PT-2022-6229 · Omron · Omron Cp1L-El20Dr-D

Name of the Vulnerable Software and Affected Versions: OMRON CP1L-EL20DR-D all versions Description: The issue is related to the implementation of the Factory Interface Network Service FINS protocol in the OMRON CP1L-EL20DR-D programmable logic controller's firmware, specifically due to...

PT-2022-27510 · Dahua · Dahua Software Products

Name of the Vulnerable Software and Affected Versions: Dahua software products affected versions not specified Description: The issue concerns sensitive information leakage in some Dahua software products. An attacker, after obtaining administrator permissions, can send a crafted packet to a...

GuLoader Malware Utilizing New Techniques to Evade Security Software

Cybersecurity researchers have exposed a wide variety of techniques adopted by an advanced malware downloader called GuLoader to evade security software. "New shellcode anti-analysis technique attempts to thwart researchers and hostile environments by scanning entire process memory for any virtua...

CVE-2021-35954

fastrack Reflex 2.0 W307SREFLEXv90.89 Activity Tracker allows physically proximate attackers to dump the firmware, flash custom malicious firmware, and brick the device via the Serial Wire Debug SWD feature...

fastrack Reflex 安全漏洞

The fastrack Reflex is a smart wearable device from fastrack. A security vulnerability exists in fastrack Reflex version 2.0 W307SREFLEXv90.89, which stems from a vulnerability that could allow a physically proximate attacker to dump the firmware, flash customized malicious firmware, and brick th...

Hardcoded credentials

ghinstallation provides transport, which implements http.RoundTripper to provide authentication as an installation for GitHub Apps. In ghinstallation version 1, when the request to refresh an installation token failed, the HTTP request and response would be returned for debugging. The request...

CVE-2022-39304 ghinstallation returns app JWT in error responses

ghinstallation provides transport, which implements http.RoundTripper to provide authentication as an installation for GitHub Apps. In ghinstallation version 1, when the request to refresh an installation token failed, the HTTP request and response would be returned for debugging. The request...

GHSA-H4Q8-96P6-JCGR ghinstallation returns app JWT in error responses

Impact In ghinstallation v1, when the request to refresh an installation token failed, the HTTP request and response would be returned for debugging. https://github.com/bradleyfalzon/ghinstallation/blob/24e56b3fb7669f209134a01eff731d7e2ef72a5c/transport.goL172-L174 The request contained the beare...

PT-2022-17940 · Pax Technology · Paydroid +1

Name of the Vulnerable Software and Affected Versions: PAX A930 device with PayDroid versions 7.1.1 Virgo V04.3.26T1 20210419 through 7.1.1 Virgo V04.4.02 20211201 Description: The issue allows an unauthorized attacker to perform privileged actions through the execution of specific binaries liste...

Zoom Client for Meetings 5.10.6 < 5.12.0 Vulnerability (ZSB-22023)

The version of Zoom Client for Meetings installed on the remote host is between 5.10.6 and 5.12.0. It is, therefore, affected by a vulnerability as referenced in the ZSB-22023 advisory. - Zoom Client for Meetings for macOS Standard and for IT Admin starting with 5.10.6 and prior to 5.12.0 contain...

Secomea SiteManager 安全漏洞

Secomea SiteManager is a software application from Secomea, Denmark. It provides a remote maintenance function for industrial equipment. A security vulnerability exists in Secomea SiteManager that stems from a debugging tool that allows logged-in administrators to modify the system state in an...

Information Disclosure

github.com/grafana/synthetic-monitoring-agent is vulnerable to information disclosure.The vulnerability exists in multiple functions due to default installation of synthetic-monitoring-agent which allows an attacker to communicate with the Synthetic Monitoring API via a debugging endpoint...

CVE-2022-46156

The Synthetic Monitoring Agent for Grafana's Synthetic Monitoring application provides probe functionality and executes network checks for monitoring remote targets. Users running the Synthetic Monitoring agent prior to version 0.12.0 in their local network are impacted. The authentication token...

CVE-2022-46156

CVE-2022-46156 : Grafana’s Synthetic Monitoring Agent (pre-0.12.0) exposes an authentication token via a debugging endpoint, enabling retrieval of user checks bound to that token. Access does not guarantee checks due to API denying connections from already-connected agents, but token exposure sti...

PT-2022-27773 · Grafana · Synthetic Monitoring Agent For Grafana

Name of the Vulnerable Software and Affected Versions: Synthetic Monitoring Agent for Grafana versions prior to 0.12.0 Description: The Synthetic Monitoring Agent for Grafana's Synthetic Monitoring application provides probe functionality and executes network checks for monitoring remote targets...

CVE-2022-46156 Grafana's default installation of `synthetic-monitoring-agent` exposes sensitive information

The Synthetic Monitoring Agent for Grafana's Synthetic Monitoring application provides probe functionality and executes network checks for monitoring remote targets. Users running the Synthetic Monitoring agent prior to version 0.12.0 in their local network are impacted. The authentication token...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

CVE-2022-43936: Switch passwords in logs

Brocade SANnav versions before v2.2.2 improperly expose Brocade Fabric OS switch password when debugging is turned on. A local or remote authenticated privileged user with access to logs may gain switch users' passwords. Products Affected Brocade SANnav versions before v2.2.2 Products Confirmed N...

Design/Logic Flaw

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Connected users may gain access to debug panel through the GLPI update script. This issue has been...

Exploit for Out-of-bounds Write in Openssl

CVE−2022-3602 What is this? This document and repository...