Sonatype detects over 245,000 malicious packages
Yearly Archives: 2023
CVE-2022-47893
There is a remote code execution vulnerability that affects all versions of NetMan 204. A remote attacker could upload a firmware file containing a webshell, that could allow him to execute arbitrary code as root.
CVE-2022-47892
All versions of NetMan 204 could allow an unauthenticated remote attacker to read a file (config.cgi) containing sensitive information, like credentials.
CVE-2022-47891
All versions of NetMan 204 allow an attacker that knows the MAC and serial number of the device to reset the administrator password via the legitimate recovery function.
Half of Cybersecurity Professionals Report Increase in Cyber-Attacks
New research by ISACA has found that the cybersecurity skills gap is contributing to businesses’ cybersecurity preparedness
CVE-2023-0828
Cross-site Scripting (XSS) vulnerability in Syslog Section of Pandora FMS allows attacker to cause that users cookie value will be transferred to the attackers users server. This issue affects Pandora FMS v767 version and prior versions on all platforms.
CVE-2022-46841
Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Oxygen Builder plugin <=Â 4.4 versions.
Hacking Gas Pumps via Bluetooth
Turns out pumps at gas stations are controlled via Bluetooth, and that the connections are insecure. No details in the article, but it seems that it’s easy to take control of the pump and have it dispense gas without requiring payment.
It’s a complicated crime to monetize, though. You need to sell access to the gas pump to others.
oneVPL-2023.3.1-1.fc38 oneVPL-intel-gpu-23.3.4-2.fc38
FEDORA-2023-b6aab4f954
Packages in this update:
oneVPL-2023.3.1-1.fc38
oneVPL-intel-gpu-23.3.4-2.fc38
Update description:
Update oneVPL and oneVPL-intel-gpu to latest releases. Fixes CVE-2023-22338 and CVE-2023-22840. No ABI changes.
oneVPL-2023.3.1-1.fc37 oneVPL-intel-gpu-23.3.4-2.fc37
FEDORA-2023-760e5eb2c6
Packages in this update:
oneVPL-2023.3.1-1.fc37
oneVPL-intel-gpu-23.3.4-2.fc37
Update description:
Update oneVPL and oneVPL-intel-gpu to latest releases. Fixes CVE-2023-22338 and CVE-2023-22840. No ABI changes.