yaracroft @venom@nanao.cybtex.fr

CVE-2022-26134 - Critical severity unauthenticated Remote Code Execution vulnerability in Confluence Server and Data Center.

#vuln #cyber #software #threats #informatique

It's a zero day allowing code execution in Office products.

#vuln #microsoft #office #word #cyber #powershell #threats #informatique

https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e

CVE-2022-22972 - vRealize Automation 7.6 : this vulnerability allows an attacker to login as any known local user. #vuln #vmware #cyber #threats #informatique

https://www.horizon3.ai/vmware-authentication-bypass-vulnerability-cve-2022-22972-technical-deep-dive/

• POC

🇪🇺 PRECINT (precinct.info) #europe #infrastructure #framework #101021668 #cyber #h2020 #cluster #resilience #digital #innovative #smart #scada #hybrid #threats #models #ict #business #consortium #partnership #solutions #seriousgame #economy #isc #strategic #defense #telecom #systems #networks #research #future #emergency #security #management #agenda #engineers #vuln #workshop #partners #services #informatique

https://www.youtube.com/watch?v=PUbOv0ydUJA

🇫🇷 SantExpo2022 [ CERT Santé ] Etat des lieux de la menace cyber et activités de prévention #france #cyber #crises #care #ransomware #ddos #hospital #databreach #santé #digital #report #vpn #microsoft #mail #exchange #threats #malware #medical #numérique #innovative #technologies #solution #vuln #security #esanté #cert #informatique

https://www.youtube.com/watch?v=5G4ultVqukM

• CVE-2022-1802 : Prototype pollution in Top-Level Await implementation

• CVE-2022-1529 : Untrusted input used in JavaScript object indexing, leading to prototype pollution

#vuln #browser #mozilla #firefox #software #javascript #web #technologies #cyber #threats #informatique

https://www.mozilla.org/en-US/security/advisories/mfsa2022-19/

CVE-2022–26809 smb authentication issue when calling EfsRpcDecryptFileSrv() has not been resolved. #vuln #cyber #windows #threats #informatique

https://medium.com/@knownsec404team/recurrence-and-analysis-of-rpc-high-risk-vulnerability-cve-2022-26809-7851cc88f81c

CVE-2022-27224 : Vulnerability in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12. A low privilege authenticated attacker can perform command injection as the root user. #vuln #gps #firmware #ntp #networks #devices #web #management #threats #informatique

https://www.pentestpartners.com/security-blog/galleon-nts-6002-gps-command-injection-vulnerability-cve-2022-27224/

CVE-2021-3929/CVE-2021-3947 : Recursive MMIO VM QEMU Escape PoC #cyber #threats #vuln #informatique
https://github.com/QiuhaoLi/CVE-2021-3929-3947

BLE Proximity Authentication vulnerable to relay attacks #vuln #bluetooth #signal #technologies #devices #ble #communications #informatique

https://research.nccgroup.com/2022/05/15/technical-advisory-ble-proximity-authentication-vulnerable-to-relay-attacks/

Tesla (tesla.com) BLE Phone-as-a-Key Passive Entry vulnerable to relay attacks #vuln #bluetooth #signal #crypto #weakness #vehicles #technologies #devices #smart #cars #automotive #ble #wifi #internet #network #communications #informatique

https://research.nccgroup.com/2022/05/15/technical-advisory-tesla-ble-phone-as-a-key-passive-entry-vulnerable-to-relay-attacks/

Kwikset (kwikset.com) & Weiser (weiserlock.com) BLE Proximity Authentication in Kevo Smart Locks vulnerable to relay attacks #vuln #bluetooth #signal #crypto #smart #weakness #technologies #devices #ble #communications #informatique

https://research.nccgroup.com/2022/05/15/technical-advisory-kwikset-weiser-ble-proximity-authentication-in-kevo-smart-locks-vulnerable-to-relay-attacks/

Microsoft probes complaints of domain controller headaches

Windows update breaks authentication for some server admins

#vuln #microsft #windows #informatique

https://www.theregister.com/2022/05/12/windows_server_update_authentication_errors/

CVE-2022-1552 ( CVSS 8.8 ) - Security vulnerability in PostgreSQL

#vuln #threats #informatique

https://www.postgresql.org/support/security/CVE-2022-1552/

🔥 Intel Security Advisories

#vuln #intel #hardware #bios #uefi #software #firmware #chips #technologies #threats #informatique

https://www.intel.com/content/www/us/en/security-center/default.html

CVE-2022–26923 This vulnerability allowed a low-privileged user to escalate privileges to domain administrator in a default Active Directory environment with the Active Directory Certificate Services server role installed. #vuln #microsoft #windows #cyber #threats #informatique

https://research.ifcr.dk/9e098fe298f4

🚩 Wild West Hackin Fest (wildwesthackinfest.com)

Statikk Shiv

Leveraging Electron (electronjs.org) Applications For Post-Exploitation

• 🎬 Demo 1
• 🎬 Demo 2
• 🎬 Demo 3
• 🎬 Demo 4
• 🎬 Demo 5
• 🎬 Demo 6

#infosec #cyber #vuln #application #software #threats #informatique

📰 https://raw.githubusercontent.com/FuzzySecurity/WWHF-WayWest-2022/main/WWHF_StatikkShiv_v1.0.pdf

🚨 CVE-2022-27588 - QNAP VS Series NVR running QVR : this vulnerability allows remote attackers to run arbitrary commands. #vuln #cyber #networks #threats #informatique

https://www.qnap.com/en/security-advisory/qsa-22-07

CVE-2022-1388 - A vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system to execute arbitrary system commands. #vuln #cyber #networks #threats #informatique

https://support.f5.com/csp/article/K23605346

TLStorm 2 - NanoSSL TLS library misuse leads to 5 vulnerabilities in the implementation of TLS communications in multiple models of Aruba and Avaya switches. #vuln #cyber #networks #threats #informatique

https://www.armis.com/blog/tlstorm-2-nanossl-tls-library-misuse-leads-to-vulnerabilities-in-common-switches/