Skip to content
Security Without Compromise
  • Home
  • Cyber Security Services
    • Incident Response
    • Penetration Testing
    • Security Training
    • Secure Code Review
  • Cyber Security Solutions
    • Deception Technology
    • Threat Protection
    • Information Protection
    • Risk Analytics
  • Managed Security Services
    • NextGen Anti-Virus
    • Anti-Ransomware
    • Log Management
    • Threat Hunting as a Service (THaaS)
  • Resources
    • Datasheets & Tech Notes
    • Case Studies & White Papers
    • Blog
    • Video and Podcasts
    • News
  • Contact Us
Menu
  • Home
  • Cyber Security Services
    • Incident Response
    • Penetration Testing
    • Security Training
    • Secure Code Review
  • Cyber Security Solutions
    • Deception Technology
    • Threat Protection
    • Information Protection
    • Risk Analytics
  • Managed Security Services
    • NextGen Anti-Virus
    • Anti-Ransomware
    • Log Management
    • Threat Hunting as a Service (THaaS)
  • Resources
    • Datasheets & Tech Notes
    • Case Studies & White Papers
    • Blog
    • Video and Podcasts
    • News
  • Contact Us
RSS VUNERABILITIES
  • CVE-2022-42484 January 30, 2023
    An OS command injection vulnerability exists in the httpd logs/view.cgi functionality of FreshTomato 2022.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability.
  • CVE-2022-38451 January 30, 2023
    A directory traversal vulnerability exists in the httpd update.cgi functionality of FreshTomato 2022.5. A specially crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability.
  • CVE-2022-2988 January 30, 2023
    A CWE-787: Out-of-bounds Write vulnerability exists that could cause sensitive information leakage when accessing a malicious web page from the commissioning software. Affected Products: SoMachine HVAC(V2.1.0 and prior), EcoStruxure Machine Expert – HVAC(V1.4.0 and prior).
  • CVE-2023-0474 January 30, 2023
    Use after free in GuestView in Google Chrome prior to 109.0.5414.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a Chrome web app. (Chromium security severity: Medium)
  • CVE-2023-0472 January 30, 2023
    Use after free in WebRTC in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
  • CVE-2023-0471 January 30, 2023
    Use after free in WebTransport in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
  • CVE-2023-0473 January 30, 2023
    Type Confusion in ServiceWorker API in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
  • CVE-2022-46359 January 30, 2023
    Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.
  • CVE-2022-46358 January 30, 2023
    Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.
  • CVE-2022-46357 January 30, 2023
    Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.
  • CVE-2022-46356 January 30, 2023
    Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.
  • CVE-2023-22333 January 30, 2023
    Cross-site scripting vulnerability in EasyMail 2.00.130 and earlier allows a remote unauthenticated attacker to inject an arbitrary script.
  • CVE-2023-22332 January 30, 2023
    Information disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4.1 (4.4 series), 4.3.0 to 4.3.4 (4.3 series), 4.2.0 to 4.2.11 (4.2 series), 4.1.0 to 4.1.14 (4.1 series), 4.0.0 to 4.0.21 (4.0 series), All versions of 3.7 series, All versions of 3.6 series, All versions of 3.5 series, All versions of 3.4 series, and All versions of […]
  • CVE-2023-22322 January 30, 2023
    Improper restriction of XML external entity reference (XXE) vulnerability exists in OMRON CX-Motion Pro 1.4.6.013 and earlier. If a user opens a specially crafted project file created by an attacker, sensitive information in the file system where CX-Motion Pro is installed may be disclosed.
  • CVE-2023-22324 January 30, 2023
    SQL injection vulnerability in the CONPROSYS HMI System (CHS) Ver.3.5.0 and earlier allows a remote authenticated attacker to execute an arbitrary SQL command. As a result, information stored in the database may be obtained.
  • CVE-2023-24622 January 30, 2023
    isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF.
  • CVE-2022-25936 January 30, 2023
    Versions of the package servst before 2.0.3 are vulnerable to Directory Traversal due to improper sanitization of the filePath variable.
  • CVE-2022-25967 January 30, 2023
    Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution (RCE) by overwriting template engine configuration variables with view options received from The Express render API. **Note:** This is exploitable only for users who are rendering templates with user-defined data.
  • CVE-2023-24623 January 30, 2023
    Paranoidhttp before 0.3.0 allows SSRF because [::] is equivalent to the 127.0.0.1 address, but does not match the filter for private addresses.
  • CVE-2022-48303 January 30, 2023
    GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.
LATEST POSTS
EVENTS
CONTACT US
info@ipresidium.com
Office: (949) 721-6612
Fax: (866) 205-2904
620 Newport Center Dr. STE 1100
Newport Beach, CA 92660
Career Opportunities
COPYRIGHT © iPRESIDIUM 2020 | Privacy Policy | Careers
Envelope Facebook Twitter Linkedin