This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability.
Category Archives: Advisories
ZDI-22-1458: GNU Gzip zgrep Argument Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GNU Gzip. Interaction with this script is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
ZDI-22-1457: Linux Kernel nftables Uninitialized Variable Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.
ZDI-22-1456: LibreOffice Exposed Dangerous Function Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of LibreOffice. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-1455: (Pwn2Own) Kepware KEPServerEX Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX. Authentication is not required to exploit this vulnerability.
ZDI-22-1454: (Pwn2Own) Kepware KEPServerEX Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX. Authentication is not required to exploit this vulnerability.
ZDI-22-1453: Delta Industrial Automation DIAEnergie Use Of Hard-Coded Credentials Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of Delta Industrial Automation DIAEnergie. Authentication is not required to exploit this vulnerability.
moby-engine-20.10.20-1.fc37
FEDORA-2022-2c33bba286
Packages in this update:
moby-engine-20.10.20-1.fc37
Update description:
Update to 20.10.20.
Mitigates CVE-2022-39253
moby-engine-20.10.20-1.fc36
FEDORA-2022-12790ca71a
Packages in this update:
moby-engine-20.10.20-1.fc36
Update description:
Update to 20.10.20.
Mitigates CVE-2022-39253
Multiple Vulnerabilities in Mozilla Firefox and Firefox ESR Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Mozilla Firefox and Firefox ESR, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.