Security
Headlines
HeadlinesLatestCVEs

Tag

#ericsson

CVE-2022-44213: ZKT Eco ADMS - Stored XSS

ZKTeco Xiamen Information Technology ZKBio ECO ADMS <=3.1-164 is vulnerable to Cross Site Scripting (XSS).

CVE
Open in Source
#xss#vulnerability#web#windows#git#ericsson#wifi
Red Hat Security Advisory 2022-8857-01

Red Hat Security Advisory 2022-8857-01 - Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson. Issues addressed include a bypass vulnerability.

RHSA-2022:8857: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2.4 (erlang) security update

An update for erlang is now available for Red Hat OpenStack Platform 16.2.4 (Train) on Red Hat Enterprise Linux (RHEL) 8.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-37026: erlang/otp: Client Authentication Bypass

CVE-2022-40472: ZKBio Time - CSV Injection

ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721.14829 was discovered to contain a CSV injection vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the Content text field of the Add New Message module.

Capital One Joins Open Source Security Foundation

OpenSSF welcomes Capital One as a premier member affirming its commitment to strengthening the open source software supply chain.

Identity Security Pain Points and What Can Be Done

Replacing passwords is not as easy as people think, but there is hope.

Open Source Security Gets $150M Boost From Industry Heavy Hitters

Maintainers of open source software (OSS) will gain additional security tools for their own projects, while the developers who use OSS — and about 97% of software does — will gain more data on security.

Linux, OpenSSF Champion Plan to Improve Open Source Security

The White House and tech industry pledge $150 million over two years to boost open source resiliency and supply chain security.

CVE-2022-29539: Vulnerability Research & Advisor

resi-calltrace in RESI Gemini-Net 4.2 is affected by OS Command Injection. It does not properly check the parameters sent as input before they are processed on the server. Due to the lack of validation of user input, an unauthenticated attacker can bypass the syntax intended by the software (e.g., concatenate `&|;\r\ commands) and inject arbitrary system commands with the privileges of the application user.