F5 BIG-IP command execution | CVE-2022-28695
NAME F5 BIG-IP command execution Platforms Affected:F5 BIG-IP 13.1.0 F5 BIG-IP 14.1.0 F5 BIG-IP 15.1.0 F5 BIG-IP 14.1.4 F5 BIG-IP...
Month: May 2022
Fortinet FortiIsolator weak security | CVE-2021-41020
NAME Fortinet FortiIsolator weak security Platforms Affected:Fortinet FortiIsolator 2.3.2Risk Level:8.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Fortinet FortiIsolator could provide weaker than expected security,...
Node.js hl7.fhir.r3.core module code execution |
NAME Node.js hl7.fhir.r3.core module code execution Platforms Affected:Node.js hl7.fhir.r3.coreRisk Level:9.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Node.js hl7.fhir.r3.core module could allow a remote attacker...
F5 BIG-IP (Advanced WAF, APM, ASM) and Guided Configuration (GC) security bypass | CVE-2022-25946
NAME F5 BIG-IP (Advanced WAF, APM, ASM) and Guided Configuration (GC) security bypass Platforms Affected:F5 BIG-IP (APM) 14.1.0 F5 BIG-IP...
F5 BIG-IP (AFM, CGNAT, PEM) cross-site scripting | CVE-2022-28716
NAME F5 BIG-IP (AFM, CGNAT, PEM) cross-site scripting Platforms Affected:F5 BIG-IP (AFM) 15.1.0 F5 BIG-IP (PEM) 15.1.0 F5 BIG-IP (PEM)...
Johnson Controls Metasys security bypass | CVE-2022-21934
NAME Johnson Controls Metasys security bypass Platforms Affected:Johnson Controls Metasys 10 Johnson Controls Metasys 11Risk Level:8Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION Johnson Controls...
Node.js nodejs-gcloud-pubsub-module module code execution |
NAME Node.js nodejs-gcloud-pubsub-module module code execution Platforms Affected:Node.js nodejs-gcloud-pubsub-moduleRisk Level:8.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Node.js nodejs-gcloud-pubsub-module module could allow a remote attacker...
Node.js onboarding-setup-guide module code execution |
NAME Node.js onboarding-setup-guide module code execution Platforms Affected:Node.js onboarding-setup-guideRisk Level:8.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Node.js onboarding-setup-guide module could allow a remote attacker...
Node.js realtime-react module code execution |
NAME Node.js realtime-react module code execution Platforms Affected:Node.js realtime-reactRisk Level:8.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Node.js realtime-react module could allow a remote attacker...
Node.js atsorare-marketplace/components module code execution |
NAME Node.js atsorare-marketplace/components module code execution Platforms Affected:Node.js @sorare-marketplace/componentsRisk Level:8.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Node.js atsorare-marketplace/components module could allow a remote attacker...
Node.js ui-extensions-server-kit module code execution |
NAME Node.js ui-extensions-server-kit module code execution Platforms Affected:Node.js ui-extensions-server-kitRisk Level:8.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Node.js ui-extensions-server-kit module could allow a remote attacker...
Node.js ctct-theme module code execution |
NAME Node.js ctct-theme module code execution Platforms Affected:Node.js ctct-themeRisk Level:8.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Node.js ctct-theme module could allow a remote attacker...
python-libnmap package for Python command execution | CVE-2022-30284
NAME python-libnmap package for Python command execution Platforms Affected:Python python-libnmap 0.7.2Risk Level:9Exploitability:UnprovenConsequences:Gain Access DESCRIPTION python-libnmap package for Python could allow...
Tenda HG6 formPing command execution |
NAME Tenda HG6 formPing command execution Platforms Affected:Tenda HG6 3.3.0Risk Level:8.8Exploitability:Proof of ConceptConsequences:Gain Access DESCRIPTION Tenda HG6 could allow a...
Talend Administration Center privilege escalation | CVE-2022-29943
NAME Talend Administration Center privilege escalation Platforms Affected:Talend Talend Administration Center 8.0.0 Talend Talend Administration Center 7.3.0 Talend Talend Administration...
Node.js af-mason module code execution |
NAME Node.js af-mason module code execution Platforms Affected:Node.js af-masonRisk Level:8.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Node.js af-mason module could allow a remote attacker...
Node.js realtime-react-ui module code execution |
NAME Node.js realtime-react-ui module code execution Platforms Affected:Node.js realtime-react-uiRisk Level:8.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Node.js realtime-react-ui module could allow a remote attacker...
Scout server-side request forgery | CVE-2022-1592
NAME Scout server-side request forgery Platforms Affected:Clinical Genomics Scout 4.41 Clinical Genomics Scout 4.40.1 Clinical Genomics Scout 4.40Risk Level:9.4Exploitability:Proof of...
Node.js clientlib-manifests module code execution |
NAME Node.js clientlib-manifests module code execution Platforms Affected:Node.js clientlib-manifestsRisk Level:8.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Node.js clientlib-manifests module could allow a remote attacker...
Node.js af-test module code execution |
NAME Node.js af-test module code execution Platforms Affected:Node.js af-testRisk Level:8.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Node.js af-test module could allow a remote attacker...
Node.js atmunters/calculations module code execution |
NAME Node.js atmunters/calculations module code execution Platforms Affected:Node.js @munters/calculationsRisk Level:8.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Node.js atmunters/calculations module could allow a remote attacker...
MediaTek Android privilege escalation | CVE-2022-20093
NAME MediaTek Android privilege escalation Platforms Affected:MediaTek AndroidRisk Level:8.4Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION MediaTek Android could allow a local attacker to gain...
Ransomware: April 2022 review
The Malwarebytes Threat Intelligence team monitors the threat landscape continuously and produces monthly ransomware reports based on a mixture of...
Ukraine IT Army hit EGAIS portal impacting Russia’s alcohol distribution
Ukraine IT Army launched massive DDoS attacks on the EGAIS portal that has a crucial role in Russia’s alcohol distribution....
