CVE-2022-24893

ESP-IDF is the official development framework for Espressif SoCs. In Espressif’s Bluetooth Mesh SDK ESP-BLE-MESH, a memory corruption vulnerability can be triggered during provisioning, because there is no check for the SegN field of the Transaction Start PDU. This can result in memory corruption...

MAL-2022-4769 Malicious code in mynewpkgtest2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ff5bd238312c51334a5938f131369d435fa191f41c34f6bbfab4db030306c4be Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-3457 Malicious code in grenache-nodejs-example-fib-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3fcc86e278a74434d407eba7e0de22067c21ed29a66a45da90bdbd12a6f94d92 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

June 14, 2022—KB5014710 (OS Build 10240.19325) - EXPIRED

June 14, 2022—KB5014710 OS Build 10240.19325 - EXPIRED EXPIRATION NOTICEIMPORTAN T As of 9/12/2023, this KB is no longer available from Windows Update, the Microsoft Update Catalog, or other release channels. We recommend that you update your devices to the latest security quality update. Note: T...

June 14, 2022—KB5014702 (OS Build 14393.5192) - EXPIRED

June 14, 2022—KB5014702 OS Build 14393.5192 - EXPIRED EXPIRATION NOTICEIMPORTANT As of March 31, 2026, this update is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest version of Windows. --- NEW 06/14/22...

Microsoft Releases June 2022 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s June 2022 Security Update Summary and Deployment...

Researchers Disclose Critical Flaws in Industrial Access Controllers from HID Mercury

As many as four zero-day security vulnerabilities have been disclosed in the HID Mercury access controller system that's used widely in healthcare, education, transportation, and government facilities. "The vulnerabilities uncovered allowed us to demonstrate the ability to remotely unlock and loc...

Trellix Threat Labs Uncovers Critical Flaws in Widely Used Building Access Control System

Trellix Threat Labs Uncovers Critical Flaws in Widely Used Building Access Control System By Trellix · June 9, 2022 This story was also written by Steve Povolny and Sam Quinn. Today at the Hardwear.io Security Trainings and Conference, Trellix Threat Labs is sharing new research into...

Mozilla addresses security vulnerabilities in Firefox, Firefox ESR, and Thunderbird

Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary Mozilla has released updates that address up to eight high severity vulnerabilities as per Mozilla in Firefox, Firefox ESR, and Thunderbird. These vulnerabilities could allow an attacker to exploit the...

Vulnerabilities in VMware when chained together grants Full System Control

Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary The Cybersecurity and Infrastructure Security Agency CISA has issued a warning to organizations about malicious actors using CVE-2022-22954 and CVE-2022-22960. This alert was published following the...

GHSA-C79V-2RJQ-965M ChakraCore vulnerable to privilege escalation

ChakraCore allows an attacker to gain the same user rights as the current user, due to the way that the ChakraCore scripting engine handles objects in memory. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take...

PT-2022-10724 · Rti · Connext Dds Secure +1

Name of the Vulnerable Software and Affected Versions: RTI Connext DDS Professional and Connext DDS Secure versions 4.2x through 6.1.0 Description: The issue is a stack-based buffer overflow that may allow a local attacker to execute arbitrary code. This can potentially lead to unauthorized acces...

Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Mozilla Security Advisory for Firefox 10...

Juniper Networks Releases Security Updates for Multiple Products

Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Juniper Networks security advisories page an...

PT-2022-2642 · Microsoft · Windows Graphics +1

Name of the Vulnerable Software and Affected Versions: Windows Graphics Component affected versions not specified Description: The issue is related to insufficient input validation in the Windows Graphics Component, which can be exploited by remote attackers to execute arbitrary code on the syste...

Improper access control

An Access Control vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 due to an undocumented backdoor account. A malicious user can log in using the backdor account with admin highest privileges and obtain system control...

CVE-2021-37292

An Access Control vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 due to an undocumented backdoor account. A malicious user can log in using the backdor account with admin highest privileges and obtain system control...

Malicious Package

aiohttpsocks4/aiohttpsocks5 is a malicious package. It contain malicious EXEs packaged as large base64-string and imitates a massively popular middleware/proxy connector for aiohttpsocks. As it is installed, it runs automatically and drops more malicious executables with capabilities ranging from...

CVE-2022-26676

aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the API function to upload and execute malicious scripts to control the system or disrupt service...

Design/Logic Flaw

aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the API function to upload and execute malicious scripts to control the system or disrupt service...