Understanding your attack surface is key to recognizing what you are defending
SMBs should focus on their attack surface and work on reducing it to the bare minimum required...
Dissecting Google’s Titan M chip: Vulnerability research challenges
The enterprise-grade Titan M security chip was custom built to help protect data.
...
Introducing the book: If It’s Smart, It’s Vulnerable
All our devices and gadgets are going online, just like our computers did.
Once...
5 key things we learned from CISOs of smaller enterprises survey
As business begins its return to normalcy, CISOs at small and medium-size enterprises were asked...
Chinese scammers target kids with promise of extra gaming hours
Yesterday the CAC detailed some of the 12,000 acts of online fraud perpetrated against minors it...
China-linked spies used six backdoors to steal info from defense, industrial enterprise orgs
Beijing-backed cyberspies used specially crafted phishing emails and six different backdoors to...
deBridge Finance crypto platform targeted by Lazarus hackers
Hackers suspected to be from the North Korean Lazarus group tried their luck at stealing...
Vulnerabilities by Risk level (Last 12 months)
Vulnerabilities by Vendor (Last 12 months)
| Vendor | Last 12 months | # |
| 1309 | ||
| Microsoft | 885 | |
| Fedoraproject | 842 | |
| Debian | 692 | |
| Apple | 600 |
Latest Vulnerabilities
-
CVE-2022-27255 - Improper Input Validation vulnerability in Realtek Ecos Msdk Firmware and Ecos Rsdk Firmware
7.5In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP data has a stack-based buffer overflow. This allows an attacker to remotely execute code without...
-
CVE-2022-36880 - Cross-site Scripting vulnerability in Webmin Usermin
4.3The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message.
-
CVE-2022-31208 - Unspecified vulnerability in Infiray Iray-A8Z3 Firmware 1.0.957
9.0An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The webserver contains an endpoint that can execute arbitrary commands by manipulating the cmd_string URL parameter.
-
CVE-2022-31209 - Classic Buffer Overflow vulnerability in Infiray Iray-A8Z3 Firmware 1.0.957
10.0An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The firmware contains a potential buffer overflow by calling strcpy() without checking the string length beforehand.
-
CVE-2022-31210 - Use of Hard-coded Credentials vulnerability in Infiray Iray-A8Z3 Firmware 1.0.957
7.5An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The binary file /usr/local/sbin/webproject/set_param.cgi contains hardcoded credentials to the web application. Because these accounts cannot...
Latest Critical Vulnerabilities
-
CVE-2022-31208 - Unspecified vulnerability in Infiray Iray-A8Z3 Firmware 1.0.957
9.0An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The webserver contains an endpoint that can execute arbitrary commands by manipulating the cmd_string URL parameter.
-
CVE-2022-31209 - Classic Buffer Overflow vulnerability in Infiray Iray-A8Z3 Firmware 1.0.957
10.0An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The firmware contains a potential buffer overflow by calling strcpy() without checking the string length beforehand.
-
CVE-2022-31211 - Weak Password Requirements vulnerability in Infiray Iray-A8Z3 Firmware 1.0.957
10.0An issue was discovered in Infiray IRAY-A8Z3 1.0.957. There is a blank root password for TELNET by default.
-
CVE-2022-20216 - Unspecified vulnerability in Google Android
10.0android exported is used to set third-party app access permissions, and the default value of intent-filter is true. com.sprd.firewall has set exported as true.Product: AndroidVersions: Android...
-
CVE-2022-20222 - Out-of-bounds Write vulnerability in Google Android 12.0/12.1
10.0In read_attr_value of gatt_db.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed....
-
CVE-2022-20229 - Out-of-bounds Write vulnerability in Google Android
10.0In bta_hf_client_handle_cind_list_item of bta_hf_client_at.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional...
-
CVE-2022-20238 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
10.0'remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the...
-
CVE-2022-22041 - Improper Privilege Management vulnerability in Microsoft products
9.0Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22022, CVE-2022-30206, CVE-2022-30226.