Security
Headlines
HeadlinesLatestCVEs

Tag

#ssh

CVE-2022-34102: Crestron Electronics, Inc.

Insufficient access control vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can pause the uninstallation of an executable to gain a SYSTEM level command prompt.

CVE
#vulnerability#web#windows#dos#apache#js#java#rce#perl#ldap#pdf#log4j#buffer_overflow#auth#ssh
CVE-2022-35582: WAPPLES Web Application Firewall Multiple Vulnerabilities

Penta Security Systems Inc WAPPLES 4.0.*, 5.0.0.*, 5.0.12.* are vulnerable to Incorrect Access Control. The operating system that WAPPLES runs on has a built-in non-privileged user penta with a predefined password. The password for this user, as well as its existence, is not disclosed in the documentation. Knowing the credentials, attackers can use this feature to gain uncontrolled access to the device and therefore are considered an undocumented possibility for remote control.

Red Hat Security Advisory 2022-6432-01

Red Hat Security Advisory 2022-6432-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a privilege escalation vulnerability.

CVE-2022-36101: Shopware 5 - Security Updates

Shopware is an open source e-commerce software. In affected versions the request for the customer detail view in the backend administration contained sensitive data like the hashed password and the session ID. These fields are now explicitly unset in version 5.7.15. Users are advised to update and may get the update either via the Auto-Updater or directly via the download overview. There are no known workarounds for this issue.

Shadow IT and shadow IoT

Can an IoT coffee maker leak company secrets? Where do you put the 'S' in 'IoT'? Join Alison Naylor, Senior Manager for Information Security at Red Hat, in this episode of Security Detail as she discusses the importance of securing IoT devices and how to proceed with caution.

CVE-2022-26049: Snyk Vulnerability Database | Snyk

This affects the package com.diffplug.gradle:goomph before 3.37.2. It allows a malicious zip file to potentially break out of the expected destination directory, writing contents into arbitrary locations on the file system. Overwriting certain files/directories could allow an attacker to achieve remote code execution on a target system by exploiting this vulnerability. **Note:** This could have allowed a malicious zip file to extract itself into an arbitrary directory. The only file that Goomph extracts is the p2 bootstrapper and eclipse metadata files hosted at eclipse.org, which are not malicious, so the only way this vulnerability could have affected you is if you had set a custom bootstrap zip, and that zip was malicious.

8 Online Best Dark Web Search Engines for Tor Browser (2022)

By Waqas When it comes to the best dark web search engines, first and foremost, you want a search engine that is private and secure, as well as one that can be used anonymously. This is a post from HackRead.com Read the original post: 8 Online Best Dark Web Search Engines for Tor Browser (2022)

CVE-2022-38266: While processing, division by zero causes an arithmetic exception · Issue #3498 · tesseract-ocr/tesseract

An issue in the Leptonica linked library (v1.79.0) in Tesseract v5.0.0 allows attackers to cause an arithmetic exception leading to a Denial of Service (DoS) via a crafted JPEG file.

U.S. Seizes Cryptocurrency Worth $30 Million Stolen by North Korean Hackers

More than $30 million worth of cryptocurrency plundered by the North Korea-linked Lazarus Group from online video game Axie Infinity has been recovered, marking the first time digital assets stolen by the threat actor have been seized. "The seizures represent approximately 10% of the total funds stolen from Axie Infinity (accounting for price differences between time stolen and seized), and