βΌ CVE-2022-33753 βΌ
π Read
via "National Vulnerability Database".
CA Automic Automation 12.2 and 12.3 contain an insecure file creation and handling vulnerability in the Automic agent that could allow a user to potentially elevate privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2018-18907 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered on D-Link DIR-850L 1.21WW devices. A partially completed WPA handshake is sufficient for obtaining full access to the wireless network. A client can access the network by sending packets on Data Frames to the AP without encryption.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33750 βΌ
π Read
via "National Vulnerability Database".
CA Automic Automation 12.2 and 12.3 contain an authentication error vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary commands.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30327 βΌ
π Read
via "National Vulnerability Database".
An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The web interface is vulnerable to CSRF. An attacker can change the pre-shared key of the Wi-Fi router if the interface's IP address is known.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33754 βΌ
π Read
via "National Vulnerability Database".
CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33752 βΌ
π Read
via "National Vulnerability Database".
CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33755 βΌ
π Read
via "National Vulnerability Database".
CA Automic Automation 12.2 and 12.3 contain an insecure input handling vulnerability in the Automic Agent that could allow a remote attacker to potentially enumerate users.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33756 βΌ
π Read
via "National Vulnerability Database".
CA Automic Automation 12.2 and 12.3 contain an entropy weakness vulnerability in the Automic AutomationEngine that could allow a remote attacker to potentially access sensitive data.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33751 βΌ
π Read
via "National Vulnerability Database".
CA Automic Automation 12.2 and 12.3 contain an insecure memory handling vulnerability in the Automic agent that could allow a remote attacker to potentially access sensitive data.π Read
via "National Vulnerability Database".
π Friday Five 6/17 π
π Read
via "".
In this weekβs Friday Five, read how ransomware criminals are making use of a kidsβ game, how Apple devices everywhere may be affected by a hardware vulnerability, and much more.
π Read
via "".
Digital Guardian
Friday Five 6/17
In this weekβs Friday Five, read how ransomware criminals are making use of a kidsβ game, how Apple devices everywhere may be affected by a hardware vulnerability, and much more.
β€1
ποΈ RubyGems trials 2FA-by-default in code repoβs latest security effort ποΈ
π Read
via "The Daily Swig".
Move intended to help prevent Ruby packages from being used in supply chain attacksπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
RubyGems trials 2FA-by-default in code repoβs latest security effort
Move intended to help prevent Ruby packages from being used in supply chain attacks
π΄ Tackling 5 Challenges Facing Critical National Infrastructure Today π΄
π Read
via "Dark Reading".
The stakes are high when protecting CNI from destructive malware and other threats.π Read
via "Dark Reading".
Dark Reading
Tackling 5 Challenges Facing Critical National Infrastructure Today
The stakes are high when protecting CNI from destructive malware and other threats.
β China-linked APT Flew Under Radar for Decade β
π Read
via "Threat Post".
Evidence suggests that a just-discovered APT has been active since 2013.π Read
via "Threat Post".
Threat Post
China-linked APT Flew Under Radar for Decade
Evidence suggests that a just-discovered APT has been active since 2013.
βΌ CVE-2019-12354 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/showbad.php (when the attacker has admin authority) via the id parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2018-25043 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in uTorrent. This vulnerability affects unknown code of the component PRNG. The manipulation leads to weak authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.π Read
via "National Vulnerability Database".
βΌ CVE-2019-12357 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/deluser.php (when the attacker has admin authority) via the id parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36547 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in GE Voluson S8. It has been rated as critical. This issue affects the Service Browser which itroduces hard-coded credentials. Attacking locally is a requirement. It is recommended to change the configuration settings.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36548 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in GE Voluson S8. Affected is the file /uscgi-bin/users.cgi of the Service Browser. The manipulation leads to improper authentication and elevated access possibilities. It is possible to launch the attack on the local host.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45025 βΌ
π Read
via "National Vulnerability Database".
ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to Cleartext Storage of Sensitive Information in a Cookie.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31784 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the management interface of MiVoice Business through 9.3 PR1 and MiVoice Business Express through 8.0 SP3 PR3 could allow an unauthenticated attacker (that has network access to the management interface) to conduct a buffer overflow attack due to insufficient validation of URL parameters. A successful exploit could allow arbitrary code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2111 βΌ
π Read
via "National Vulnerability Database".
Unrestricted Upload of File with Dangerous Type in GitHub repository inventree/inventree prior to 0.7.2.π Read
via "National Vulnerability Database".