βΌ CVE-2022-26997 βΌ
π Read
via "National Vulnerability Database".
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the upnp function via the upnp_ttl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26992 βΌ
π Read
via "National Vulnerability Database".
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the ddns function via the DdnsUserName, DdnsHostName, and DdnsPassword parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26998 βΌ
π Read
via "National Vulnerability Database".
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the wps setting function via the wps_enrolee_pin parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26212 βΌ
π Read
via "National Vulnerability Database".
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDeviceName, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27002 βΌ
π Read
via "National Vulnerability Database".
Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the ddns function via the ddns_name, ddns_pwd, h_ddns?ddns_host parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.π Read
via "National Vulnerability Database".
π’ US law passed forcing companies to report cyber attacks, ransomware payments π’
π Read
via "ITPro".
Operators of critical infrastructure will face a subpoena for failing to report cyber incidentsπ Read
via "ITPro".
IT PRO
US law passed forcing companies to report cyber attacks, ransomware payments | IT PRO
Operators of critical infrastructure will face a subpoena for failing to report cyber incidents
π’ Ukraine given access to Clearview AI's controversial facial recognition tech π’
π Read
via "ITPro".
The tech will be used to recognise Russian soldiers, tackle misinformation, and identify the deceasedπ Read
via "ITPro".
IT PRO
Ukraine given access to Clearview AI's controversial facial recognition tech | IT PRO
The tech will be used to recognise Russian soldiers, tackle misinformation, and identify the deceased
π’ Vodafone and Ericsson complete UK's first 5G network slicing trial π’
π Read
via "ITPro".
Network slicing allows businesses and app developers to carve out a βsliceβ of the network suited to specific use casesπ Read
via "ITPro".
IT PRO
Vodafone and Ericsson complete UK's first 5G network slicing trial | IT PRO
Network slicing allows businesses and app developers to carve out a βsliceβ of the network suited to specific use cases
π’ What is Strong Customer Authentication (SCA) under PSD2? π’
π Read
via "ITPro".
An in-depth look at the EU directive that aims to harmonise online payment protectionπ Read
via "ITPro".
IT PRO
What is Strong Customer Authentication (SCA) under PSD2? | IT PRO
An in-depth look at the EU directive that aims to harmonise online payment protection
π’ IoT security market to hit $59 billion by 2029 π’
π Read
via "ITPro".
The Asia Pacific region is projected to lead the market during the forecast periodπ Read
via "ITPro".
IT PRO
IoT security market to hit $59 billion by 2029 | IT PRO
The Asia Pacific region is projected to lead the market during the forecast period
π’ Cyber security certification overhaul brings new questions and longer exams π’
π Read
via "ITPro".
Fresh changes to the examination format of the prestigious CISSP exam will come into effect later this yearπ Read
via "ITPro".
IT PRO
Cyber security certification overhaul brings new questions and longer exams | IT PRO
Fresh changes to the examination format of the prestigious CISSP exam will come into effect later this year
π’ China overhauls ISP rules to better protect children online π’
π Read
via "ITPro".
New rules include 'youth modes' for all video services and mandatory security software for all new devicesπ Read
via "ITPro".
IT PRO
China overhauls ISP rules to better protect children online | IT PRO
New rules include 'youth modes' for all video services and mandatory security software for all new devices
βΌ CVE-2022-27225 βΌ
π Read
via "National Vulnerability Database".
Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. It uses Keycloak for identity management services. During the sign-in process, Keycloak sets browser cookies that effectively provide remember-me functionality. For backwards compatibility with older Safari versions, Keycloak sets a duplicate of the cookie without the Secure attribute, which allows the cookie to be sent when accessing the location that cookie is set for via HTTP. This creates the potential for an attacker (with the ability to impersonate the Gradle Enterprise host) to capture the login session of a user by having them click an http:// link to the server, despite the real server requiring HTTPS.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27223 βΌ
π Read
via "National Vulnerability Database".
In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43955 βΌ
π Read
via "National Vulnerability Database".
The /rest-service-fecru/server-v1 resource in Fisheye and Crucible before version 4.8.9 allowed authenticated remote attackers to obtain information about installation directories via information disclosure vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43957 βΌ
π Read
via "National Vulnerability Database".
Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. The affected versions are before version 4.8.9.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43956 βΌ
π Read
via "National Vulnerability Database".
The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers to to inject arbitrary HTML and/or JavaScript via a prototype pollution vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43958 βΌ
π Read
via "National Vulnerability Database".
Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to brute force user login credentials as rest resources did not check if users were beyond their max failed login limits and therefore required solving a CAPTCHA in addition to providing user credentials for authentication via a improper restriction of excess authentication attempts vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36519 βΌ
π Read
via "National Vulnerability Database".
Mimecast Email Security before 2020-01-10 allows any admin to spoof any domain, and pass DMARC alignment via SPF. This occurs through misuse of the address rewrite feature. (The domain being spoofed must be a customer in the Mimecast grid from which the spoofing occurs.)π Read
via "National Vulnerability Database".
ποΈ OpenSSL drops update addressing βhigh severityβ denial of service issue in ubiquitous encryption library ποΈ
π Read
via "The Daily Swig".
The race is on for maintainers of downstream applicationsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
OpenSSL drops update addressing βhigh severityβ denial of service issue in ubiquitous encryption library
The race is on for maintainers of downstream applications
βΌ CVE-2021-45851 βΌ
π Read
via "National Vulnerability Database".
A Server-Side Request Forgery (SSRF) attack in FUXA 1.1.3 can be carried out leading to the obtaining of sensitive information from the server's internal environment and services, often potentially leading to the attacker executing commands on the server.π Read
via "National Vulnerability Database".