π΄ Mandiant Bolsters SaaS Platform With Integration of New Attack Surface Management Module π΄
π Read
via "Dark Reading".
New automated offering helps organizations gain comprehensive visibility across IT environments, continuously monitor for vulnerabilities, operationalize threat intelligence and manage risk.π Read
via "Dark Reading".
Dark Reading
Mandiant Bolsters SaaS Platform With Integration of New Attack Surface Management Module
New automated offering helps organizations gain comprehensive visibility across IT environments, continuously monitor for vulnerabilities, operationalize threat intelligence and manage risk.
β Kronos Still Dragging Itself Back From Ransomware Hell β
π Read
via "Threat Post".
And customers including Tesla, PepsiCo and NYC transit workers are filing lawsuits over the βreal pain in the rear endβ of manual inputting, inaccurate wages & more.π Read
via "Threat Post".
Threat Post
Kronos Still Dragging Itself Back From Ransomware Hell
UPDATE: Puma was one of the companies from which employees' personal data was stolen. Customers including Tesla, PepsiCo and NYC transit workers are filing lawsuits over the βreal pain in the rear endβ of manual inputting, inaccurate wages & more.
βΌ CVE-2021-45268 βΌ
π Read
via "National Vulnerability Database".
A Cross Site Request Forgery (CSRF) vulnerability exists in Backdrop CMS 1.20, which allows Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading a maliciously add-on with crafted PHP file.π Read
via "National Vulnerability Database".
π΄ Mac Malware-Dropping Adware Gets More Dangerous π΄
π Read
via "Dark Reading".
The authors of UpdateAgent have tweaked it yet again β for the fifth time in less than 18 months.π Read
via "Dark Reading".
Dark Reading
Mac Malware-Dropping Adware Gets More Dangerous
The authors of UpdateAgent have tweaked it yet again β for the fifth time in less than 18 months.
βΌ CVE-2022-24153 βΌ
π Read
via "National Vulnerability Database".
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formAddMacfilterRule. This vulnerability allows attackers to cause a Denial of Service (DoS) via the devName parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45989 βΌ
π Read
via "National Vulnerability Database".
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function guestWifiRuleRefresh. This vulnerability allows attackers to cause a Denial of Service (DoS) via the qosGuestUpstream and qosGuestDownstream parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45987 βΌ
π Read
via "National Vulnerability Database".
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetNetCheckTools. This vulnerability allows attackers to execute arbitrary commands via the hostName parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46230 βΌ
π Read
via "National Vulnerability Database".
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function upgrade_filter. This vulnerability allows attackers to execute arbitrary commands via the path and time parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24172 βΌ
π Read
via "National Vulnerability Database".
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formAddDhcpBindRule. This vulnerability allows attackers to cause a Denial of Service (DoS) via the addDhcpRules parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24148 βΌ
π Read
via "National Vulnerability Database".
Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function mDMZSetCfg. This vulnerability allows attackers to execute arbitrary commands via the dmzIp parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45995 βΌ
π Read
via "National Vulnerability Database".
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetStaticRoute. This vulnerability allows attackers to cause a Denial of Service (DoS) via the staticRouteNet, staticRouteMask, and staticRouteGateway parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24145 βΌ
π Read
via "National Vulnerability Database".
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formWifiBasicSet. This vulnerability allows attackers to cause a Denial of Service (DoS) via the security and security_5g parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24163 βΌ
π Read
via "National Vulnerability Database".
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the timeZone parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24147 βΌ
π Read
via "National Vulnerability Database".
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromAdvSetMacMtuWan. This vulnerability allows attackers to cause a Denial of Service (DoS) via the wanMTU, wanSpeed, cloneType, mac, and serviceName parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46452 βΌ
π Read
via "National Vulnerability Database".
D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNetworkTomographySettings. This vulnerability allows attackers to execute arbitrary commands via the tomography_ping_address, tomography_ping_number, tomography_ping_size, tomography_ping_timeout, and tomography_ping_ttl parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45733 βΌ
π Read
via "National Vulnerability Database".
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vulnerability allows attackers to execute arbitrary commands via the parameter host_time.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46455 βΌ
π Read
via "National Vulnerability Database".
D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetStationSettings. This vulnerability allows attackers to execute arbitrary commands via the station_access_enable parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24154 βΌ
π Read
via "National Vulnerability Database".
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetRebootTimer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the rebootTime parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46229 βΌ
π Read
via "National Vulnerability Database".
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function usb_paswd.asp. This vulnerability allows attackers to execute arbitrary commands via the name parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44880 βΌ
π Read
via "National Vulnerability Database".
D-Link devices DIR_878 DIR_878_FW1.30B08_Hotfix_02 and DIR_882 DIR_882_FW1.30B06_Hotfix_02 were discovered to contain a command injection vulnerability in the system function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24146 βΌ
π Read
via "National Vulnerability Database".
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetQosBand. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter.π Read
via "National Vulnerability Database".