VU#495801: muhttpd versions 1.1.5 and earlier are vulnerable to path traversal
Overview
Versions 1.1.5 and earlier of the mu HTTP deamon (muhttpd) are vulnerable to path traversal...
VU#142546: SMA Technologies OpCon UNIX agent adds the same SSH key to all installations
Overview
SMA Technologies OpCon UNIX agent adds the same SSH key on every installation and subsequent...
VU#473698: CVE-2022-30295 – uClibc, uClibc-ng Libraries Have Monotonically Increasing DNS Transaction ID
Overview
The uClibc and uClibc-ng libraries are vulnerable to DNS cache poisoning due to the use...
VU#730007: Tychon is vulnerable to privilege escalation due to OPENSSLDIR location
Overview
Tychon contains a privilege escalation vulnerability due to the use of an OPENSSLDIR variable that...
VU#411271: Qt allows for privilege escalation due to hard-coding of qt_prfxpath value
Overview
Prior to version 5.14, Qt hard-codes the qt_prfxpath value to a fixed value, which may...
VU#970766: Spring Framework insecurely handles PropertyDescriptor objects with data binding
Overview
The Spring Framework insecurely handles PropertyDescriptor objects, which may allow a remote, unauthenticated attacker to...
VU#383864: Visual Voice Mail (VVM) services transmit unencrypted credentials via SMS
Overview
Visual Voice Mail (VVM) services transmit unencrypted credentials via SMS. An attacker with the ability...
VU#229438: Mobile device monitoring services do not authenticate API requests
Overview
The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or...
VU#796611: InsydeH2O UEFI software impacted by multiple vulnerabilities in SMM
Overview
The InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related to memory management in...
VU#119678: Samba vfs_fruit module insecurely handles extended file attributes
Overview
The Samba vfs_fruit module allows out-of-bounds heap read and write via extended file attributes (CVE-2021-44142)....
VU#287178: McAfee Agent for Windows is vulnerable to privilege escalation due to OPENSSLDIR location
Overview
McAfee Agent contains a privilege escalation vulnerability due to the use of an OPENSSLDIR variable...
VU#142629: Silicon Labs Z-Wave chipsets contain multiple vulnerabilities
Overview
Various Silicon Labs Z-Wave chipsets do not support encryption, can be downgraded to not use...
VU#692873: Saviynt Enterprise Identity Cloud vulnerable to local user enumeration and authentication bypass
Overview
Saviynt Enterprise Identity Cloud contains user enumeration and authentication bypass vulnerabilities in the local password...
VU#930724: Apache Log4j allows insecure JNDI lookups
Overview
Apache Log4j allows insecure JNDI lookups that could allow an unauthenticated, remote attacker to execute...
VU#999008: Compilers permit Unicode control and homoglyph characters
Overview
Attacks that allow for unintended control of Unicode and homoglyphic characters, described by the researchers...
Phishers who breached Twilio and fooled Cloudflare could easily get you, too
Enlarge (credit: Getty Images)
At least two security-sensitive companies—Twilio and Cloudflare—were targeted in a phishing attack by an advanced threat actor who had possession of home phone numbers of not...
Microsoft Patch Tuesday, August 2022 Edition
Microsoft today released updates to fix a record 141 security vulnerabilities in its Windows operating systems and related software. Once again, Microsoft is patching a zero-day vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows....
One of 5G's Biggest Features Is a Security Minefield
New research found troubling vulnerabilities in the 5G platforms carriers offer to wrangle embedded device data.
Patch Tuesday: Yet another Microsoft RCE bug under active exploit
Oh, and that critical VMware auth bypass vuln? Miscreants found it, too August Patch Tuesday clicks off the week of hacker summer camp in Las Vegas this year, so it's basically a code cracker's holiday too. …
