Message Boards Message Boards


Security Vulnerabilities Notification

Security Vulnerabilities Notification
30 June 2022 8:55
Dear Creodias Users,

In the Security section customers will find information about latest and most critical security vulnerabilities, published in the last month by the SANS Institute ( Security vulnerabilities in
software and hardware are very often used by cybercriminals to attack IT infrastructure and steal or destroy company's data, that is why companies are advice to fix those vulnerabilities as soon as possible.  

ID: CVE-2022-23657, CVE-2022-23658, CVE-2022-23660  
Title: Arbitrary code execution vulnerability in Aruba ClearPass Policy Manager Description: Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities allows an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. 

ID: CVE-2022-1292  Title: Command injection vulnerability in Open SSL  Description: The c_rehash script does not properly sanitize shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. The use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command-line tool.  The vulnerability is fixed in OpenSSL 3.0.3, OpenSSL 1.1.1o, and OpenSSL 1.0.2ze.

ID: CVE-2021-34111  Title: Command injection vulnerability in Thecus N4800Eco Nas Server Control Panel Description: Thecus 4800Eco was discovered to contain a command injection vulnerability via the username parameter in /adm/setmain.php.

ID: CVE-2021-34079  Title: OS Command injection vulnerability in Mintzo Docker-Tester Description: docker-tester is a Start a testing environment with a docker-compose file and verify it's up before running tests. Affected versions of this package are vulnerable to Command Injection via shell meta-characters in the 'ports' entry of a crafted docker-compose.yml file. 

ID: CVE-2021-34080  Title: OS Command Injection vulnerability in es128 ssl-utils Description: ssl-utils is a Node.js utility for SSL certificates using OpenSSL (generating, verifying, etc.). Affected versions of this package are vulnerable to Remote Code Execution (RCE) via unsanitized shell metacharacters provided to the createCertRequest() and the createCert() functions.

ID: CVE-2022-29797 Title: Buffer Overflow vulnerability in Huawei CV81-WDM FW Description: Because of improper bounds checking, the Huawei CV81-WDM FW is vulnerable to buffer overflow. A remote attacker might overflow a buffer and gain elevated access to the system by sending a carefully crafted request.  
0 (0 Votes)