CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-30276
https://notcve.org/view.php?id=CVE-2022-30276
The Motorola MOSCAD and ACE line of RTUs through 2022-05-02 omit an authentication requirement. ... Motorola MOSCAD and ACE line of RTUs versiones hasta 02-05-2022, omiten un requisito de autenticación. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-04 https://www.forescout.com/blog • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-30270
https://notcve.org/view.php?id=CVE-2022-30270
Access to this interface is controlled by 5 preconfigured accounts (root, abuilder, acelogin, cappl, ace), all of which come with default credentials. Although the ACE1000 documentation mentions the root, abuilder and acelogin accounts and instructs users to change the default credentials, the cappl and ace accounts remain undocumented and thus are unlikely to have their credentials changed. ... El acceso a esta interfaz está controlado por 5 cuentas preconfiguradas (root, abuilder, acelogin, cappl, ace), todas ellas con credenciales por defecto. Aunque la documentación del ACE1000 menciona las cuentas root, abuilder y acelogin e instruye a usuarios para que cambien las credenciales por defecto, las cuentas cappl y ace permanecen sin documentar y, por lo tanto, es poco probable que sean cambiadas sus credenciales • https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-06 https://www.forescout.com/blog • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-30275
https://notcve.org/view.php?id=CVE-2022-30275
It utilizes an MDLC driver to communicate with MOSCAD/ACE RTUs for engineering purposes. ... Usa un controlador MDLC para comunicarse con las RTU de MOSCAD/ACE con fines de ingeniería. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-05 https://www.forescout.com/blog • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 9.8EPSS: 3%CPEs: 5EXPL: 1CVE-2022-35649
https://notcve.org/view.php?id=CVE-2022-35649
The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running GhostScript versions older than 9.50. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system. La vulnerabilidad fue encontrada en Moodle, ocurre debido a una comprobación de entrada inapropiada cuando se analiza el código PostScript. Un parámetro de ejecución omitido resulta en un riesgo de ejecución de código remota para los sitios que ejecutan versiones de GhostScript anteriores a 9.50. • https://github.com/antoinenguyen-09/CVE-2022-35649 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75044 https://bugzilla.redhat.com/show_bug.cgi?id=2106273 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6MOKYVRNFNAODP2XSMGJ5CRDUZCZKAR3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTKUSFPSYFINSQFSOHDQIDVE6FWBEU6V https://moodle.org/mod/forum/discuss.php?d=436456 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 2CVE-2020-7677 – Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2020-7677
This affects the package thenify before 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sanitization. Esto afecta al paquete thenify antes de la versión 3.3.1. El argumento del nombre proporcionado al paquete puede ser controlado por los usuarios sin ningún tipo de sanitización, y este es proporcionado a la función eval sin ninguna sanitización • https://github.com/thenables/thenify/blob/master/index.js%23L17 https://github.com/thenables/thenify/commit/0d94a24eb933bc835d568f3009f4d269c4c4c17a https://lists.debian.org/debian-lts-announce/2022/09/msg00039.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTEUUTNIEBHGKUKKLNUZSV7IEP6IP3Q3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UM6XJ73Q3NAM5KSGCOKJ2ZIA6GUWUJLK https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-572317 https://secu •