CVE-2022-36438

AsusSwitch.exe on ASUS personal computers running Windows sets weak file permissions, leading to local privilege escalation this also can be used to delete files within the system arbitrarily. This affects ASUS System Control Interface 3 before 3.1.5.0, and AsusSwitch.exe before 1.0.10.0...

CVE-2022-42897

Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected...

Command injection

Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected...

Array Networks AG/vxAG 命令注入漏洞

Array Networks AG/vxAG is an Array SSL-VPN gateway product from Array Networks, Inc. A security vulnerability exists in Array Networks AG/vxAG with ArrayOS AG prior to version 9.4.0.469, which stems from the fact that it allows an unauthenticated attacker to implement command injection, resulting...

CVE-2022-42897

Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected...

CVE-2022-42897

The CVE-2022-42897 entry concerns Array Networks VXG/vxAG with ArrayOS AG before 9.4.0.469, which suffers unauthenticated command injection leading to privilege escalation and control of the system. The issue affects versions prior to 9.4.0.469; ArrayOS AG 10.x is unaffected. Exploitation details...

Daikin Holdings Singapore

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Daikin Holdings Singapore Pte Ltd. Equipment: SVMPC1, SVMPC2 Vulnerabilities: Use of Hard-coded Password, Improper Access Control 2. RISK EVALUATION Successful exploitation of these vulnerabilities...

Mozilla Releases Security Update for Thunderbird

Mozilla has released a security update to address a vulnerability in Thunderbird. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the Mozilla security advisory for Thunderbird 102.3.1 and make the necessary...

Cisco Releases Security Updates for Multiple Products

Cisco has released security updates for vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing high and low severity vulnerabilities, see the Cisco Security Advisories page. CISA...

Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Mozilla security advisories for Firefox...

PT-2022-34076 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.137 Description: The issue is related to the assignment of scpi info in the arm scpi firmware when a probe fails. The actual impact and potential for attack have not been proven yet. Recommendations: For...

PT-2022-34198 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.4.212 Description: A data-race issue exists around sysctl net busy read. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to v5.4.212, updat...

PT-2022-33302 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.6 Description: The issue is related to data-races around sysctl max skb frags. The actual impact and attack plausibility have not yet been proven. It was introduced in version v4.5 and fixed in Linux Kerne...

CVE-2022-39206 CI/CD Docker Escape in OneDev

Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. When using Docker-based job executors, the Docker socket e.g. /var/run/docker.sock on Linux is mounted into each Docker step. Users that can define and trigger CI/CD jobs on a project could use this to control the Docker daem...

Cisco Releases Security Updates for Multiple Products

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA...

Design/Logic Flaw

Dell CloudLink 7.1.3 and all earlier versions contain an Authentication Bypass Using an Alternate Path or Channel Vulnerability. A high privileged local attacker may potentially exploit this vulnerability leading to authentication bypass and access the CloudLink system console. This is critical...

VMware Releases Security Update

VMware has released a security update to address a vulnerability in Tools. A remote attacker could likely exploit the vulnerability to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2022-0024 and apply the necessary update. Thi...

Adobe Releases Security Updates for Multiple Products

Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary...

VMware Releases Security Updates

VMware has released security updates to address multiple vulnerabilities in vRealize Operations. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2022-0022 and appl...

Oracle Releases July 2022 Critical Patch Update

Oracle has released its Critical Patch Update for July 2022 to address 349 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Oracle July 2022 Critica...