โผ CVE-2022-25837 โผ
๐ Read
via "National Vulnerability Database".
Bluetoothรยฎ Pairing in Bluetooth Core Specification v1.0B through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when at least one device supports BR/EDR Secure Connections pairing and the other BR/EDR Legacy PIN code pairing if the MITM negotiates BR/EDR Secure Simple Pairing in Secure Connections mode using the Passkey association model with the pairing Initiator and BR/EDR Legacy PIN code pairing with the pairing Responder and brute forces the Passkey entered by the user into the Responder as a 6-digit PIN code. The MITM attacker can use the identified PIN code value as the Passkey value to complete authentication with the Initiator via Bluetooth pairing method confusion.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-45756 โผ
๐ Read
via "National Vulnerability Database".
SENS v1.0 is vulnerable to Cross Site Scripting (XSS).๐ Read
via "National Vulnerability Database".
โผ CVE-2022-3485 โผ
๐ Read
via "National Vulnerability Database".
In IFM Moneo Appliance with version up to 1.9.3 an unauthenticated remote attacker can reset the administrator password by only supplying the serial number.๐ Read
via "National Vulnerability Database".
๐ด Trilio Raises $17M, Appoints Massood Zarrabian as CEO ๐ด
๐ Read
via "Dark Reading".
Funding and new leadership to drive innovation and growth in cloud-native application resiliency; round led by SKK Ventures with T-Mobile and Telefonica.๐ Read
via "Dark Reading".
Dark Reading
Trilio Raises $17M, Appoints Massood Zarrabian as CEO
Funding and new leadership to drive innovation and growth in cloud-native application resiliency; round led by SKK Ventures with T-Mobile and Telefonica.
โผ CVE-2022-37923 โผ
๐ Read
via "National Vulnerability Database".
Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-37925 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability within the web-based management interface of Aruba EdgeConnect Enterprise could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-37908 โผ
๐ Read
via "National Vulnerability Database".
An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. Successful exploitation can compromise the hardware chain of trust on the impacted controller.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-37912 โผ
๐ Read
via "National Vulnerability Database".
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-37897 โผ
๐ Read
via "National Vulnerability Database".
There is a command injection vulnerability that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-37900 โผ
๐ Read
via "National Vulnerability Database".
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-37922 โผ
๐ Read
via "National Vulnerability Database".
Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-3509 โผ
๐ Read
via "National Vulnerability Database".
A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-4244 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in yikes-inc-easy-mailchimp-extender Plugin up to 6.8.5. This affects an unknown part of the file admin/partials/ajax/add_field_to_form.php. The manipulation of the argument field_name/merge_tag/field_type/list_id leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 6.8.6 is able to address this issue. The name of the patch is 3662c6593aa1bb4286781214891d26de2e947695. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215307.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-37911 โผ
๐ Read
via "National Vulnerability Database".
Due to improper restrictions on XML entities multiple vulnerabilities exist in the command line interface of ArubaOS. A successful exploit could allow an authenticated attacker to retrieve files from the local system or cause the application to consume system resources, resulting in a denial of service condition.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-37902 โผ
๐ Read
via "National Vulnerability Database".
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-37898 โผ
๐ Read
via "National Vulnerability Database".
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-37919 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability exists in the API of Aruba EdgeConnect Enterprise. An unauthenticated attacker can exploit this condition via the web-based management interface to create a denial-of-service condition which prevents the appliance from properly responding to API requests in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below;๐ Read
via "National Vulnerability Database".
โผ CVE-2022-23511 โผ
๐ Read
via "National Vulnerability Database".
A privilege escalation issue exists within the Amazon CloudWatch Agent for Windows, software for collecting metrics and logs from Amazon EC2 instances and on-premises servers, in versions up to and including v1.247354. When users trigger a repair of the Agent, a pop-up window opens with SYSTEM permissions. Users with administrative access to affected hosts may use this to create a new command prompt as NT AUTHORITY\SYSTEM. To trigger this issue, the third party must be able to access the affected host and elevate their privileges such that theyรขโฌโขre able to trigger the agent repair process. They must also be able to install the tools required to trigger the issue. This issue does not affect the CloudWatch Agent for macOS or Linux. Agent users should upgrade to version 1.247355 of the CloudWatch Agent to address this issue. There is no recommended work around. Affected users must update the installed version of the CloudWatch Agent to address this issue.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-37903 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability exists that allows an authenticated attacker to overwrite an arbitrary file with attacker-controlled content via the web interface. Successful exploitation of this vulnerability could lead to full compromise the underlying host operating system.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-37920 โผ
๐ Read
via "National Vulnerability Database".
Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-4243 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability was found in claviska jquery-minicolors up to 2.3.5. It has been rated as problematic. Affected by this issue is some unknown functionality of the file jquery.minicolors.js. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 2.3.6 is able to address this issue. The name of the patch is ef134824a7f4110ada53ea6c173111a4fa2f48f3. It is recommended to upgrade the affected component. VDB-215306 is the identifier assigned to this vulnerability.๐ Read
via "National Vulnerability Database".