βΌ CVE-2022-20474 βΌ
π Read
via "National Vulnerability Database".
In readLazyValue of Parcel.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-240138294π Read
via "National Vulnerability Database".
βΌ CVE-2022-45937 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions < V3.5.5), APOGEE PXC Series (P2 Ethernet) (All versions < V2.8.20), TALON TC Series (BACnet) (All versions < V3.5.5). A low privilege authenticated attacker with network access to the integrated web server could download sensitive information from the device containing user account credentials.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44636 βΌ
π Read
via "National Vulnerability Database".
The Samsung TV (2021 and 2022 model) smart remote control allows attackers to enable microphone access via Bluetooth spoofing when a user is activating remote control by pressing a button. This is fixed in xxx72510, E9172511 for 2021 models, xxxA1000, 4x2A0200 for 2022 models.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43517 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Simcenter STAR-CCM+ (All versions). The affected application improperly assigns file permissions to installation folders. This could allow a local attacker with an unprivileged account to override or modify the service executables and subsequently gain elevated privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20483 βΌ
π Read
via "National Vulnerability Database".
In several functions that parse avrc response in avrc_pars_ct.cc and related files, there are possible out of bounds reads due to integer overflows. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242459126π Read
via "National Vulnerability Database".
βΌ CVE-2022-31699 βΌ
π Read
via "National Vulnerability Database".
VMware ESXi contains a heap-overflow vulnerability. A malicious local actor with restricted privileges within a sandbox process may exploit this issue to achieve a partial information disclosure.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33238 βΌ
π Read
via "National Vulnerability Database".
Transient DOS due to loop with unreachable exit condition in WLAN while processing an incoming FTM frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networkingπ Read
via "National Vulnerability Database".
βΌ CVE-2022-31697 βΌ
π Read
via "National Vulnerability Database".
The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can access plaintext passwords used during that operation.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41288 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains stack exhaustion vulnerability when parsing a CGM file. An attacker could leverage this vulnerability to crash the application causing denial of service condition.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41280 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20240 βΌ
π Read
via "National Vulnerability Database".
In sOpAllowSystemRestrictionBypass of AppOpsManager.java, there is a possible leak of location information due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-231496105π Read
via "National Vulnerability Database".
βΌ CVE-2022-46355 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). The affected products are vulnerable to an "Exposure of Sensitive Information to an Unauthorized Actor" vulnerability by leaking sensitive data in the HTTP Referer.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46348 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted X_B files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19383)π Read
via "National Vulnerability Database".
βΌ CVE-2022-43722 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software does not properly secure a folder containing library files. This could allow an attacker to place a custom malicious DLL in this folder which is then run with SYSTEM rights when a service is started that requires this DLL. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions.π Read
via "National Vulnerability Database".
π΄ Security Flaw in Atlassian Products Affecting Multiple Companies π΄
π Read
via "Dark Reading".
Jira, Confluence,Trello, and BitBucket affected.π Read
via "Dark Reading".
Dark Reading
Security Flaw in Atlassian Products Affecting Multiple Companies
Jira, Confluence,Trello, and BitBucket affected.
β COVID-bit: the wireless spyware trick with an unfortunate name β
π Read
via "Naked Security".
It's not the switching that's the problem, it's the switching of the switching!π Read
via "Naked Security".
Naked Security
COVID-bit: the wireless spyware trick with an unfortunate name
Itβs not the switching thatβs the problem, itβs the switching of the switching!
π΄ Accelerating Vulnerability Identification and Remediation π΄
π Read
via "Dark Reading".
Software teams can now fix bugs faster with faster release cycles, but breach pressure is increasing. Using SBoM and automation will help better detect, prevent, and remediate security issues throughout the software development life cycle.π Read
via "Dark Reading".
Dark Reading
Accelerating Vulnerability Identification and Remediation
Software teams can now fix bugs faster with faster release cycles, but breach pressure is increasing. Using SBOM and automation will help better detect, prevent, and remediate security issues throughout the software development life cycle.
π΄ Citrix ADC, Gateway Users Race Against Hackers to Patch Critical Flaw π΄
π Read
via "Dark Reading".
Citrix issues a critical update as NSA warns that the APT5 threat group is actively trying to target ADC environments.π Read
via "Dark Reading".
Dark Reading
Citrix ADC, Gateway Users Race Against Hackers to Patch Critical Flaw
Citrix issues a critical update as NSA warns that the APT5 threat group is actively trying to target ADC environments.
βΌ CVE-2022-46062 βΌ
π Read
via "National Vulnerability Database".
Gym Management System v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF).π Read
via "National Vulnerability Database".
βΌ CVE-2022-45028 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in Arris NVG443B 9.3.0h3d36 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request sent to /cgi-bin/logs.ha.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4454 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in m0ver bible-online. Affected by this issue is the function query of the file src/main/java/custom/application/search.java of the component Search Handler. The manipulation leads to sql injection. The name of the patch is 6ef0aabfb2d4ccd53fcaa9707781303af357410e. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215444.π Read
via "National Vulnerability Database".