Security
Headlines
HeadlinesLatestCVEs

Tag

#rce

CVE-2022-20797: Cisco Security Advisory: Cisco Secure Network Analytics Remote Code Execution Vulnerability

A vulnerability in the web-based management interface of Cisco Secure Network Analytics, formerly Cisco Stealthwatch Enterprise, could allow an authenticated, remote attacker to execute arbitrary commands as an administrator on the underlying operating system. This vulnerability is due to insufficient user input validation by the web-based management interface of the affected software. An attacker could exploit this vulnerability by injecting arbitrary commands in the web-based management interface. A successful exploit could allow the attacker to make configuration changes on the affected device or cause certain services to restart unexpectedly.

CVE
Open in Source
#vulnerability#web#cisco#rce#perl#auth
Critical Flaws in Popular ICS Platform Can Trigger RCE

Cisco Talos discovered eight vulnerabilities in the Open Automation Software, two of them critical, that pose risk for critical infrastructure networks.

Microsoft Patch Tuesday May 2022: Edge RCE, PetitPotam LSA Spoofing, bad patches

Hello everyone! This episode will be about Microsoft Patch Tuesday for May 2022. Sorry for the delay, this month has been quite intense. As usual, I’m using my Vulristics project and going through not only the vulnerabilities that were presented on May 10th, but all the MS vulnerabilities presented by Microsoft since the previous Patch […]

Threat Source newsletter (May 26, 2022) — BlackByte adds itself to the grocery list of big game hunters

By Jon Munshaw.  Welcome to this week’s edition of the Threat Source newsletter.  Given the recent tragedies in the U.S., I don’t feel it’s appropriate to open by being nostalgic or trying to be witty — let’s just stick to some security news this week.    The one big... [[ This is only the beginning! Please visit the blog for the complete entry ]]

CVE-2022-30472: VulnRepo/IoT/Tenda/1 at master · lcyfrank/VulnRepo

Tenda AC Seris Router AC18_V15.03.05.19(6318) has a stack-based buffer overflow vulnerability in function fromAddressNat

CVE-2022-30477: VulnRepo/IoT/Tenda/4 at master · lcyfrank/VulnRepo

Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetClientState request.

CVE-2022-30476: VulnRepo/IoT/Tenda/6 at master · lcyfrank/VulnRepo

Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetFirewallCfg request.

CVE-2022-30474: VulnRepo/IoT/Tenda/5 at master · lcyfrank/VulnRepo

Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a heap overflow in the httpd module when handling /goform/saveParentControlInfo request.

qdPM 9.1 Remote Code Execution

qdPM version 9.1 authenticated remote code execution exploit that leverages a path traversal.

CVE-2022-26082: TALOS-2022-1493 || Cisco Talos Intelligence Group

A file write vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.