‼ CVE-2021-30064 ‼
📖 Read
via "National Vulnerability Database".
On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an SSH login can succeed with hardcoded default credentials (if the device is in the uncommissioned state).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30065 ‼
📖 Read
via "National Vulnerability Database".
On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, crafted ModBus packets can bypass the ModBus enforcer. NOTE: this issue exists because of an incomplete fix of CVE-2017-11401.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26530 ‼
📖 Read
via "National Vulnerability Database".
swaylock before 1.6 allows attackers to trigger a crash and achieve unlocked access to a Wayland compositor.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27249 ‼
📖 Read
via "National Vulnerability Database".
An unrestricted file upload vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to execute arbitrary code by using UploadDwg to upload a crafted aspx file to the web root, and then visiting the URL for this aspx resource.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30066 ‼
📖 Read
via "National Vulnerability Database".
On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an arbitrary firmware image can be loaded because firmware signature verification (for a USB stick) can be bypassed. NOTE: this issue exists because of an incomplete fix of CVE-2017-11400.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26233 ‼
📖 Read
via "National Vulnerability Database".
Barco Control Room Management through Suite 2.9 Build 0275 was discovered to be vulnerable to directory traversal, allowing attackers to access sensitive information and components. Requests must begin with the "GET /..\.." substring.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30063 ‼
📖 Read
via "National Vulnerability Database".
On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can cause an OPC enforcer denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1223 ‼
📖 Read
via "National Vulnerability Database".
Improper Access Control in GitHub repository phpipam/phpipam prior to 1.4.6.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1225 ‼
📖 Read
via "National Vulnerability Database".
Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24191 ‼
📖 Read
via "National Vulnerability Database".
In HTMLDOC 1.9.14, an infinite loop in the gif_read_lzw function can lead to a pointer arbitrarily pointing to heap memory and resulting in a buffer overflow.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1224 ‼
📖 Read
via "National Vulnerability Database".
Improper Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1222 ‼
📖 Read
via "National Vulnerability Database".
Inf loop in GitHub repository gpac/gpac prior to 2.1.0-DEV.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0939 ‼
📖 Read
via "National Vulnerability Database".
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18.📖 Read
via "National Vulnerability Database".
🗓️ Cisco software update blocks exploit chain in network management software 🗓️
📖 Read
via "The Daily Swig".
Patches released for Nexus Dashboard Fabric Controller vulnerabilities📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Cisco software update blocks exploit chain in network management software
Patches released for Nexus Dashboard Fabric Controller vulnerabilities
🕴 Cybersecurity Mesh: IT's Answer to Cloud Security 🕴
📖 Read
via "Dark Reading".
With a properly functioning cybersecurity mesh architecture, one can guarantee safe, authorized access to data from any access point.📖 Read
via "Dark Reading".
Dark Reading
Cybersecurity Mesh: IT's Answer to Cloud Security
With a properly functioning cybersecurity mesh architecture, one can guarantee safe, authorized access to data from any access point.
‼ CVE-2022-26616 ‼
📖 Read
via "National Vulnerability Database".
PKP Vendor Open Journal System v2.4.8 to v3.3.8 allows attackers to perform reflected cross-site scripting (XSS) attacks via crafted HTTP headers.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33616 ‼
📖 Read
via "National Vulnerability Database".
RSA Archer 6.x through 6.9 SP1 P4 (6.9.1.4) allows stored XSS.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36776 ‼
📖 Read
via "National Vulnerability Database".
A Improper Access Control vulnerability in SUSE Rancher allows remote attackers impersonate arbitrary users. This issue affects: SUSE Rancher Rancher versions prior to 2.5.10.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44138 ‼
📖 Read
via "National Vulnerability Database".
There is a Directory traversal vulnerability in Caucho Resin, as distributed in Resin 4.0.52 - 4.0.56, which allows remote attackers to read files in arbitrary directories via a ; in a pathname within an HTTP request.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36775 ‼
📖 Read
via "National Vulnerability Database".
a Improper Access Control vulnerability in SUSE Rancher allows users to keep privileges that should have been revoked. This issue affects: SUSE Rancher Rancher versions prior to 2.4.18; Rancher versions prior to 2.5.12; Rancher versions prior to 2.6.3.📖 Read
via "National Vulnerability Database".
🗓️ Trezor cryptocurrency wallets targeted with phishing attacks following Mailchimp compromise 🗓️
📖 Read
via "The Daily Swig".
Company claims false data breach emails were spread via newsletters📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Trezor cryptocurrency wallets targeted with phishing attacks following Mailchimp compromise
Company claims false data breach emails were spread via newsletters
🤯1