β Home routers with NetUSB support could have critical kernel hole β
π Read
via "Naked Security".
Got a router that supports USB access across the network? You might need a kernel update...π Read
via "Naked Security".
Naked Security
Home routers with NetUSB support could have critical kernel hole
Got a router that supports USB access across the network? You might need a kernel updateβ¦
π΄ Remotely Exploitable NetUSB Flaw Puts Millions of Devices at Risk π΄
π Read
via "Dark Reading".
A vulnerability in a third-party component used by many networking firms puts consumer and small business routers at risk for remote exploitation.π Read
via "Dark Reading".
Dark Reading
Remotely Exploitable NetUSB Flaw Puts Millions of Devices at Risk
A vulnerability in a third-party component used by many networking firms puts consumer and small business routers at risk for remote exploitation.
π΄ Why the Insider Threat Will Motivate Cyber and Physical Teams to Collaborate More Than Ever in 2022 π΄
π Read
via "Dark Reading".
It's hard to have a crystal ball in the world of security, but if one were to make a safe prediction, it's this: Organizations will need to further integrate their cybersecurity and physical security functions throughout 2022 and beyond. So argues former chief psychologist for the US Secret Service, Dr. Marisa Randazzo, who now heads up Ontic's Center of Excellence.π Read
via "Dark Reading".
Dark Reading
Why the Insider Threat Will Motivate Cyber and Physical Teams to Collaborate More Than Ever in 2022
It's hard to have a crystal ball in the world of security, but if one were to make a safe prediction, it's this: Organizations will need to further integrate their cybersecurity and physical security functions throughout 2022 and beyond. So argues formerβ¦
βΌ CVE-2022-0129 βΌ
π Read
via "National Vulnerability Database".
Uncontrolled search path element vulnerability in McAfee TechCheck prior to 4.0.0.2 allows a local administrator to load their own Dynamic Link Library (DLL) gaining elevation of privileges to system user. This was achieved through placing the malicious DLL in the same directory that the process was run from.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0173 βΌ
π Read
via "National Vulnerability Database".
radare2 is vulnerable to Out-of-bounds Readπ Read
via "National Vulnerability Database".
βΌ CVE-2021-38991 βΌ
π Read
via "National Vulnerability Database".
IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the lscore command which could lead to code execution. IBM X-Force ID: 212953.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29701 βΌ
π Read
via "National Vulnerability Database".
IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 as well as IBM Rational Team Concert 6.0.6 and 6.0.6.1 could allow an authneticated attacker to obtain sensitive information from build definitions that could aid in further attacks against the system. IBM X-Force ID: 200657.π Read
via "National Vulnerability Database".
π΄ FBI, NSA & CISA Issue Advisory on Russian Cyber Threat to US Critical Infrastructure π΄
π Read
via "Dark Reading".
Advisory explains how to detect, respond to, and mitigate cyberattacks from Russian state-sponsored hacking groups.π Read
via "Dark Reading".
Dark Reading
FBI, NSA & CISA Issue Advisory on Russian Cyber Threat to US Critical Infrastructure
Advisory explains how to detect, respond to, and mitigate cyberattacks from Russian state-sponsored hacking groups.
π΄ Details Released on SonicWall Flaws in SMA Devices π΄
π Read
via "Dark Reading".
The most serious of the five vulnerabilities disclosed today can lead to unauthenticated remote code execution on affected devices.π Read
via "Dark Reading".
Dark Reading
Details Released on SonicWall Flaws in SMA-100 Devices
The most serious of the five vulnerabilities disclosed today can lead to unauthenticated remote code execution on affected devices.
β WordPress Bugs Exploded in 2021, Most Exploitable β
π Read
via "Threat Post".
Record-number WordPress plugin vulnerabilities are wicked exploitable even with low CVSS scores, leaving security teams blind to their risk.π Read
via "Threat Post".
Threat Post
WordPress Bugs Exploded in 2021, Most Exploitable
Record-number WordPress plugin vulnerabilities are wicked exploitable even with low CVSS scores, leaving security teams blind to their risk.
β MacOS Bug Could Let Creeps Snoop On You β
π Read
via "Threat Post".
The flaw could allow attackers to bypass Privacy preferences, giving apps with no right to access files, microphones or cameras the ability to record you or grab screenshots.π Read
via "Threat Post".
Threat Post
MacOS Bug Could Let Creeps Snoop On You
The flaw could allow attackers to bypass Privacy preferences, giving apps with no right to access files, microphones or cameras the ability to record you or grab screenshots.
βΌ CVE-2021-43973 βΌ
π Read
via "National Vulnerability Database".
An unrestricted file upload vulnerability in /UploadPsIcon.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to upload an arbitrary file via the file parameter in the HTTP POST body. A successful request returns the absolute, server-side filesystem path of the uploaded file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43974 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in SysAid ITIL 20.4.74 b10. The /enduserreg endpoint is used to register end users anonymously, but does not respect the server-side setting that determines if anonymous users are allowed to register new accounts. Configuring the server-side setting to disable anonymous user registration only hides the client-side registration form. An attacker can still post registration data to create new accounts without prior authentication.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43053 βΌ
π Read
via "National Vulnerability Database".
The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a difficult to exploit vulnerability that allows an unauthenticated attacker with network access to obtain the cluster secret of another application connected to the realm server. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Community Edition: versions 6.7.2 and below, TIBCO FTL - Developer Edition: versions 6.7.2 and below, and TIBCO FTL - Enterprise Edition: versions 6.7.2 and below.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43054 βΌ
π Read
via "National Vulnerability Database".
The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains an easily exploitable vulnerability that allows a low privileged attacker with network access to generate API tokens that can access any other channel with arbitrary permissions. Affected releases are TIBCO Software Inc.'s TIBCO eFTL - Community Edition: versions 6.7.2 and below, TIBCO eFTL - Developer Edition: versions 6.7.2 and below, and TIBCO eFTL - Enterprise Edition: versions 6.7.2 and below.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34704 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper input validation when parsing HTTPS requests. An attacker could exploit this vulnerability by sending a malicious HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43971 βΌ
π Read
via "National Vulnerability Database".
A SQL injection vulnerability in /mobile/SelectUsers.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to execute arbitrary SQL commands via the filterText parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43052 βΌ
π Read
via "National Vulnerability Database".
The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains an easily exploitable vulnerability that allows authentication bypass due to a hard coded secret used in the default realm server of the affected system. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Community Edition: versions 6.7.2 and below, TIBCO FTL - Developer Edition: versions 6.7.2 and below, and TIBCO FTL - Enterprise Edition: versions 6.7.2 and below.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43972 βΌ
π Read
via "National Vulnerability Database".
An unrestricted file copy vulnerability in /UserSelfServiceSettings.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to copy arbitrary files on the server filesystem to the web root (with an arbitrary filename) via the tempFile and fileName parameters in the HTTP POST body.π Read
via "National Vulnerability Database".
βΌ CVE-2021-1573 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper input validation when parsing HTTPS requests. An attacker could exploit this vulnerability by sending a malicious HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43055 βΌ
π Read
via "National Vulnerability Database".
The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains an easily exploitable vulnerability that allows clients to inherit the permissions of the client that initially connected on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO eFTL - Community Edition: versions 6.7.2 and below, TIBCO eFTL - Developer Edition: versions 6.7.2 and below, and TIBCO eFTL - Enterprise Edition: versions 6.7.2 and below.π Read
via "National Vulnerability Database".