Jetson Nano, Jetson Nano 2GB Security Vulnerabilities

CVE-2022-29951

JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They utilize the CMPLink/TCP protocol (configurable on ports 1024-65534 on either TCP or UDP) for a wide variety of engineering purposes such as starting and stopping the PLC, downloading and uploading projects, and changing...

Fedora: Security Advisory for micro (FEDORA-2022-3969b64d4b)

The remote host is missing an update for...

[SECURITY] Fedora 35 Update: micro-2.0.8-5.fc35

Micro is a terminal-based text editor that aims to be easy to use and intuitive, while also taking advantage of the full capabilities of modern terminals. It comes as one single, batteries-included, static binary with no dependencies, and you can download and use it right now. As the name...

Fedora: Security Advisory for micro (FEDORA-2022-fae3ecee19)

The remote host is missing an update for...

Cloud OSINT. Finding Interesting Resources

Locating sensitive information, personally identifiable information (PII) and questionable assets in the cloud. TL; DR I had a curiosity driven excursion into the public clouds of AWS and Azure to find what is publicly hosted and who by. As anticipated, the results were extremely broad and...

[SECURITY] Fedora 36 Update: micro-2.0.8-5.fc36

Micro is a terminal-based text editor that aims to be easy to use and intuitive, while also taking advantage of the full capabilities of modern terminals. It comes as one single, batteries-included, static binary with no dependencies, and you can download and use it right now. As the name...

nano-gmbh.de Cross Site Scripting vulnerability OBB-2700047

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

JTEKT TOYOPUC Missing Authentication For Critical Function (CVE-2022-29951, CVE-2022-29958)

The device may be vulnerable to flaws related to OT:ICEFALL. These vulnerabilities identify the insecure-by-design nature of OT devices and may not have a clear remediation path. As such, Nessus is unable to test specifically for these vulnerabilities but has identified the device to be one that...

JTEKT TOYOPUC

EXECUTIVE SUMMARY CVSS v3 7.7 ATTENTION: Exploitable remotely Vendor: JTEKT Equipment: TOYOPUC Products Vulnerability: Missing Authentication for Critical Function CISA is aware of a public report, known as “OT:ICEFALL” that details vulnerabilities found in multiple operational technology...

Malicious code in mrg-nano-xhr (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (c5584946fb8e4619d73092f2d29472ca79e307d08f72e7036028a4d1d4836dd6) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EulerOS 2.0 SP5 : yajl (EulerOS-SA-2022-1919)

According to the versions of the yajl package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow...

Huawei EulerOS: Security Advisory for yajl (EulerOS-SA-2022-1919)

The remote host is missing an update for the Huawei...

Latest Mobile Malware Report Suggests On-Device Fraud is on the Rise

An analysis of the mobile threat landscape in 2022 shows that Spain and Turkey are the most targeted countries for malware campaigns, even as a mix of new and existing banking trojans are increasingly targeting Android devices to conduct on-device fraud (ODF). Other frequently targeted countries...

Your cloud? My cloud now

A true story on taking over a client’s Azure tenant via a successful phish. TL;DR A tempting phish got lots of users to disclose their passwords, and a lack of training resulted in the victims accepting the Microsoft push-based multi-factor authentication. This resulted in gaining access to Slack,....

EulerOS 2.0 SP3 : yajl (EulerOS-SA-2022-1776)

According to the versions of the yajl package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow...

APT Cyber Tools Targeting ICS/SCADA Devices

Summary Actions to Take Today to Protect ICS/SCADA Devices: • Enforce multifactor authentication for all remote access to ICS networks and devices whenever possible. • Change all passwords to ICS/SCADA devices and systems on a consistent schedule, especially all default passwords, to device-unique....

SUSE SLES12 Security Update : libyajl (SUSE-SU-2022:1746-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1746-1 advisory. yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer...

new packages: nano

An update is available for nano. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Enterprise...

Exploit for CVE-2022-21907

CVE-2022-21907 Golang Application by 1vere$k CVE-2022-21907...

curl: Integer overflows in unescape_word()

Summary: A similiar issue to CVE-2019-5435 Steps To Reproduce: analysis DICT protocol can use one url like "dict://localhost:3306", and function unescape_word() is used to deal with the character in url like this comment c /* According to RFC2229 section 2.2, these letters need to be escaped...

Unbreakable Enterprise kernel-container security update

[4.14.35-2047.513.2.el7] - Revert 'rds/ib: recover rds connection from stuck tx path' (Nagappan Ramasamy Palaniappan) [Orabug: 34124234] [4.14.35-2047.513.1.el7] - mm/page-writeback: Fix performance when BDI's share of ratio is 0. (Chi Wu) [Orabug: 34050050] - esp: Fix possible buffer overflow...

Unbreakable Enterprise kernel security update

[4.14.35-2047.513.2] - Revert 'rds/ib: recover rds connection from stuck tx path' (Nagappan Ramasamy Palaniappan) [Orabug: 34124234] [4.14.35-2047.513.1] - mm/page-writeback: Fix performance when BDI's share of ratio is 0. (Chi Wu) [Orabug: 34050050] - esp: Fix possible buffer overflow in ESP...

Security update for the Linux Kernel (important)

An update that solves 14 vulnerabilities, contains one feature and has 61 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past...

Nanodump - A Crappy LSASS Dumper With No ASCII Art

A flexible tool that creates a minidump of the LSASS process. 1. Features It uses syscalls (with SysWhispers2) for most operations. Syscalls are called from an ntdll address to bypass some syscall detections. It sets the syscall callback hook to NULL. Windows APIs are called using dynamic invoke......

CVE-2022-28196

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot blob_decompress function, where insufficient validation of untrusted data may allow a local attacker with elevated privileges to cause a memory buffer overflow, which may lead to code execution, limited loss of Integrity, and....

CVE-2022-28196

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot blob_decompress function, where insufficient validation of untrusted data may allow a local attacker with elevated privileges to cause a memory buffer overflow, which may lead to code execution, limited loss of Integrity, and....

CVE-2022-28197

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_mount function, where Insufficient validation of untrusted data may allow a highly privileged local attacker to cause an integer overflow. This difficult-to-exploit vulnerability may lead to code execution, escalation of....

CVE-2022-28197

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_mount function, where Insufficient validation of untrusted data may allow a highly privileged local attacker to cause an integer overflow. This difficult-to-exploit vulnerability may lead to code execution, escalation of....

CVE-2022-28195

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_read_file function, where insufficient validation of untrusted data may allow a highly privileged local attacker to cause a integer overflow, which may lead to code execution, escalation of privileges, limited denial of.....

CVE-2022-28195

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_read_file function, where insufficient validation of untrusted data may allow a highly privileged local attacker to cause a integer overflow, which may lead to code execution, escalation of privileges, limited denial of.....

CVE-2022-28193

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where insufficient validation of untrusted data may allow a local attacker with elevated privileges to cause a memory buffer overflow, which may lead to code execution, loss of integrity, limited denial.....

CVE-2022-28193

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where insufficient validation of untrusted data may allow a local attacker with elevated privileges to cause a memory buffer overflow, which may lead to code execution, loss of integrity, limited denial.....

CVE-2022-28194

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where, if TFTP is enabled, a local attacker with elevated privileges can cause a memory buffer overflow, which may lead to code execution, loss of Integrity, limited denial of service, and some impact to....

CVE-2022-28194

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where, if TFTP is enabled, a local attacker with elevated privileges can cause a memory buffer overflow, which may lead to code execution, loss of Integrity, limited denial of service, and some impact to....

Buffer overflow

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where, if TFTP is enabled, a local attacker with elevated privileges can cause a memory buffer overflow, which may lead to code execution, loss of Integrity, limited denial of service, and some impact to....

Integer overflow

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_read_file function, where insufficient validation of untrusted data may allow a highly privileged local attacker to cause a integer overflow, which may lead to code execution, escalation of privileges, limited denial of.....

Buffer overflow

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where insufficient validation of untrusted data may allow a local attacker with elevated privileges to cause a memory buffer overflow, which may lead to code execution, loss of integrity, limited denial.....

Buffer overflow

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot blob_decompress function, where insufficient validation of untrusted data may allow a local attacker with elevated privileges to cause a memory buffer overflow, which may lead to code execution, limited loss of Integrity, and....

Integer overflow

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_mount function, where Insufficient validation of untrusted data may allow a highly privileged local attacker to cause an integer overflow. This difficult-to-exploit vulnerability may lead to code execution, escalation of....

CVE-2022-28197

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_mount function, where Insufficient validation of untrusted data may allow a highly privileged local attacker to cause an integer overflow. This difficult-to-exploit vulnerability may lead to code execution, escalation of....

CVE-2022-28196

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot blob_decompress function, where insufficient validation of untrusted data may allow a local attacker with elevated privileges to cause a memory buffer overflow, which may lead to code execution, limited loss of Integrity, and....

CVE-2022-28195

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_read_file function, where insufficient validation of untrusted data may allow a highly privileged local attacker to cause a integer overflow, which may lead to code execution, escalation of privileges, limited denial of.....

CVE-2022-28194

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where, if TFTP is enabled, a local attacker with elevated privileges can cause a memory buffer overflow, which may lead to code execution, loss of Integrity, limited denial of service, and some impact to....

CVE-2022-28193

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where insufficient validation of untrusted data may allow a local attacker with elevated privileges to cause a memory buffer overflow, which may lead to code execution, loss of integrity, limited denial.....

Security Bulletin: NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, Jetson TX1, Jetson TX2 Series (including Jetson TX2 NX) - April 2022

NVIDIA has released a software update for NVIDIA® Jetson AGX Xavier™ series, Jetson Xavier™ NX, Jetson TX1, Jetson TX2 series (including Jetson TX2 NX) in the NVIDIA JetPack™ software development kit (SDK). The update addresses security issues that may lead to denial of service, escalation of...

Unbreakable Enterprise kernel security update

[4.14.35-2047.512.6] - Revert 'rds/ib: recover rds connection from stuck rx path' (Rohit Nair) [Orabug: 34039271] - uek-rpm: update kABI lists for new symbols (Saeed Mirzamohammadi) [Orabug: 33993774] [4.14.35-2047.512.5] - netfilter: nf_tables: initialize registers in nft_do_chain() (Pablo...

Unbreakable Enterprise kernel-container security update

[4.14.35-2047.512.6.el7] - Revert 'rds/ib: recover rds connection from stuck rx path' (Rohit Nair) [Orabug: 34039271] - uek-rpm: update kABI lists for new symbols (Saeed Mirzamohammadi) [Orabug: 33993774] [4.14.35-2047.512.5] - netfilter: nf_tables: initialize registers in nft_do_chain() (Pablo...

Exploit for Unrestricted Upload of File with Dangerous Type in Elementor Website Builder

CVE-2022-1329-WordPress-Elementor-RCE...

Multiple RTOS (Update E)

EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendors: Multiple Equipment: Multiple Vulnerabilities: Integer Overflow or Wraparound CISA is aware of a public report, known as “BadAlloc” that details vulnerabilities found in multiple real-time operating...

Feds: APTs Have Tools That Can Take Over Critical Infrastructure

Threat actors have built and are ready to deploy tools that can take over a number of widely used industrial control system (ICS) devices, which spells trouble for critical infrastructure providers—particularly those in the energy sector, federal agencies have warned. In a joint advisory, the...