Aggregator

A vulnerability was found in Hasura GraphQL Engine up to 2.15.1. It has been rated as critical. This issue affects some unknown processing of the component Update Many API Handler. The manipulation leads to improper authorization. The identification of this vulnerability is CVE-2022-46792. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Aruba AirWave Management Platform up to 8.2.15.0. This affects an unknown part of the component Web-based Management Interface. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2022-37916. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in Aruba AirWave Management Platform up to 8.2.15.0 and classified as critical. This vulnerability affects unknown code of the component Web-based Management Interface. The manipulation leads to improper access controls. This vulnerability was named CVE-2022-37917. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Aruba AirWave Management Platform up to 8.2.15.0 and classified as critical. This issue affects some unknown processing of the component Web-based Management Interface. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2022-37918. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in OpenShift. This issue affects some unknown processing of the component Response Header Handler. The manipulation leads to improper restriction of rendered ui layers. The identification of this vulnerability is CVE-2022-3260. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in OpenShift. Affected is an unknown function of the component DNSPolicy Handler. The manipulation leads to insecure default variable initialization. This vulnerability is traded as CVE-2022-3262. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as critical has been found in Tenda A18 15.13.07.09. This affects an unknown part of the file /goform/WifiBasicSet. The manipulation of the argument security_5g leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2022-44931. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability classified as critical was found in Tenda W6-S 1.0.0.4. This vulnerability affects the function tpi_get_ping_output of the file /goform/exeCommand. The manipulation leads to command injection. This vulnerability was named CVE-2022-45497. The attack can only be done within the local network. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Tenda W6-S 1.0.0.4. This issue affects some unknown processing of the file /goform/WifiMacFilterGet. The manipulation of the argument wl_radio leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2022-45499. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability, which was classified as critical, was found in Tenda W6-S 1.0.0.4. Affected is an unknown function of the file /goform/wifiSSIDset. The manipulation of the argument wl_radio leads to stack-based buffer overflow. This vulnerability is traded as CVE-2022-45501. The attack needs to be done within the local network. There is no exploit available.

A vulnerability has been found in Tenda W6-S 1.0.0.4 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/setAutoPing. The manipulation of the argument linkEn leads to stack-based buffer overflow. This vulnerability is known as CVE-2022-45503. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability was found in Tenda A18 15.13.07.09. It has been classified as critical. Affected is an unknown function of the component Telnet Service. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2022-44932. Access to the local network is required for this attack. There is no exploit available.

A vulnerability was found in Tenda W6-S 1.0.0.4. It has been declared as problematic. Affected by this vulnerability is the function tpi_systool_handle of the file /goform/SysToolReboot. The manipulation leads to denial of service. This vulnerability is known as CVE-2022-45498. Access to the local network is required for this attack to succeed. There is no exploit available.

Как конклав защищается от утечек информации о выборах.

i-PRO株式会社が提供する複数のi-PRO設定ツールには、ハードコードされた暗号鍵の使用の脆弱性が存在します。

HackerNews 编译，转载请注明出处： 加利福尼亚州非营利健康保险机构蓝盾（Blue Shield of California）近日声明，因Google分析与广告平台配置错误导致470万会员的受保护健康信息泄露。该机构服务全州近600万会员，其官网发布的通报显示数据泄露时间为2021年4月至2024年1月。 美国卫生与公众服务部数据泄露门户网站更新信息证实，此次事件影响470万人的敏感健康数据。蓝盾表示，泄露源于部分官网Google Analytics配置错误，可能导致数据被共享至Google广告平台及第三方广告商。 官方声明指出：“2025年2月11日发现，2021年4月至2024年1月期间，Google Analytics配置允许将含受保护健康信息的会员数据共享至Google广告产品。Google可能利用这些数据对受影响会员实施精准广告投放。” 暴露数据类型包括： 保险计划名称、类型及团体编号 所在城市与邮政编码 性别与家庭规模 蓝盾会员账户识别码 医疗索赔服务日期、服务商名称、患者姓名及自付费用 “寻找医生”功能搜索条件与结果（含位置、计划信息、医疗提供方信息） 蓝盾强调社会安全号、驾照号、银行账户及信用卡信息未受影响，但仍建议会员密切监控账户动态与信用报告。目前机构未提供身份盗窃保护服务，尚不清楚是否会向受影响会员寄送个别通知。 这是加州蓝盾一年内披露的第二起重大网络安全事件。2024年该机构软件服务商Connexure（原Young Consulting）遭BlackSuit勒索软件组织入侵，导致近百万会员数据被盗。     消息来源：Bleeping Computer； 本文由 HackerNews.cc 翻译整理，封面来源于网络；  转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability classified as critical was found in Dozer. Affected by this vulnerability is an unknown functionality of the component Type Conversion. The manipulation as part of Serialized Object leads to deserialization. This vulnerability is known as CVE-2014-9515. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in Adobe Acrobat Reader up to 2015.006.30417/2017.011.30079/2018.011.20038. This issue affects some unknown processing of the component NTLM SSO Hash Handler. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2018-4993. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Joomla CMS 3.7.0. Affected is an unknown function. The manipulation leads to sql injection. This vulnerability is traded as CVE-2017-8917. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in systemd up to v233. This issue affects some unknown processing of the component Username Handler. The manipulation with the input 0example leads to improper privilege management. The identification of this vulnerability is CVE-2017-1000082. The attack needs to be approached locally. Furthermore, there is an exploit available. It is recommended to change the configuration settings.