Security
Headlines
HeadlinesLatestCVEs

Tag

#ssh

CVE-2022-40282: security-assurance

The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection. This allows an authenticated attacker to pass commands to the shell of the system because the dir parameter of the FsCreateDir Ajax function is not sufficiently sanitized. The vendor's ID is BSECV-2022-21.

CVE
Open in Source
#vulnerability#web#ios#dos#java#rce#buffer_overflow#auth#ssh#ssl
CVE-2022-44140: jizhicms v2.3.3 has a vulnerability, SQL injection · Issue #81 · Cherry-toto/jizhicms

Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /Member/memberedit.html component.

CVE-2022-39397: fix(auth): Prevent secret exposure · tu6ge/oss-rs@e4553f7

aliyun-oss-client is a rust client for Alibaba Cloud OSS. Users of this library will be affected, the incoming secret will be disclosed unintentionally. This issue has been patched in version 0.8.1.

CVE-2022-40228: IBM DataPower Gateway does not invalidate active sessions on a password change (CVE-2022-40228)

IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through 2018.4.1.22, and 10.5.0.0 through 10.5.0.2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 235527.

CVE-2022-41939: func/builder.go at 5ca77d38744d3481cc0b795f607c5859b19588fc · knative/func

knative.dev/func is is a client library and CLI enabling the development and deployment of Kubernetes functions. Developers using a malicious or compromised third-party buildpack could expose their registry credentials or local docker socket to a malicious `lifecycle` container. This issues has been patched in PR #1442, and is part of release 1.8.1. This issue only affects users who are using function buildpacks from third-parties; pinning the builder image to a specific content-hash with a valid `lifecycle` image will also mitigate the attack.

CVE-2022-43492: Comments – wpDiscuz

Auth. (subscriber+) Insecure Direct Object References (IDOR) vulnerability in Comments – wpDiscuz plugin 7.4.2 on WordPress.

Red Hat Security Advisory 2022-8506-01

Red Hat Security Advisory 2022-8506-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include code execution, cross site scripting, denial of service, remote SQL injection, and traversal vulnerabilities.

New RapperBot malware targets gaming servers with DDoS attacks

By Deeba Ahmed RapperBot malware is known for brute-forcing SSH servers that can accept password authentication. This is a post from HackRead.com Read the original post: New RapperBot malware targets gaming servers with DDoS attacks

Red Hat Security Advisory 2022-8008-01

Red Hat Security Advisory 2022-8008-01 - The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. Issues addressed include denial of service and information leakage vulnerabilities.