βΌ CVE-2021-34591 βΌ
π Read
via "National Vulnerability Database".
In Bender/ebee Charge Controllers in multiple versions are prone to Local privilege Escalation. An authenticated attacker could get root access via the suid applications socat, ip udhcpc and ifplugd.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34592 βΌ
π Read
via "National Vulnerability Database".
In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34588 βΌ
π Read
via "National Vulnerability Database".
In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot .π Read
via "National Vulnerability Database".
βΌ CVE-2022-22278 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP response message to the source address when users try to access prohibited resource this allows an attacker to cause HTTP Denial of Service (DoS) attackπ Read
via "National Vulnerability Database".
βΌ CVE-2021-34587 βΌ
π Read
via "National Vulnerability Database".
In Bender/ebee Charge Controllers in multiple versions a long URL could lead to webserver crash. The URL is used as input of an sprintf to a stack variable.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34589 βΌ
π Read
via "National Vulnerability Database".
In Bender/ebee Charge Controllers in multiple versions are prone to an RFID leak. The RFID of the last charge event can be read without authentication via the web interface.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25266 βΌ
π Read
via "National Vulnerability Database".
An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.3495.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29776 βΌ
π Read
via "National Vulnerability Database".
IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information from another user's dashboard providing the dashboard ID of that user. IBM X-Force ID: 203030.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1507 βΌ
π Read
via "National Vulnerability Database".
chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. in GitHub repository hpjansson/chafa prior to 1.10.2. chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file.π Read
via "National Vulnerability Database".
π nfstream 6.5.1 π
π Read
via "Packet Storm Security".
nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.π Read
via "Packet Storm Security".
Packetstormsecurity
nfstream 6.5.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π1
π΄ Coca-Cola Investigates Data-Theft Claims After Ransomware Attack π΄
π Read
via "Dark Reading".
The Stormous ransomware group is offering purportedly stolen Coca-Cola data for sale on its leak site, but the soda giant hasn't confirmed that the heist happened.π Read
via "Dark Reading".
Dark Reading
Coca-Cola Investigates Data-Theft Claims After Ransomware Attack
The Stormous ransomware group is offering purportedly stolen Coca-Cola data for sale on its leak site, but the soda giant hasn't confirmed that the heist happened.
β Emotet is Back From βSpring Breakβ With New Nasty Tricks β
π Read
via "Threat Post".
The Botnet appears to use a new delivery method for compromising Windows systems after Microsoft disables VBA macros by default.π Read
via "Threat Post".
Threat Post
Emotet is Back From βSpring Breakβ With New Nasty Tricks
The Botnet appears to use a new delivery method for compromising Windows systems after Microsoft disables VBA macros by default.
βΌ CVE-2022-28193 βΌ
π Read
via "National Vulnerability Database".
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where insufficient validation of untrusted data may allow a local attacker to cause a memory buffer overflow, which may lead to code execution, loss of integrity, limited denial of service, and some impact to confidentiality.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22315 βΌ
π Read
via "National Vulnerability Database".
IBM UrbanCode Deploy (UCD) 7.2.2.1 could allow an authenticated user with special permissions to obtain elevated privileges due to improper handling of permissions. IBM X-Force ID: 217955.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28197 βΌ
π Read
via "National Vulnerability Database".
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_mount function, where Insufficient validation of untrusted data may allow a highly privileged local attacker to cause an integer overflow. This difficult- to-exploit vulnerability may lead to code execution, escalation of privileges, limited denial of service, and some impact to confidentiality and integrity.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28196 βΌ
π Read
via "National Vulnerability Database".
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot blob_decompress function, where insufficient validation of untrusted data may allow a local attacker to cause a memory buffer overflow, which may lead to code execution, limited loss of Integrity, and limited denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28195 βΌ
π Read
via "National Vulnerability Database".
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_read_file function, where insufficient validation of untrusted data may allow a highly privileged local attacker to cause a integer overflow, which may lead to code execution, escalation of privileges, limited denial of service, and some impact to confidentiality and integrity.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24372 βΌ
π Read
via "National Vulnerability Database".
Linksys MR9600 devices before 2.0.5 allow attackers to read arbitrary files via a symbolic link to the root directory of a NAS SMB share.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28194 βΌ
π Read
via "National Vulnerability Database".
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where, if TFTP is enabled, a local attacker can cause a memory buffer overflow, which may lead to code execution, loss of Integrity, limited denial of service, and some impact to confidentiality.π Read
via "National Vulnerability Database".
π΄ CISA: Log4Shell Was the Most-Exploited Vulnerability in 2021 π΄
π Read
via "Dark Reading".
Internet-facing zero-day vulnerabilities were the most commonly used types of bugs in 2021 attacks, according to the international Joint Cybersecurity Advisory (JCSA).π Read
via "Dark Reading".
Dark Reading
CISA: Log4Shell Was the Most-Exploited Vulnerability in 2021
Internet-facing zero-day vulnerabilities were the most commonly used types of bugs in 2021 attacks, according to the international Joint Cybersecurity Advisory (JCSA).
π΄ Synopsys to Acquire WhiteHat Security from NTT π΄
π Read
via "Dark Reading".
Acquisition expands security software-as-a-service capabilities.π Read
via "Dark Reading".
Dark Reading
press release
press releases