Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-30262PUBLISHED: 2022-08-17
The Emerson ControlWave 'Next Generation' RTUs through 2022-05-02 mishandle firmware integrity. They utilize the BSAP-IP protocol to transmit firmware updates. Firmware updates are supplied as CAB archive files containing a binary firmware image. In all cases, firmware images were found to have no a...
CVE-2022-31262PUBLISHED: 2022-08-17
An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. Due to insufficient folder permissions, an attacker can hijack the %ProgramData%\GOG.com folder structure and change the GalaxyCommunication service executable to a malicious file, resulting in code execution as SYS...
CVE-2022-36186PUBLISHED: 2022-08-17A Null Pointer dereference vulnerability exists in GPAC 2.1-DEV-revUNKNOWN-master via the function gf_filter_pid_set_property_full () at filter_core/filter_pid.c:5250,which causes a Denial of Service (DoS). This vulnerability was fixed in commit b43f9d1.
CVE-2022-36190PUBLISHED: 2022-08-17GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free vulnerability in function gf_isom_dovi_config_get. This vulnerability was fixed in commit fef6242.
CVE-2022-38149PUBLISHED: 2022-08-17HashiCorp Consul Template through 0.29.1 inserts Sensitive Information into a Log File.