βΌ CVE-2022-31696 βΌ
π Read
via "National Vulnerability Database".
VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. A malicious actor with local access to ESXi may exploit this issue to corrupt memory leading to an escape of the ESXi sandbox.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33235 βΌ
π Read
via "National Vulnerability Database".
Information disclosure due to buffer over-read in WLAN firmware while parsing security context info attributes. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networkingπ Read
via "National Vulnerability Database".
βΌ CVE-2022-20477 βΌ
π Read
via "National Vulnerability Database".
In shouldHideNotification of KeyguardNotificationVisibilityProvider.kt, there is a possible way to show hidden notifications due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-241611867π Read
via "National Vulnerability Database".
βΌ CVE-2022-20486 βΌ
π Read
via "National Vulnerability Database".
In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703118π Read
via "National Vulnerability Database".
βΌ CVE-2022-4223 βΌ
π Read
via "National Vulnerability Database".
The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. The utility is executed by the server to determine what PostgreSQL version it is from. Versions of pgAdmin prior to 6.17 failed to properly secure this API, which could allow an unauthenticated user to call it with a path of their choosing, such as a UNC path to a server they control on a Windows machine. This would cause an appropriately named executable in the target path to be executed by the pgAdmin server.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20474 βΌ
π Read
via "National Vulnerability Database".
In readLazyValue of Parcel.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-240138294π Read
via "National Vulnerability Database".
βΌ CVE-2022-45937 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions < V3.5.5), APOGEE PXC Series (P2 Ethernet) (All versions < V2.8.20), TALON TC Series (BACnet) (All versions < V3.5.5). A low privilege authenticated attacker with network access to the integrated web server could download sensitive information from the device containing user account credentials.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44636 βΌ
π Read
via "National Vulnerability Database".
The Samsung TV (2021 and 2022 model) smart remote control allows attackers to enable microphone access via Bluetooth spoofing when a user is activating remote control by pressing a button. This is fixed in xxx72510, E9172511 for 2021 models, xxxA1000, 4x2A0200 for 2022 models.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43517 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Simcenter STAR-CCM+ (All versions). The affected application improperly assigns file permissions to installation folders. This could allow a local attacker with an unprivileged account to override or modify the service executables and subsequently gain elevated privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20483 βΌ
π Read
via "National Vulnerability Database".
In several functions that parse avrc response in avrc_pars_ct.cc and related files, there are possible out of bounds reads due to integer overflows. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242459126π Read
via "National Vulnerability Database".
βΌ CVE-2022-31699 βΌ
π Read
via "National Vulnerability Database".
VMware ESXi contains a heap-overflow vulnerability. A malicious local actor with restricted privileges within a sandbox process may exploit this issue to achieve a partial information disclosure.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33238 βΌ
π Read
via "National Vulnerability Database".
Transient DOS due to loop with unreachable exit condition in WLAN while processing an incoming FTM frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networkingπ Read
via "National Vulnerability Database".
βΌ CVE-2022-31697 βΌ
π Read
via "National Vulnerability Database".
The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can access plaintext passwords used during that operation.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41288 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains stack exhaustion vulnerability when parsing a CGM file. An attacker could leverage this vulnerability to crash the application causing denial of service condition.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41280 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20240 βΌ
π Read
via "National Vulnerability Database".
In sOpAllowSystemRestrictionBypass of AppOpsManager.java, there is a possible leak of location information due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-231496105π Read
via "National Vulnerability Database".
βΌ CVE-2022-46355 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). The affected products are vulnerable to an "Exposure of Sensitive Information to an Unauthorized Actor" vulnerability by leaking sensitive data in the HTTP Referer.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46348 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted X_B files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19383)π Read
via "National Vulnerability Database".
βΌ CVE-2022-43722 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software does not properly secure a folder containing library files. This could allow an attacker to place a custom malicious DLL in this folder which is then run with SYSTEM rights when a service is started that requires this DLL. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions.π Read
via "National Vulnerability Database".
π΄ Security Flaw in Atlassian Products Affecting Multiple Companies π΄
π Read
via "Dark Reading".
Jira, Confluence,Trello, and BitBucket affected.π Read
via "Dark Reading".
Dark Reading
Security Flaw in Atlassian Products Affecting Multiple Companies
Jira, Confluence,Trello, and BitBucket affected.
β COVID-bit: the wireless spyware trick with an unfortunate name β
π Read
via "Naked Security".
It's not the switching that's the problem, it's the switching of the switching!π Read
via "Naked Security".
Naked Security
COVID-bit: the wireless spyware trick with an unfortunate name
Itβs not the switching thatβs the problem, itβs the switching of the switching!