It was discovered that Twisted incorrectly filtered HTTP headers when clients
are being redirected to another origin. A remote attacker could use this issue
to obtain sensitive information. (CVE-2022-21712)
It was discovered that Twisted incorrectly processed SSH handshake data on
connection establishments. A remote attacker could use this issue to cause
Twisted to crash, resulting in a denial of service. (CVE-2022-21716)
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view, change, or delete data. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.
Yubico ykneo-openpgp before 1.0.10 has a typo in which an invalid PIN can be used. When first powered up, a signature will be issued even though the PIN has not been validated.
Shodan is a search engine for everything on the internet — web cams, water treatment facilities, yachts, medical devices, traffic lights, wind turbines, license plate readers, smart TVs, refrigerators, anything and everything you could possibly imagine that’s plugged into the internet (and often shouldn’t be). Google and other search engines, by comparison, index only the web.
The best way to understand what Shodan does is to read founder John Matherly’s book on the subject. The basic algorithm is short and sweet:
1. Generate a random IPv4 address 2. Generate a random port to test from the list of ports that Shodan understands 3. Check the random IPv4 address on the random port and grab a banner 4. Goto 1
