at.crea-doo.util.toughswitch:toughswitch (>=1.0.0 <=1.0.2), au.com.versent.jenkins.plugins:ignore-committer-strategy (>=29.v7c3891a_434c3 <=57.v0756db_b_f6926) +2505 more potentially affected by CVE-2022-45047 via org.apache.sshd:sshd-core (>=0.1.0 <=2.9.1)

org.apache.sshd:sshd-core MAVEN version =0.1.0, =1.0.0, =29.v7c3891a434c3, =3.3.0, =1.1.0, =0.5.4, =0.8.0, =0.0.1-9045f42e1634ad6f74edf826b9c7c61d1a495a38, =0.8.0, =0.11, =3.0.0, =3.0.1 and more Source cves: CVE-2022-45047 Source advisory: OSV:GHSA-FHW8-8J55-VWGQ...

Ubiquiti Inc.: Authenticated RCE in ToughSwitch

In ToughSwitch v1.3.5 and prior, due to lack of validation is possible to execute an CSRF. If an authenticated user access an attacker controlled web page, it could trigger the CSRF and the resulting request could trigger an RCE. An RCE vulnerability existed in the ToughSwitch that could be...

Ubiquiti Network Gear Targeted By Worm

ISP equipment maker Ubiquiti Networks is fending off a stubborn worm targeting its networking equipment running outdated AirOS firmware. According to security experts, the worm is already being blamed for crippling networking gear in the Argentina, Brazil, Spain and the United States. Ubiquiti...