This vulnerability allows remote attackers to disclose sensitive information on affected installations of Rockwell Automation Connected Components Workbench. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Category Archives: Advisories
ZDI-22-584: Rockwell Automation Connected Components Workbench ccwsln File Parsing XML External Entity Processing Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Rockwell Automation Connected Components Workbench. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Post Title
A vulnerability has been discovered in Google Chrome that could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view, change, or delete data.
CVE-2020-28062
An Access Control vulnerability exists in HisiPHP 2.0.11 via special packets that are constructed in $files = Dir::getList($decompath. ‘/ Upload/Plugins /, which could let a remote malicious user execute arbitrary code.
Post Title
A vulnerability has been discovered in Trend Micro Apex Central which could allow for arbitrary file upload. Trend Micro Apex Central is a web-based console that provides centralized management for Trend Micro products and services at the gateway, mail server, file server, and corporate desktop levels. Successful exploitation of this vulnerability could result in arbitrary file upload which could allow a remote attacker to execute arbitrary code. Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights.
Post Title
A vulnerability has been discovered in versions of Zyxel Firewall’s CGI program which could allow for authentication bypass. Zyxel Firewall is a next generation firewall product which enables users to manage, detect and respond to threats on the network. Successful exploitation of this vulnerability could allow an attacker to bypass authentication and obtain administrative access to the device. Malicious actors with administrative access may be able to view, change, or delete sensitive data.
containerd-1.6.2-1.fc36
FEDORA-2022-eda0049dd7
Packages in this update:
containerd-1.6.2-1.fc36
Update description:
Update to 1.6.2 (rhbz#2068277). Mitigates CVE-2022-24769 / GHSA-c9cp-9c75-9v8c.
containerd-1.6.2-2.fc34
FEDORA-2022-ed53f2439a
Packages in this update:
containerd-1.6.2-2.fc34
Update description:
Update to 1.6.2 (rhbz#2068277). Mitigates CVE-2022-24769 / GHSA-c9cp-9c75-9v8c.
containerd-1.6.2-1.fc35
FEDORA-2022-e9a09c1a7d
Packages in this update:
containerd-1.6.2-1.fc35
Update description:
Update to 1.6.2 (rhbz#2068277). Mitigates CVE-2022-24769 / GHSA-c9cp-9c75-9v8c.
fish-3.4.1-1.fc36
FEDORA-2022-443c5ec2dd
Packages in this update:
fish-3.4.1-1.fc36
Update description:
Update to 3.4.1