Forum

Message Boards Message Boards

Announcements

Security Vulnerabilities Notification

Security Vulnerabilities Notification
Answer
31 March 2022 1:10
Dear Creodias Users,
In the Security section customers will find information about latest and most critical security vulnerabilities, published in the last month by the SANS Institute (www.sans.org). Security vulnerabilities in software and hardware are very often used by cybercriminals to attack IT infrastructure and steal or destroy company's data, that is why companies are advice to fix those vulnerabilities as soon as possible.
ID: CVE-2021-43049
Title: Information disclosure vulnerability in TIBCO BusinessConnect Container Edition
Description: The Database component of TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to obtain the usernames and passwords of users of the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition: versions 1.1.0 and below.
 
ID: CVE-2022-20708
Title: Code Execution Vulnerability in Cisco Small Business Routers
Description: Cisco RV340 routers are impacted by this vulnerability. An attacker might take advantage of this flaw to execute code in the context of root. Although authentication is necessary to exploit this flaw, the current authentication system can be bypassed. The problem arises from the failure to properly validate a user-supplied string before utilizing it to call a system function.
 
ID: CVE-2022-0841
Title: OS Command injection in npm-lockfile
Description: npm-lockfile before 2.0.4 does not santize unsafe external input and invoke sensitive command execution API with the input, causing command injection vulnerability.
 
ID: CVE-2022-0845
Title: Code Injection in PyTorch Lightning
Description: PyTorch Lightning version 1.5.10 and prior is vulnerable to code injection. There is currently a patch available, anticipated to be part of the 1.6.0 release.
 
ID: CVE-2022-0848
Title: OS Command Injection in GitHub repository part-db/part-db
Description: OS command injection (also known as shell injection) is a web security vulnerability that allows an attacker to execute an arbitrary OS command on the server that is running an application, and typically fully compromise the application and all its data.
 
0 (0 Votes)