A week in security (March 7 – March 13)
Last week on Malwarebytes Labs: The struggle to reduce bug-fixing time is realUpdate now! Mozilla patches two actively exploited vulnerabilitiesGoogle...
Cisco security advisory-CVE-2022-20703
NAME Cisco - Multiple Platforms Affected:MultipleRisk Level:mediumCVE Type:Out-of-bounds write DESCRIPTION CVE-2022-20703 is an out-of-bounds write vulnerability impacting Cisco Small Business...
Exim security update-CVE-2019-16928
NAME Exim - Exim Platforms Affected:EximRisk Level:mediumCVE Type:Buffer overflow DESCRIPTION CVE-2019-16928 is a buffer overflow vulnerability impacting Exim versions 4.92...
Cisco security advisory-CVE-2022-20701
NAME Cisco - Multiple Platforms Affected:MultipleRisk Level:mediumCVE Type:Out-of-bounds write DESCRIPTION CVE-2022-20701 is an out-of-bounds write vulnerability impacting Cisco Small Business...
Zabbix security update-CVE-2022-23134
NAME Zabbix - Zabbix Platforms Affected:ZabbixRisk Level:mediumCVE Type:Improper authorization DESCRIPTION CVE-2022-23134 is an improper authorization vulnerability impacting Zabbix versions 5.4.0...
Vendor security update-CVE-2018-8581
NAME Microsoft - Exchange Server Platforms Affected:Exchange ServerRisk Level:highCVE Type:Privilege escalation DESCRIPTION CVE-2018-8581 is a privilege escalation vulnerability impacting Microsoft...
Litexmedia Audio Conversion Wizard buffer overflow |
NAME Litexmedia Audio Conversion Wizard buffer overflow Platforms Affected:Litexmedia Audio Conversion Wizard 2.01Risk Level:8.4Exploitability:Proof of ConceptConsequences:Gain Access DESCRIPTION Litexmedia Audio...
FLEX-1080 Web and FLEX-1085 Web information disclosure |
NAME FLEX-1080 Web and FLEX-1085 Web information disclosure Platforms Affected:TEM Industria Eletronica FLEX-1085 Web 1.6.0 TEM Industria Eletronica FLEX-1080 Web...
Schneider Electric APC Smart-UPS security bypass | CVE-2022-0715
NAME Schneider Electric APC Smart-UPS security bypass Platforms Affected:Schneider Electric SMT Series 1015 UPS 04.5 Schneider Electric SMC Series 1018...
Employee Performance Evaluation System email SQL injection |
NAME Employee Performance Evaluation System email SQL injection Platforms Affected:Sourcecodester Employee Performance Evaluation System 1.0Risk Level:9.8Exploitability:HighConsequences:Data Manipulation DESCRIPTION Employee Performance...
PTC Axeda agent and Axeda Desktop Server security bypass | CVE-2022-25250
NAME PTC Axeda agent and Axeda Desktop Server security bypass Platforms Affected:PTC Axeda agent PTC Axeda Desktop ServerRisk Level:9.8Exploitability:UnprovenConsequences:Bypass Security...
Siemens Mendix Forgot Password Appstore module security bypass | CVE-2022-26313
NAME Siemens Mendix Forgot Password Appstore module security bypass Platforms Affected:Siemens Mendix Forgot Password Appstore module 3.3.0 Siemens Mendix Forgot...
F-Secure products code execution | CVE-2021-44750
NAME F-Secure products code execution Platforms Affected:F-Secure Email and Server Security F-Secure Elements Agent F-Secure MDR F-Secure Client Security F-Secure...
PTC Axeda agent and Axeda Desktop Server code execution | CVE-2022-25247
NAME PTC Axeda agent and Axeda Desktop Server code execution Platforms Affected:PTC Axeda agent PTC Axeda Desktop ServerRisk Level:9.8Exploitability:UnprovenConsequences:Gain Access...
Schneider Electric APC Smart-UPS buffer overflow | CVE-2022-22805
NAME Schneider Electric APC Smart-UPS buffer overflow Platforms Affected:Schneider Electric SMT Series 1015 UPS 04.5 Schneider Electric SMC Series 1018...
Zabbix items.php file upload |
NAME Zabbix items.php file upload Platforms Affected:Zabbix Zabbix 5.0.17Risk Level:8.8Exploitability:Proof of ConceptConsequences:Gain Access DESCRIPTION Zabbix could allow a remote authenticated...
Printix Secure Cloud Print Management privilege escalation | CVE-2022-25090
NAME Printix Secure Cloud Print Management privilege escalation Platforms Affected:Printix Secure Cloud Print Management 1.3.1035.0Risk Level:7.8Exploitability:Proof of ConceptConsequences:Gain Privileges DESCRIPTION...
PTC Axeda agent and Axeda Desktop Server default account | CVE-2022-25246
NAME PTC Axeda agent and Axeda Desktop Server default account Platforms Affected:PTC Axeda agent PTC Axeda Desktop ServerRisk Level:9.8Exploitability:UnprovenConsequences:Gain Access...
UltraVNC privilege escalation | CVE-2022-24750
NAME UltraVNC privilege escalation Platforms Affected:UltraVNC UltraVNC 1.3.7.0Risk Level:8.8Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION UltraVNC could allow a local authenticated attacker to gain...
Google Android privilege escalation | CVE-2021-39708
NAME Google Android privilege escalation Platforms Affected:Google Android 12Risk Level:9.8Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION Google Android could allow a remote attacker to...
Node.js @advanced-rest-client/base module privilege escalation |
NAME Node.js @advanced-rest-client/base module privilege escalation Platforms Affected:Node.js @advanced-rest-client/base 0.1.9Risk Level:8.8Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION Node.js @advanced-rest-client/base module could allow a remote...
Schneider Electric APC Smart-UPS security bypass | CVE-2022-22806
NAME Schneider Electric APC Smart-UPS security bypass Platforms Affected:Schneider Electric SMT Series 1015 UPS 04.5 Schneider Electric SMC Series 1018...
NETGEAR DGND3700 security bypass |
NAME NETGEAR DGND3700 security bypass Platforms Affected:NETGEAR DGND3700v2Risk Level:9.1Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION NETGEAR DGND3700 could allow a remote attacker to bypass...
NEC UNIVERGE WA series command execution | CVE-2022-25621
NAME NEC UNIVERGE WA series command execution Platforms Affected:NEC UNIVERGE WA series 8.2.11 NEC UNIVERGE WA series 8.2.7Risk Level:8.8Exploitability:UnprovenConsequences:Gain Access...
