βΌ CVE-2022-46402 βΌ
π Read
via "National Vulnerability Database".
The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PairCon_rmSend with incorrect values.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46401 βΌ
π Read
via "National Vulnerability Database".
The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PauseEncReqPlainText before pairing is complete.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46403 βΌ
π Read
via "National Vulnerability Database".
The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) mishandles reject messages.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44108 βΌ
π Read
via "National Vulnerability Database".
pdftojson commit 94204bb was discovered to contain a stack overflow via the component Object::copy(Object*):Object.cc.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3752 βΌ
π Read
via "National Vulnerability Database".
An unauthorized user could use a specially crafted sequence of Ethernet/IP messages, combined with heavy traffic load to cause a denial-of-service condition resulting in a denial-of-service condition. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online and continue normal operation.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46399 βΌ
π Read
via "National Vulnerability Database".
The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) is unresponsive with ConReqTimeoutZero.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46400 βΌ
π Read
via "National Vulnerability Database".
The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) allows attackers to bypass passkey entry in legacy pairing.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47551 βΌ
π Read
via "National Vulnerability Database".
Apiman 1.5.7 through 2.2.3.Final has insufficient checks for read permissions within the Apiman Manager REST API. The root cause of the issue is the Apiman project's accidental acceptance of a large contribution that was not fully compatible with the security model of Apiman versions before 3.0.0.Final. Because of this, 3.0.0.Final is not affected by the vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44109 βΌ
π Read
via "National Vulnerability Database".
pdftojson commit 94204bb was discovered to contain a stack overflow via the component Stream::makeFilter(char*, Stream*, Object*, int).π Read
via "National Vulnerability Database".
βοΈ Hacked Ring Cams Used to Record Swatting Victims βοΈ
π Read
via "Krebs on Security".
Two U.S. men have been charged with hacking into the Ring home security cameras of a dozen random people and then "swatting" them -- falsely reporting a violent incident at the target's address to trick local police into responding with force. Prosecutors say the duo used the compromised Ring devices to stream live video footage on social media of police raiding their targets' homes, and to taunt authorities when they arrived.π Read
via "Krebs on Security".
Krebs on Security
Hacked Ring Cams Used to Record Swatting Victims
Two U.S. men have been charged with hacking into the Ring home security cameras of a dozen random people and then "swatting" them -- falsely reporting a violent incident at the target's address to trick local police into responding withβ¦
π1
βΌ CVE-2022-25904 βΌ
π Read
via "National Vulnerability Database".
All versions of package safe-eval are vulnerable to Prototype Pollution which allows an attacker to add or modify properties of the Object.prototype.Consolidate when using the function safeEval. This is because the function uses vm variable, leading an attacker to modify properties of the Object.prototype.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25171 βΌ
π Read
via "National Vulnerability Database".
The package p4 before 0.0.7 are vulnerable to Command Injection via the run() function due to improper input sanitizationπ Read
via "National Vulnerability Database".
βΌ CVE-2022-25940 βΌ
π Read
via "National Vulnerability Database".
All versions of package lite-server are vulnerable to Denial of Service (DoS) when an attacker sends an HTTP request and includes control characters that the decodeURI() function is unable to parse.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47578 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Despite configuring complete restrictions on USB pendrives, USB HDD devices, memory cards, USB connections to mobile devices, etc., it is still possible to bypass the USB restrictions by booting into Safe Mode. This allows a file to be exchanged outside the laptop/system. Safe Mode can be launched by any user (even without admin rights). Data exfiltration can occur, and also malware might be introduced onto the system.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25931 βΌ
π Read
via "National Vulnerability Database".
All versions of package easy-static-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47577 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Despite configuring complete restrictions on USB pendrives, USB HDD devices, memory cards, USB connections to mobile devices, etc., it is still possible to bypass the USB restrictions by making use of a virtual machine (VM). This allows a file to be exchanged outside the laptop/system. VMs can be created by any user (even without admin rights). The data exfiltration can occur without any record in the audit trail of Windows events on the host machine.π Read
via "National Vulnerability Database".
ποΈ Akamai wrestles with AWS S3 web cache poisoning bug ποΈ
π Read
via "The Daily Swig".
Definitive solution is βnon-trivialβ since behavior arises from customers processing non-RFC compliant requestsπ Read
via "The Daily Swig".
βΌ CVE-2022-46421 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 5.0.0.π Read
via "National Vulnerability Database".
π GNU Privacy Guard 2.4.0 π
π Read
via "Packet Storm Security".
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.π Read
via "Packet Storm Security".
Packetstormsecurity
GNU Privacy Guard 2.4.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π GNU Privacy Guard 2.2.41 π
π Read
via "Packet Storm Security".
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions. This is the LTS release.π Read
via "Packet Storm Security".
Packetstormsecurity
GNU Privacy Guard 2.2.41 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Protecting Hospital Networks From 'Code Dark' Scenarios π΄
π Read
via "Dark Reading".
Asset inventory, behavioral baselining, and automated response are all key to keeping patients healthy and safe. π Read
via "Dark Reading".
Dark Reading
Protecting Hospital Networks From 'Code Dark' Scenarios
Asset inventory, behavioral baselining, and automated response are all key to keeping patients healthy and safe.