βΌ CVE-2022-32515 βΌ
π Read
via "National Vulnerability Database".
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause brute force attacks to take over the admin account when the product does not implement a rate limit mechanism on the admin authentication form. Affected Products: ConextΓ’βΒ’ ComBox (All Versions)π Read
via "National Vulnerability Database".
βΌ CVE-2022-45897 βΌ
π Read
via "National Vulnerability Database".
On Xerox WorkCentre 3550 25.003.03.000 devices, an authenticated attacker can view the SMB server settings and can obtain the stored cleartext credentials associated with those settings.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48175 βΌ
π Read
via "National Vulnerability Database".
Rukovoditel v3.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the component /rukovoditel/index.php?module=dashboard/ajax_request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48176 βΌ
π Read
via "National Vulnerability Database".
Netgear routers R7000P before v1.3.3.154, R6900P before v1.3.3.154, R7960P before v1.4.4.94, and R8000P before v1.4.4.94 were discovered to contain a pre-authentication stack overflow.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32527 βΌ
π Read
via "National Vulnerability Database".
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted alarm cache data messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)π Read
via "National Vulnerability Database".
βΌ CVE-2022-32528 βΌ
π Read
via "National Vulnerability Database".
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause access to manipulate and read files in the IGSS project report directory when an attacker sends specific messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)π Read
via "National Vulnerability Database".
βΌ CVE-2022-32747 βΌ
π Read
via "National Vulnerability Database".
A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the local network. Affected Products: EcoStruxureΓ’βΒ’ Cybersecurity Admin Expert (CAE) (Versions prior to 2.2)π Read
via "National Vulnerability Database".
βΌ CVE-2022-32514 βΌ
π Read
via "National Vulnerability Database".
A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to gain control of the device when logging into a web page. Affected Products: C-Bus Network Automation Controller - LSS5500NAC (Versions prior to V1.10.0), Wiser for C-Bus Automation Controller - LSS5500SHAC (Versions prior to V1.10.0), Clipsal C-Bus Network Automation Controller - 5500NAC (Versions prior to V1.10.0), Clipsal Wiser for C-Bus Automation Controller - 5500SHAC (Versions prior to V1.10.0), SpaceLogic C-Bus Network Automation Controller - 5500NAC2 (Versions prior to V1.10.0), SpaceLogic C-Bus Application Controller - 5500AC2 (Versions prior to V1.10.0)π Read
via "National Vulnerability Database".
βΌ CVE-2022-32524 βΌ
π Read
via "National Vulnerability Database".
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted time reduced data messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)π Read
via "National Vulnerability Database".
βΌ CVE-2022-22731 βΌ
π Read
via "National Vulnerability Database".
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in a function that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause path traversal attacks. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22)π Read
via "National Vulnerability Database".
βΌ CVE-2022-40258 βΌ
π Read
via "National Vulnerability Database".
AMI Megarac Weak password hashes for Redfish & APIπ Read
via "National Vulnerability Database".
βΌ CVE-2022-4898 βΌ
π Read
via "National Vulnerability Database".
In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link. This was initially resolved in advisory 2022-07 however it was identified that the fix could be bypassed in certain circumstances. A different approach was taken to prevent the possibility of the support link being susceptible to XSSπ Read
via "National Vulnerability Database".
βΌ CVE-2022-44897 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in ApolloTheme AP PageBuilder component through 2.4.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the show_number parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25881 βΌ
π Read
via "National Vulnerability Database".
This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21129 βΌ
π Read
via "National Vulnerability Database".
Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. **Note:** In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30421 βΌ
π Read
via "National Vulnerability Database".
Improper Authentication vulnerability in Toshiba Storage Security Software V1.2.0.7413 is that allows for sensitive information to be obtained via(local) password authentication module.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25979 βΌ
π Read
via "National Vulnerability Database".
Versions of the package jsuites before 5.0.1 are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization in the Editor() function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4441 βΌ
π Read
via "National Vulnerability Database".
Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.9.0 before 04.9.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4041 βΌ
π Read
via "National Vulnerability Database".
Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.1.π Read
via "National Vulnerability Database".
β Serious Security: The Samba logon bug caused by outdated crypto β
π Read
via "Naked Security".
Enjoy our Serious Security deep dive into this real-world example of why cryptographic agility is important!π Read
via "Naked Security".
Naked Security
Serious Security: The Samba logon bug caused by outdated crypto
Enjoy our Serious Security deep dive into this real-world example of why cryptographic agility is important!
βΌ CVE-2022-39060 βΌ
π Read
via "National Vulnerability Database".
ChangingTech MegaServiSignAdapter component has a vulnerability of improper input validation. An unauthenticated remote attacker can exploit this vulnerability to access and modify HKEY_CURRENT_USER subkey (ex: AutoRUN) in Registry where malicious scripts can be executed to take control of the system or to terminate the service.π Read
via "National Vulnerability Database".
π1