βΌ CVE-2022-36308 βΌ
π Read
via "National Vulnerability Database".
Airspan AirVelocity 1500 web management UI displays SNMP credentials in plaintext on software versions older than 15.18.00.2511, and stores SNMPv3 credentials unhashed on the filesystem, enabling anyone with web access to use these credentials to manipulate the eNodeB over SNMP. This issue may affect other AirVelocity and AirSpeed models.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24950 βΌ
π Read
via "National Vulnerability Database".
A race condition exists in Eternal Terminal prior to version 6.2.0 that allows an authenticated attacker to hijack other users' SSH authorization socket, enabling the attacker to login to other systems as the targeted users. The bug is in UserTerminalRouter::getInfoForId().π Read
via "National Vulnerability Database".
βΌ CVE-2022-24951 βΌ
π Read
via "National Vulnerability Database".
A race condition exists in Eternal Terminal prior to version 6.2.0 which allows a local attacker to hijack Eternal Terminal's IPC socket, enabling access to Eternal Terminal clients which attempt to connect in the future.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38216 βΌ
π Read
via "National Vulnerability Database".
An integer overflow exists in Mapbox's closed source gl-native library prior to version 10.6.1, which is bundled with multiple Mapbox products including open source libraries. The overflow is caused by large image height and width values when creating a new Image and allows for out of bounds writes, potentially crashing the Mapbox process.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36309 βΌ
π Read
via "National Vulnerability Database".
Airspan AirVelocity 1500 software versions prior to 15.18.00.2511 have a root command injection vulnerability in the ActiveBank parameter of the recoverySubmit.cgi script running on the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models.π Read
via "National Vulnerability Database".
π₯1
β Xiaomi Phone Bug Allowed Payment Forgery β
π Read
via "Threat Post".
Mobile transactions couldβve been disabled, created and signed by attackers.π Read
via "Threat Post".
Threat Post
Xiaomi Phone Bug Allowed Payment Forgery
Mobile transactions couldβve been disabled, created and signed by attackers.
βΌ CVE-2022-2838 βΌ
π Read
via "National Vulnerability Database".
In Eclipse SphinxΓ’βΒ’ before version 0.13.1, Apache Xerces XML Parser was used without disabling processing of referenced external entities allowing the injection of arbitrary definitions which is able to access local files and expose their contents via HTTP requests.π Read
via "National Vulnerability Database".
ποΈ Multiple cloud vendors impacted by PostgreSQL vulnerability that exposed enterprise databases ποΈ
π Read
via "The Daily Swig".
Flaws discovered in various PostgreSQL-as-a-Service offerings, including those from Microsoft and Googleπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Multiple cloud vendors impacted by PostgreSQL vulnerability that exposed enterprise databases
Flaws discovered in various PostgreSQL-as-a-Service offerings, including those from Microsoft and Google
π΄ SEPT. 7-9: Ukraine, Election, AI, Cybercrime, 5G Among Topics Explored by 125+ Speakers at 13th Billington Cybersecurity Summit π΄
π Read
via "Dark Reading".
Heads of CIA and CISA headline event at DC Convention Center.π Read
via "Dark Reading".
Dark Reading
SEPT. 7-9: Ukraine, Election, AI, Cybercrime, 5G Among Topics Explored by 125+ Speakers at 13th Billington Cybersecurity Summit
Heads of CIA and CISA headline event at DC Convention Center.
π΄ Lessons From the Cybersecurity Trenches π΄
π Read
via "Dark Reading".
Threat hunting not only serves the greater good by helping keep users safe, it rewards practitioners with the thrill of the hunt and solving of complex problems. Tap into your background and learn to follow your instincts.π Read
via "Dark Reading".
Dark Reading
Lessons From the Cybersecurity Trenches
Threat hunting not only serves the greater good by helping keep users safe, it rewards practitioners with the thrill of the hunt and solving of complex problems. Tap into your background and learn to follow your instincts.
βΌ CVE-2022-36599 βΌ
π Read
via "National Vulnerability Database".
Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/model/delete URI via models Lists.π Read
via "National Vulnerability Database".
βΌ CVE-2021-30490 βΌ
π Read
via "National Vulnerability Database".
upsMonitor in ViewPower (aka ViewPowerHTML) 1.04-21012 through 1.04-21353 has insecure permissions for the service binary that enable an Authenticated User to modify files, allowing for privilege escalation.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36530 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in rageframe2 2.6.37. There is a XSS vulnerability in the user agent related parameters of the info.php page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29959 βΌ
π Read
via "National Vulnerability Database".
Emerson OpenBSI through 2022-04-29 mishandles credential storage. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. This environment provides access control functionality through user authentication and privilege management. The credentials for various users are stored insecurely in the SecUsers.ini file by using a simple string transformation rather than a cryptographic mechanism.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36273 βΌ
π Read
via "National Vulnerability Database".
Tenda AC9 V15.03.2.21_cn is vulnerable to command injection via goform/SetSysTimeCfg.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30264 βΌ
π Read
via "National Vulnerability Database".
The Emerson ROC and FloBoss RTU product lines through 2022-05-02 perform insecure filesystem operations. They utilize the ROC protocol (4000/TCP, 5000/TCP) for communications between a master terminal and RTUs. Opcode 203 of this protocol allows a master terminal to transfer files to and from the flash filesystem and carrying out arbitrary file and directory read, write, and delete operations.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36272 βΌ
π Read
via "National Vulnerability Database".
Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/page/verify URI via fieldName parameter.π Read
via "National Vulnerability Database".
β U.K. Water Supplier Hit with Clop Ransomware Attack β
π Read
via "Threat Post".
The incident disrupted corporate IT systems at one company while attackers misidentified the victim in a post on its website that leaked stolen data.π Read
via "Threat Post".
Threat Post
U.K. Water Supplier Hit with Clop Ransomware Attack
The incident disrupted corporate IT systems at one company while attackers misidentified the victim in a post on its website that leaked stolen data.
π΄ Windows Vulnerability Could Crack DC Server Credentials Open π΄
π Read
via "Dark Reading".
The security flaw tracked as CVE-2022-30216 could allow attackers to perform server spoofing or trigger authentication coercion on the victim.π Read
via "Dark Reading".
Dark Reading
Windows Vulnerability Could Crack DC Server Credentials Open
The security flaw tracked as CVE-2022-30216 could allow attackers to perform server spoofing or trigger authentication coercion on the victim.
ποΈ Legitimate hacking activities under UK law proposed by βexpert consensusβ ποΈ
π Read
via "The Daily Swig".
Contentious edge case activities are no excuse for further delaying of βmuch overdueβ reform, say campaignersπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Legitimate hacking activities under UK law proposed by βexpert consensusβ
Contentious edge case activities are no excuse for further delaying of βmuch overdueβ reform, say campaigners
π΄ With Plunge in Value, Cryptocurrency Crimes Decline in 2022 π΄
π Read
via "Dark Reading".
Cybercrime has been funded with cryptocurrency, but the valuation of various digital currencies has dropped by more than two-thirds and cybercriminals are feeling the pinch.π Read
via "Dark Reading".
Dark Reading
With Plunge in Value, Cryptocurrency Crimes Decline in 2022
Cybercrime has been funded with cryptocurrency, but the valuation of various digital currencies has dropped by more than two-thirds and cybercriminals are feeling the pinch.
π1