βΌ CVE-2022-26993 βΌ
π Read
via "National Vulnerability Database".
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the pppoe function via the pppoeUserName, pppoePassword, and pppoe_Service parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26994 βΌ
π Read
via "National Vulnerability Database".
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the pptp function via the pptpUserName and pptpPassword parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26996 βΌ
π Read
via "National Vulnerability Database".
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pppoe function via the pppoe_username, pppoe_passwd, and pppoe_servicename parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-26997 βΌ
π Read
via "National Vulnerability Database".
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the upnp function via the upnp_ttl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26992 βΌ
π Read
via "National Vulnerability Database".
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the ddns function via the DdnsUserName, DdnsHostName, and DdnsPassword parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26998 βΌ
π Read
via "National Vulnerability Database".
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the wps setting function via the wps_enrolee_pin parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26212 βΌ
π Read
via "National Vulnerability Database".
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDeviceName, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27002 βΌ
π Read
via "National Vulnerability Database".
Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the ddns function via the ddns_name, ddns_pwd, h_ddns?ddns_host parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.π Read
via "National Vulnerability Database".
π’ US law passed forcing companies to report cyber attacks, ransomware payments π’
π Read
via "ITPro".
Operators of critical infrastructure will face a subpoena for failing to report cyber incidentsπ Read
via "ITPro".
IT PRO
US law passed forcing companies to report cyber attacks, ransomware payments | IT PRO
Operators of critical infrastructure will face a subpoena for failing to report cyber incidents
π’ Ukraine given access to Clearview AI's controversial facial recognition tech π’
π Read
via "ITPro".
The tech will be used to recognise Russian soldiers, tackle misinformation, and identify the deceasedπ Read
via "ITPro".
IT PRO
Ukraine given access to Clearview AI's controversial facial recognition tech | IT PRO
The tech will be used to recognise Russian soldiers, tackle misinformation, and identify the deceased
π’ Vodafone and Ericsson complete UK's first 5G network slicing trial π’
π Read
via "ITPro".
Network slicing allows businesses and app developers to carve out a βsliceβ of the network suited to specific use casesπ Read
via "ITPro".
IT PRO
Vodafone and Ericsson complete UK's first 5G network slicing trial | IT PRO
Network slicing allows businesses and app developers to carve out a βsliceβ of the network suited to specific use cases
π’ What is Strong Customer Authentication (SCA) under PSD2? π’
π Read
via "ITPro".
An in-depth look at the EU directive that aims to harmonise online payment protectionπ Read
via "ITPro".
IT PRO
What is Strong Customer Authentication (SCA) under PSD2? | IT PRO
An in-depth look at the EU directive that aims to harmonise online payment protection
π’ IoT security market to hit $59 billion by 2029 π’
π Read
via "ITPro".
The Asia Pacific region is projected to lead the market during the forecast periodπ Read
via "ITPro".
IT PRO
IoT security market to hit $59 billion by 2029 | IT PRO
The Asia Pacific region is projected to lead the market during the forecast period
π’ Cyber security certification overhaul brings new questions and longer exams π’
π Read
via "ITPro".
Fresh changes to the examination format of the prestigious CISSP exam will come into effect later this yearπ Read
via "ITPro".
IT PRO
Cyber security certification overhaul brings new questions and longer exams | IT PRO
Fresh changes to the examination format of the prestigious CISSP exam will come into effect later this year
π’ China overhauls ISP rules to better protect children online π’
π Read
via "ITPro".
New rules include 'youth modes' for all video services and mandatory security software for all new devicesπ Read
via "ITPro".
IT PRO
China overhauls ISP rules to better protect children online | IT PRO
New rules include 'youth modes' for all video services and mandatory security software for all new devices
βΌ CVE-2022-27225 βΌ
π Read
via "National Vulnerability Database".
Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. It uses Keycloak for identity management services. During the sign-in process, Keycloak sets browser cookies that effectively provide remember-me functionality. For backwards compatibility with older Safari versions, Keycloak sets a duplicate of the cookie without the Secure attribute, which allows the cookie to be sent when accessing the location that cookie is set for via HTTP. This creates the potential for an attacker (with the ability to impersonate the Gradle Enterprise host) to capture the login session of a user by having them click an http:// link to the server, despite the real server requiring HTTPS.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27223 βΌ
π Read
via "National Vulnerability Database".
In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43955 βΌ
π Read
via "National Vulnerability Database".
The /rest-service-fecru/server-v1 resource in Fisheye and Crucible before version 4.8.9 allowed authenticated remote attackers to obtain information about installation directories via information disclosure vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43957 βΌ
π Read
via "National Vulnerability Database".
Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. The affected versions are before version 4.8.9.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43956 βΌ
π Read
via "National Vulnerability Database".
The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers to to inject arbitrary HTML and/or JavaScript via a prototype pollution vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43958 βΌ
π Read
via "National Vulnerability Database".
Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to brute force user login credentials as rest resources did not check if users were beyond their max failed login limits and therefore required solving a CAPTCHA in addition to providing user credentials for authentication via a improper restriction of excess authentication attempts vulnerability.π Read
via "National Vulnerability Database".