What Is IoT Security And Why Its Important?
What is IoT Security? IoT (Internet of Things) is a recent technology at least in the domestic sector. It comprises
CVE-2022-21941 : SENSORMATIC ISTAR ULTRA UP TO 6.8.9 COMMAND INJECTION
Description All versions of iSTAR Ultra prior to version 6.8.9.CU01are vulnerable to a command injection that could allow an unauthenticated
What Is 2FA And Why Do We Need It?
What is 2FA? 2FA stands for Two Factor Authentication and has become a near requirement for securing user accounts on
CVE-2022-34374 : DELL CONTAINER STORAGE MODULES 1.2 GOISCSI/GOBRICK OS COMMAND INJECTION
Description Dell Container Storage Modules 1.2 contains an OS command injection in goiscsi and gobrick libraries. A remote authenticated malicious
What is CASB? How to integrate CASB with WAF?
What is a Cloud Access Security Brokers (CASB)? CASB is the acronym for Cloud Access Security Brokers. A CASB is
CVE-2022-36554 : HYTEC INTER HWL-2511-SS UP TO 1.05 COMMAND LINE INTERFACE COMMAND INJECTION
Description A command injection vulnerability in the CLI (Command Line Interface) implementation of Hytec Inter HWL-2511-SS v1.05 and below allows
CVE-2022-34668 : NVIDIA NVFLARE UP TO 2.1.3 PICKLE DESERIALIZATION
Description NVFLARE, versions prior to 2.1.4, contains a vulnerability that deserialization of Untrusted Data due to Pickle usage may allow
CVE-2022-0168 : LINUX KERNEL COMMON INTERNET FILE SYSTEM FS/CIFS/SMB2OPS.C SMB2_IOCTL_QUERY_INFO NULL POINTER DEREFERENCE
Description A denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet
CVE-2022-20921 : CISCO ACI MULTI-SITE ORCHESTRATOR API IMPROPER AUTHORIZATION
Description A vulnerability in the API implementation of Cisco ACI Multi-Site Orchestrator (MSO) could allow an authenticated, remote attacker to
CVE-2022-2978 : LINUX KERNEL NILFS FILE SYSTEM INODE.C SECURITY_INODE_ALLOC USE AFTER FREE
Description A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers
CVE-2022-31676 : VMWARE TOOLS 10.X.Y/11.X.Y/12.0.0 ACCESS CONTROL
Description VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access
CVE-2022-2932 : BUSTLE MOBILEDOC-KIT UP TO 0.14.1 CROSS SITE SCRIPTING
Description Cross-site Scripting (XSS) – Reflected in GitHub repository bustle/mobiledoc-kit prior to 0.14.2 References https://huntr.dev/bounties/2-other-bustle/mobiledoc-kit https://github.com/bustle/mobiledoc-kit/commit/f3fdaa5352904fd2a0b4247ccb0dbf68aad43b5a For More Information MITRE
CVE-2022-30036 : MA LIGHTING GRANDMA2 LIGHT HARD-CODED CREDENTIALS
Description MA Lighting grandMA2 Light has a password of root for the root account. NOTE: The vendor’s position is that
CVE-2022-25899 : INTEL OPEN AMT CLOUD TOOLKIT UP TO 2.0.1/2.2.1 IMPROPER AUTHENTICATION
Description Authentication bypass for the Open AMT Cloud Toolkit software maintained by Intel(R) before versions 2.0.2 and 2.2.2 may allow
CVE-2022-28751 : ZOOM CLIENT FOR MEETINGS UP TO 5.11.2 ON MACOS PACKAGE SIGNATURE VERIFICATION
Description The Zoom Client for Meetings for MacOS (Standard and for IT Admin) before version 5.11.3 contains a vulnerability in
CVE-2022-1401 : DEVICE42 ASSET MANAGEMENT APPLIANCE PRIOR 18.01.00 WRIMAGERESOURCE.ADX ACCESS CONTROL
Description Improper Access Control vulnerability in the /Exago/WrImageResource.adx route as used in Device42 Asset Management Appliance allows an unauthenticated attacker
CVE-2022-36310 : AIRSPAN AIRVELOCITY 1500 PRIOR 15.18.00.2511 SNMPD INHERENTLY DANGEROUS FUNCTION
Description Airspan AirVelocity 1500 software prior to version 15.18.00.2511 had NET-SNMP-EXTEND-MIB enabled on its snmpd service, enabling an attacker with
CVE-2022-2814 : SOURCECODESTER SIMPLE AND NICE SHOPPING CART SCRIPT /MKSHOPE/LOGIN.PHP MSG CROSS SITE SCRIPTING
Description A vulnerability has been found in SourceCodester Simple and Nice Shopping Cart Script and classified as problematic. Affected by
CVE-2022-37397 : YUGABYTEDB 2.6.1 LDAP AUTHENTICATION CONFIG
Description An issue was discovered in the YugabyteDB 2.6.1 when using LDAP-based authentication in YCQL with Microsoft’s Active Directory. When
CVE-2022-28750 : ZOOM ON-PREMISE MEETING CONNECTOR ZONE CONTROLLER PRIOR 4.8.20220419.112 STUN ERROR CODE STACK-BASED OVERFLOW
Description Zoom On-Premise Meeting Connector Zone Controller (ZC) before version 4.8.20220419.112 fails to properly parse STUN error codes, which can
CVE-2022-2756 : KAREADITA KAVITA UP TO 0.5.4.0 SERVER-SIDE REQUEST FORGERY
Description Server-Side Request Forgery (SSRF) in GitHub repository kareadita/kavita prior to 0.5.4.1. References https://huntr.dev/bounties/95e7c181-9d80-4428-aebf-687ac55a9216 https://github.com/kareadita/kavita/commit/9c31f7e7c81b919923cb2e3857439ec0d16243e4 For More Information MITRE
CVE-2022-36801 : ATLASSIAN JIRA SERVER/JIRA DATA CENTER UP TO 8.20.7 TEAMMANAGEMENT.JSPA CROSS SITE SCRIPTING
Description Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript
CVE-2022-2355 : EASY USERNAME UPDATER PLUGIN UP TO 1.0.4 ON WORDPRESS CROSS-SITE REQUEST FORGERY
Description The Easy Username Updater WordPress plugin before 1.0.5 does not implement CSRF checks, which could allow attackers to make
CVE-2022-37452 : EXIM UP TO 4.94 ALIAS LIST HOST.C HOST_NAME_LOOKUP SENDER_HOST_NAME HEAP-BASED OVERFLOW
Description Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is