βΌ CVE-2022-22521 βΌ
π Read
via "National Vulnerability Database".
In Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed by users with administrative privileges. An attacker could thereby obtain higher permissions. The attacker must already have access to the corresponding local system to be able to exchange the files.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22312 βΌ
π Read
via "National Vulnerability Database".
IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 217369.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38874 βΌ
π Read
via "National Vulnerability Database".
IBM QRadar SIEM 7.3, 7.4, and 7.5 allows for users to access information across tenant and domain boundaries in some situations. IBM X-Force ID: 208397.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38878 βΌ
π Read
via "National Vulnerability Database".
IBM QRadar 7.3, 7.4, and 7.5 could allow a malicious actor to impersonate an actor due to key exchange without entity authentication. IBM X-Force ID: 208756.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2021-38939 βΌ
π Read
via "National Vulnerability Database".
IBM QRadar SIEM 7.3, 7.4, and 7.5 stores potentially sensitive information in log files that could be read by an user with access to creating domains. IBM X-Force ID: 211037.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34590 βΌ
π Read
via "National Vulnerability Database".
In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38919 βΌ
π Read
via "National Vulnerability Database".
IBM QRadar SIEM 7.3, 7.4, and 7.5 in some senarios may reveal authorized service tokens to other QRadar users. IBM X-Force ID: 210021π Read
via "National Vulnerability Database".
βΌ CVE-2022-27336 βΌ
π Read
via "National Vulnerability Database".
Seacms v11.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/weixin.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22277 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in SonicOS SNMP service resulting exposure of Wireless Access Point sensitive information in cleartext.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34591 βΌ
π Read
via "National Vulnerability Database".
In Bender/ebee Charge Controllers in multiple versions are prone to Local privilege Escalation. An authenticated attacker could get root access via the suid applications socat, ip udhcpc and ifplugd.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34592 βΌ
π Read
via "National Vulnerability Database".
In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34588 βΌ
π Read
via "National Vulnerability Database".
In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot .π Read
via "National Vulnerability Database".
βΌ CVE-2022-22278 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP response message to the source address when users try to access prohibited resource this allows an attacker to cause HTTP Denial of Service (DoS) attackπ Read
via "National Vulnerability Database".
βΌ CVE-2021-34587 βΌ
π Read
via "National Vulnerability Database".
In Bender/ebee Charge Controllers in multiple versions a long URL could lead to webserver crash. The URL is used as input of an sprintf to a stack variable.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34589 βΌ
π Read
via "National Vulnerability Database".
In Bender/ebee Charge Controllers in multiple versions are prone to an RFID leak. The RFID of the last charge event can be read without authentication via the web interface.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25266 βΌ
π Read
via "National Vulnerability Database".
An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.3495.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29776 βΌ
π Read
via "National Vulnerability Database".
IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information from another user's dashboard providing the dashboard ID of that user. IBM X-Force ID: 203030.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1507 βΌ
π Read
via "National Vulnerability Database".
chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. in GitHub repository hpjansson/chafa prior to 1.10.2. chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file.π Read
via "National Vulnerability Database".
π nfstream 6.5.1 π
π Read
via "Packet Storm Security".
nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.π Read
via "Packet Storm Security".
Packetstormsecurity
nfstream 6.5.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π1
π΄ Coca-Cola Investigates Data-Theft Claims After Ransomware Attack π΄
π Read
via "Dark Reading".
The Stormous ransomware group is offering purportedly stolen Coca-Cola data for sale on its leak site, but the soda giant hasn't confirmed that the heist happened.π Read
via "Dark Reading".
Dark Reading
Coca-Cola Investigates Data-Theft Claims After Ransomware Attack
The Stormous ransomware group is offering purportedly stolen Coca-Cola data for sale on its leak site, but the soda giant hasn't confirmed that the heist happened.
β Emotet is Back From βSpring Breakβ With New Nasty Tricks β
π Read
via "Threat Post".
The Botnet appears to use a new delivery method for compromising Windows systems after Microsoft disables VBA macros by default.π Read
via "Threat Post".
Threat Post
Emotet is Back From βSpring Breakβ With New Nasty Tricks
The Botnet appears to use a new delivery method for compromising Windows systems after Microsoft disables VBA macros by default.