Forum

Message Boards Message Boards

Announcements

Security Vulnerabilities Notification

Security Vulnerabilities Notification
Answer
31 May 2022 12:33
Dear Creodias Users,

In the Security section, customers will find information about the latest and most critical security vulnerabilities, published in the last month by the SANS Institute (www.sans.org). Security vulnerabilities in software and hardware are very often used by cybercriminals to attack IT infrastructure and steal or destroy a company's data, that is why companies are advised to fix those vulnerabilities as soon as possible.
 
ID: CVE-2022-30525
Title: OS command injection vulnerability in Zyxel Firewall
Description: Zyxel Communications Corp. is a manufacturer of DSL and other networking devices.
A command injection vulnerability in the CGI program of some firewall versions could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.
 
ID: CVE-2022-22796
Title: Improper authentication vulnerability in SysAid wmiwizard.jsp
Description: An attacker can bypass the authentication process by accessing to: /wmiwizard.jsp, Then to: /ConcurrentLogin.jsp, then click on the login button, and it will redirect you to /home.jsp without any authentication.
 
ID: CVE-2022-29303
Title: Command injection vulnerability in SolarView Compact conf_mail.php
Description: SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via conf_mail.php.
 
ID: CVE-2021-44056
Title: Improper authentication vulnerability in QNAP video station
Description: An improper authentication vulnerability has been reported to affect the QNAP device running Video Station. Successful exploitation of this vulnerability allows attackers to compromise the security of the system.
 
ID: CVE-2022-1292
Title: Arbitrary command execution vulnerability in c_rehash scripts
Description: The c_rehash script does not properly sanitize shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. An attacker could execute arbitrary commands with the privileges of the script on such operating systems. The c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command-line tool.
 
ID: CVE-2022-1388
Title: Remote Code Execution Vulnerability in F5 BIG-IP iControl REST
Description: On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
 
ID: CVE-2022-24706
Title: Elevation of privilege vulnerability in Apache CouchDB
Description: In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.
 
ID: CVE-2022-22954
Title: Remote code execution vulnerability in VMware Workspace ONE Access and Identity Manager
Description: VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.
 
 
0 (0 Votes)