CVE-2022-31366 An arbitrary file upload vulnerability in api_labs.php of EVE-NG 2.0.3-112 Community allows attackers to execute arbitrary code.
The available UNL files are specified in the code, allowing an attacker to control the code that gets executed, leading to a full compromise of
CVE-2022-41835 F5OS older versions have a security bug where some commands are allowed if the attacker is authenticated.
This issue was addressed by updating the F5OS to version 1.1.1 which now enforces a minimum of 664 permissions when creating containers. Additionally,
CVE-2022-41617 An authenticated remote code execution vulnerability exists in the BIG-IP iControl REST API in versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1.
An attacker can exploit this by establishing a REST request to the iControl REST interface. An authenticated remote code execution vulnerability exists in the Advanced
CVE-2022-43025 Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to have a stack overflow via the startIp parameter.
An attacker could exploit this vulnerability to execute code of their choice on the device. Tenda TX3 devices running Tenda Smart WiFi App V16.03.
CVE-2022-1414 3scale API Management 2 does not perform adequate sanitation for user input in multiple fields
Google engineers acknowledged the issue and stated that the team is working to update the software to prevent these types of attacks in the future.
Episode
00:00:00
00:00:00