CVE-2022-21503 : ORACLE CLOUD SERVICES 3.1/4.9 INFORMATION DISCLOSURE

Description

Vulnerability in the Oracle Cloud Infrastructure product of Oracle Cloud Services. Easily exploitable vulnerability allows high privileged attacker with network access to compromise Oracle Cloud Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to Oracle Cloud Infrastructure accessible data. All affected customers were notified of CVE-2022-21503 by Oracle. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)

References

https://support.oracle.com/

For More Information

MITRE

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2022-2641 : HORNER AUTOMATION RCC 972 15.40 HARD-CODED KEY

CVE-2022-2641 : HORNER AUTOMATION RCC 972 15.40 HARD-CODED KEY

Description Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device. This could allow

CVE-2022-3270 : FESTO VTEM-S1 INSUFFICIENT TECHNICAL DOCUMENTATION

CVE-2022-3270 : FESTO VTEM-S1 INSUFFICIENT TECHNICAL DOCUMENTATION

Description In multiple products by Festo a remote unauthenticated attacker could use functions of an undocumented protocol which could lead

CVE-2022-4221 : ASUS NAS-M25 UP TO 1.0.1.7 COOKIE OS COMMAND INJECTION

CVE-2022-4221 : ASUS NAS-M25 UP TO 1.0.1.7 COOKIE OS COMMAND INJECTION

Description Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in Asus NAS-M25 allows an