Security
Headlines
HeadlinesLatestCVEs

Tag

#perl

‘How Are They Weapons? That’s Only a Flashlight!’

During the protests in Hong Kong, young people carried laser pointers, umbrellas, and plastic ties—objects that sometimes led to their arrest, and years of legal limbo.

Wired
Open in Source
#web#windows#apple#perl#asus#auth
‘How Are They Weapons? That’s Only a Flashlight!’

During the protests in Hong Kong, young people carried laser pointers, umbrellas, and plastic ties—objects that sometimes led to their arrest, and years of legal limbo.

CVE-2022-26082: TALOS-2022-1493 || Cisco Talos Intelligence Group

A file write vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.

CVE-2022-27169: TALOS-2022-1494 || Cisco Talos Intelligence Group

An information disclosure vulnerability exists in the OAS Engine SecureBrowseFile functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to a disclosure of sensitive information. An attacker can send a network request to trigger this vulnerability.

CVE-2022-26026: TALOS-2022-1491 || Cisco Talos Intelligence Group

A denial of service vulnerability exists in the OAS Engine SecureConfigValues functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to loss of communications. An attacker can send a network request to trigger this vulnerability.

CVE-2022-26303: TALOS-2022-1488 || Cisco Talos Intelligence Group

An external config control vulnerability exists in the OAS Engine SecureAddUser functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of an OAS user account. An attacker can send a sequence of requests to trigger this vulnerability.

CVE-2022-26043: TALOS-2022-1489 || Cisco Talos Intelligence Group

An external config control vulnerability exists in the OAS Engine SecureAddSecurity functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of a custom Security Group. An attacker can send a sequence of requests to trigger this vulnerability.

CVE-2022-26067: TALOS-2022-1492 || Cisco Talos Intelligence Group

An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to arbitrary file read. An attacker can send a sequence of requests to trigger this vulnerability.

GHSA-vjj6-5m9f-wqjw: NULL Pointer Dereference in HyperLedger Fabric

A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.1.0. This bug can be leveraged by constructing a message whose payload is nil and sending this message with the method 'forwardToLeader'. This bug has been admitted and fixed by the developers of Fabric. If leveraged, any leader node will crash.

Zero-Click Zoom Bug Allows Code Execution Just by Sending a Message

Google has disclosed a nasty set of six bugs affecting Zoom chat that can be chained together for MitM and RCE attacks, no user interaction required.