🕴 FBI: Bank Losses From BEC Attacks Top $43B 🕴
📖 Read
via "Dark Reading".
Law enforcement attributes a recent 65% spike in BEC attack losses to COVID-19 restrictions and the ongoing reality of a remote workforce.📖 Read
via "Dark Reading".
Darkreading
FBI: Bank Losses From BEC Attacks Top $43B
Law enforcement attributes a recent 65% spike in BEC attack losses to COVID-19 restrictions and the ongoing reality of a remote workforce.
‼ CVE-2021-38487 ‼
📖 Read
via "National Vulnerability Database".
RTI Connext DDS Professional, Connext DDS Secure versions 4.2x to 6.1.0, and Connext DDS Micro versions 2.4 and later are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic. This may result in a denial-of-service condition and information exposure.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43547 ‼
📖 Read
via "National Vulnerability Database".
TwinOaks Computing CoreDX DDS versions prior to 5.9.1 are susceptible to exploitation when an attacker sends a specially crafted packet to flood target devices with unwanted traffic. This may result in a denial-of-service condition and information exposure.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39020 ‼
📖 Read
via "National Vulnerability Database".
IBM Guardium Data Encryption (GDE) 4.0.0.7 and lower stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 213855.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1468 ‼
📖 Read
via "National Vulnerability Database".
On all versions of 17.0.x, 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x on F5 BIG-IP, an authenticated iControl REST user with at least guest role privileges can cause processing delays to iControl REST requests via undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38445 ‼
📖 Read
via "National Vulnerability Database".
OCI OpenDDS versions prior to 3.18.1 do not handle a length parameter consistent with the actual length of the associated data, which may allow an attacker to remotely execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26130 ‼
📖 Read
via "National Vulnerability Database".
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when an Active mode-enabled FTP profile is configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing active FTP data channel connections. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38429 ‼
📖 Read
via "National Vulnerability Database".
OCI OpenDDS versions prior to 3.18.1 are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic, which may result in a denial-of-service condition and information exposure.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1389 ‼
📖 Read
via "National Vulnerability Database".
On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP (fixed in 17.0.0), a cross-site request forgery (CSRF) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. This vulnerability allows an attacker to run a limited set of commands: ping, traceroute, and WOM diagnostics. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38427 ‼
📖 Read
via "National Vulnerability Database".
RTI Connext DDS Professional and Connext DDS Secure Versions 4.2.x to 6.1.0 are vulnerable to a stack-based buffer overflow, which may allow a local attacker to execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44057 ‼
📖 Read
via "National Vulnerability Database".
An improper authentication vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.20 ( 2022/02/15 ) and later Photo Station 5.7.16 ( 2022/02/11 ) and later Photo Station 5.4.13 ( 2022/02/11 ) and later📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26340 ‼
📖 Read
via "National Vulnerability Database".
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, and F5 BIG-IQ Centralized Management all versions of 8.x and 7.x, an authenticated, high-privileged attacker with no bash access may be able to access Certificate and Key files using Secure Copy (SCP) protocol from a remote system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26517 ‼
📖 Read
via "National Vulnerability Database".
On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when the BIG-IP CGNAT Large Scale NAT (LSN) pool is configured on a virtual server and packet filtering is enabled, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25946 ‼
📖 Read
via "National Vulnerability Database".
On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appliance mode, an authenticated attacker with Administrator role privilege may be able to bypass Appliance mode restrictions due to a missing integrity check in F5 BIG-IP Guided Configuration. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44053 ‼
📖 Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QTS, QuTS hero and QuTScloud. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QTS, QuTS hero and QuTScloud: QTS 4.5.4.1991 build 20220329 and later QTS 5.0.0.1986 build 20220324 and later QuTS hero h5.0.0.1986 build 20220324 and later QuTS hero h4.5.4.1971 build 20220310 and later QuTScloud c5.0.1.1949 and later📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22433 ‼
📖 Read
via "National Vulnerability Database".
IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 224156.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26835 ‼
📖 Read
via "National Vulnerability Database".
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, directory traversal vulnerabilities exist in undisclosed iControl REST endpoints and TMOS Shell (tmsh) commands in F5 BIG-IP Guided Configuration, which may allow an authenticated attacker with at least resource administrator role privileges to read arbitrary files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38439 ‼
📖 Read
via "National Vulnerability Database".
All versions of GurumDDS are vulnerable to heap-based buffer overflow, which may cause a denial-of-service condition or remotely execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44055 ‼
📖 Read
via "National Vulnerability Database".
An missing authorization vulnerability has been reported to affect QNAP device running Video Station. If exploited, this vulnerability allows remote attackers to access data or perform actions that they should not be allowed to perform. We have already fixed this vulnerability in the following versions of Video Station: Video Station 5.5.9 ( 2022/02/16 ) and later📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38423 ‼
📖 Read
via "National Vulnerability Database".
All versions of GurumDDS improperly calculate the size to be used when allocating the buffer, which may result in a buffer overflow.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38433 ‼
📖 Read
via "National Vulnerability Database".
RTI Connext DDS Professional and Connext DDS Secure Versions 4.2x to 6.1.0 vulnerable to a stack-based buffer overflow, which may allow a local attacker to execute arbitrary code.📖 Read
via "National Vulnerability Database".