#rce

CVE-2022-38765: Canon Medical Software Security Updates

Canon Medical Informatics Vitrea Vision 7.7.76.1 does not adequately enforce access controls. An authenticated user is able to gain unauthorized access to imaging records by tampering with the vitrea-view/studies/search patientId parameter.

Red Hat Security Advisory 2022-8902-01

Red Hat Security Advisory 2022-8902-01 - This release of Camel for Spring Boot 3.18.3 serves as a replacement for Camel for Spring Boot 3.14.2 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References. Issues addressed include a denial of service vulnerability.

3 years ago

Packet Storm

Open in Source

#vulnerability #red_hat #dos #apache #rce

Breaking the silence - Recent Truebot activity

Since August 2022, we have seen an increase in infections of Truebot (aka Silence.Downloader) malware. Truebot was first identified in 2017 and researchers have linked it to a threat actor called Silence Group that is responsible for several high-impact attacks on financial institutions in several countries around the world.

3 years ago

TALOS

Open in Source

#sql #vulnerability #web #mac #windows #google #microsoft #cisco #php #c++#rce #samba #botnet #auth

Phishing in the Cloud: We're Gonna Need a Bigger Boat

SasS security is everyone's problem.

3 years ago

DARKReading

Open in Source

#web #mac #git #intel #rce #auth

NodeBB prototype pollution flaw could lead to account takeover

‘Not a prototype pollution vulnerability as you might normally understand it’

3 years ago

PortSwigger

Open in Source

#vulnerability #web #nodejs #js #java #rce #auth

RHSA-2022:8902: Red Hat Security Advisory: Red Hat Camel for Spring Boot 3.18.3 release and security update

A minor version update (from 3.14.5 to 3.18.3) is now available for Camel for Spring Boot. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25897: sdk-server: Denial of Service * CVE-2022-31684: reactor-netty-http: Log request headers in some cases of invalid HTTP requests * CVE-2022-42889: apache-commons-text: variable interpolation RCE

3 years ago

Red Hat Security Data

Open in Source

#vulnerability #web #linux #red_hat #dos #apache #nodejs #js #java #kubernetes #rce #aws

Android Serves Up a Slew of Security Updates, 4 Critical

Out of more than 80 flaws fixed this month, the most critical was a system component bug that could allow RCE over Bluetooth.

3 years ago

DARKReading

Open in Source

#vulnerability #android #google #rce

CVE-2022-44373: vulner-box/README.md at master · johnawm/vulner-box

A stack overflow vulnerability exists in TrendNet Wireless AC Easy-Upgrader TEW-820AP (Version v1.0R, firmware version 1.01.B01) which may result in remote code execution.

3 years ago

CVE

Open in Source

#vulnerability #web #dos #rce #buffer_overflow

CVE-2022-45550: AyaCMS has an Unauthorized Remote Code Execution Vulnerability

AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE).

3 years ago

CVE

Open in Source

#vulnerability #php #rce #auth

CVE-2022-44371: There is a deserialization vulnerability that can cause RCE · Issue #83 · java-aodeng/hope-boot

hope-boot 1.0.0 has a deserialization vulnerability that can cause Remote Code Execution (RCE).