via "National Vulnerability Database".
Improper access control vulnerability in ContactListUtils in Phone prior to SMR Dec-2022 Release 1 allows to access contact group information via implicit intent.π Read
via "National Vulnerability Database".
β Credit card skimming β the long and winding road of supply chain failure β
π Read
via "Naked Security".
Don't keep calling home to a JavaScript server that closed its doors eight years ago!π Read
via "Naked Security".
Naked Security
Credit card skimming β the long and winding road of supply chain failure
Donβt keep calling home to a JavaScript server that closed its doors eight years ago!
βοΈ New Ransom Payment Schemes Target Executives, Telemedicine βοΈ
π Read
via "Krebs on Security".
Ransomware groups are constantly devising new methods for infecting victims and convincing them to pay up, but a couple of strategies tested recently seem especially devious. The first centers on targeting healthcare organizations that offer consultations over the Internet and sending them booby-trapped medical records for the "patient." The other involves carefully editing email inboxes of public company executives to make it appear that some were involved in insider trading.π Read
via "Krebs on Security".
Krebs on Security
New Ransom Payment Schemes Target Executives, Telemedicine
Ransomware groups are constantly devising new methods for infecting victims and convincing them to pay up, but a couple of strategies tested recently seem especially devious. The first centers on targeting healthcare organizations that offer consultationsβ¦
βΌ CVE-2022-38599 βΌ
π Read
via "National Vulnerability Database".
Teleport v3.2.2, Teleport v3.5.6-rc6, and Teleport v3.6.3-b2 was discovered to contain an information leak via the /user/get-role-list web interface.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40939 βΌ
π Read
via "National Vulnerability Database".
In certain Secustation products the administrator account password can be read. This affects V2.5.5.3116-S50-SMA-B20171107A, V2.3.4.1301-M20-TSA-B20150617A, V2.5.5.3116-S50-RXA-B20180502A, V2.5.5.3116-S50-SMA-B20190723A, V2.5.5.3116-S50-SMB-B20161012A, V2.3.4.2103-S50-NTD-B20170508B, V2.5.5.3116-S50-SMB-B20160601A, V2.5.5.2601-S50-TSA-B20151229A, and V2.5.5.3116-S50-SMA-B20170217.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46828 βΌ
π Read
via "National Vulnerability Database".
In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46825 βΌ
π Read
via "National Vulnerability Database".
In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46827 βΌ
π Read
via "National Vulnerability Database".
In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46824 βΌ
π Read
via "National Vulnerability Database".
In JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow in the fsnotifier daemon on macOS was possible.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46826 βΌ
π Read
via "National Vulnerability Database".
In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46831 βΌ
π Read
via "National Vulnerability Database".
In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators.π Read
via "National Vulnerability Database".