Security
Headlines
HeadlinesLatestCVEs

Tag

#acer

CVE-2022-38531: GitHub - SLoSnow9879/FPT-Router-RCE: G-97RG6M and G-97RG3 Remote Command Execution

FPT G-97RG6M R4.2.98.035 and G-97RG3 R4.2.43.078 are vulnerable to Remote Command Execution in the ping function.

CVE
Open in Source
#vulnerability#web#git#acer#auth
CVE-2022-37777: Phicomm_Router/Tracert_2.md at main · SLoSnow9879/Phicomm_Router

Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers 3.0.1.17 and earlier were discovered to contain a remote command execution (RCE) vulnerability via the trHops parameter of the tracert function.

CVE-2022-37780: Phicomm_Router/Tracert_1.md at main · SLoSnow9879/Phicomm_Router

Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution (RCE) vulnerability via the pingAddr parameter of the tracert function.

YouTube transparency report shows battle against misinformation

Categories: News Tags: YouTube Tags: transparency Tags: report Tags: misinformation Tags: cyberbullying Tags: child safety We take a look at YouTube's latest video removal statistics, including the fight to shut down misinformation. (Read more...) The post YouTube transparency report shows battle against misinformation appeared first on Malwarebytes Labs.

Cymulate Raises $70M Series D Funding for Continuous Security Posture Testing

Investor participation from prior round demonstrates confidence in the company's current and future performance.

CVE-2022-1632: Invalid Bug ID

An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinationCACertificate explicitly set to the default serviceCA skips internal Service TLS certificate validation. This flaw allows an attacker to exploit an invalid certificate, resulting in a loss of confidentiality.

CVE-2022-1632: Red Hat Customer Portal - Access to 24x7 support and knowledge

An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinationCACertificate explicitly set to the default serviceCA skips internal Service TLS certificate validation. This flaw allows an attacker to exploit an invalid certificate, resulting in a loss of confidentiality.

GHSA-56x4-j7p9-fcf9: Command Injection in moment-timezone

### Impact All versions of moment-timezone from 0.1.0 contain build tasks vulnerable to command injection. * if Alice uses tzdata pipeline to package moment-timezone on her own (for example via `grunt data:2014d`, where `2014d` stands for the version of the tzdata to be used from IANA's website), * and Alice let's Mallory select the version (`2014d` in our example), then Mallory can execute arbitrary commands on the machine running the grunt task, with the same privilege as the grunt task #### Am I affected? ##### Do you build custom versions of moment-timezone with grunt? If no, you're not affected. ##### Do you allow a third party to specify which particular version you want build? If yes, you're vulnerable to command injection -- third party may execute arbitrary commands on the system running grunt task with the same privileges as grunt task. ### Description #### Command Injection via grunt-zdownload.js and MITM on iana's ftp endpoint The `tasks/data-download.js` script t...

CVE-2022-36555: hytec-HWL-2511-SS.md

Hytec Inter HWL-2511-SS v1.05 and below implements a SHA512crypt hash for the root account which can be easily cracked via a brute-force attack.