CVE-2022-0910

Improper Authentication (CWE-287)

Published: May 24, 2022 / Updated: 30mo ago

Multiple improper input validation flaws were identified in some CLI commands of some firewall, AP controller, and AP versions that could allow a local authenticated attacker to cause a buffer overflow or a system crash via a crafted payload. A command injection vulnerability in the "packet-trace" CLI command of some firewall, AP controller, and AP versions could allow a local authenticated attacker to execute arbitrary OS commands by including crafted arguments to the command.

apple — macos_monterey_and_masos_big_sur An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to gain elevated privileges. 2022-05-26 not yet calculated CVE-2022-26718 MISC MISC cisco — common_services_platform_collector_software Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2022-05-27 not yet calculated CVE-2022-20670 CISCO phpgurukul — zoo_managment_system A vulnerability classified as problematic has been found in Zoo Management System 1.0. Affected is an unknown function of the file admin/manage-ticket.php. The manipulation with the input alert(1) leads to cross site scripting.

Refresh 2022-09-13T15:24:53.003Z (Image credit: Shutterstock) New Linux malware found targeting endpoints of all types A brand new malware, targeting Linux devices, was recently discovered. Dubbed Shikitega, by researchers from AT&T Alien Labs that first discovered it, the malware can do all sorts of things, from controlling the webcam on the... The post Security update live blog – WeTransfer abused, Linux malware lurking #linux #linuxsecurity appeared first on NATIONAL CYBER SECURITY NEWS TODAY .

CVE-2022-26532: Certain firewall, AP controller, and AP versions contain the 'packet-trace' CLI command that contains a command injection vulnerability that might allow a local, authorized attacker to execute arbitrary OS instructions by providing specially crafted inputs to the function. This revelation follows Zyxel's July patching of the CVE-2022-30526 and CVE-2022-2030 vulnerabilities impacting its firewall products, which affect local root access and authenticated directory traverse.

Networking device maker Zyxel is warning customers today of a new critical remote code execution (RCE) vulnerability impacting three models of its Networked Attached Storage (NAS) products. “A format string vulnerability was found in a specific binary of Zyxel NAS products that could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet.”

“A format string vulnerability was found in a specific binary of Zyxel NAS products that could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet.” Networking equipment vendor Zyxel addressed a critical vulnerability impacting its network-attached storage (NAS) devices.

Zyxel addressed a critical vulnerability, tracked as CVE-2022-34747, impacting its network-attached storage (NAS) devices. Networking equipment vendor Zyxel addressed a critical vulnerability impacting its network-attached storage (NAS) devices.