🕴 Internet Security & Encryption Pioneer Peter Eckersley Passes at 43 🕴
📖 Read
via "Dark Reading".
The founder of Let's Encrypt and an EFF technologist, Eckersley devoted his life's work to making the Internet safer and more secure.📖 Read
via "Dark Reading".
Dark Reading
Internet Security & Encryption Pioneer Peter Eckersley Passes at 43
The founder of Let's Encrypt and an EFF technologist, Eckersley devoted his life's work to making the Internet safer and more secure.
‼ CVE-2022-40111 ‼
📖 Read
via "National Vulnerability Database".
In TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 in the shadow.sample file, root is hardcoded in the firmware.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37841 ‼
📖 Read
via "National Vulnerability Database".
In TOTOLINK A860R V4.1.2cu.5182_B20201027 there is a hard coded password for root in /etc/shadow.sample.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37839 ‼
📖 Read
via "National Vulnerability Database".
TOTOLINK A860R V4.1.2cu.5182_B20201027 is vulnerable to Buffer Overflow via Cstecgi.cgi.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36584 ‼
📖 Read
via "National Vulnerability Database".
In Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE, the getsinglepppuser function has a buffer overflow caused by sscanf.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40110 ‼
📖 Read
via "National Vulnerability Database".
TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable to Buffer Overflow via /bin/boa.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26114 ‼
📖 Read
via "National Vulnerability Database".
An improper neutralization of input during web page generation vulnerability [CWE-79] in the Webmail of FortiMail before 7.2.0 may allow an unauthenticated attacker to trigger a cross-site scripting (XSS) attack via sending specially crafted mail messages.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37842 ‼
📖 Read
via "National Vulnerability Database".
In TOTOLINK A860R V4.1.2cu.5182_B20201027, the parameters in infostat.cgi are not filtered, causing a buffer overflow vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43076 ‼
📖 Read
via "National Vulnerability Database".
An improper privilege management vulnerability [CWE-269] in FortiADC versions 6.2.1 and below, 6.1.5 and below, 6.0.4 and below, 5.4.5 and below and 5.3.7 and below may allow a remote authenticated attacker with restricted user profile to modify the system files using the shell access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37840 ‼
📖 Read
via "National Vulnerability Database".
In TOTOLINK A860R V4.1.2cu.5182_B20201027, the main function in downloadfile.cgi has a buffer overflow vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40112 ‼
📖 Read
via "National Vulnerability Database".
TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable Buffer Overflow via the hostname parameter in binary /bin/boa.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37843 ‼
📖 Read
via "National Vulnerability Database".
In TOTOLINK A860R V4.1.2cu.5182_B20201027 in cstecgi.cgi, the acquired parameters are directly put into the system for execution without filtering, resulting in a command injection vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40109 ‼
📖 Read
via "National Vulnerability Database".
TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable to Insecure Permissions via binary /bin/boa.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43080 ‼
📖 Read
via "National Vulnerability Database".
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.2.0, version 6.4.0 through 6.4.9, version 7.0.0 through 7.0.5 may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack through the URI parameter via the Threat Feed IP address section of the Security Fabric External connectors.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31020 ‼
📖 Read
via "National Vulnerability Database".
Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In versions 1.12.4 and prior, the `pool-upgrade` request handler in Indy-Node allows an improperly authenticated attacker to remotely execute code on nodes within the network. The `pool-upgrade` request handler in Indy-Node 1.12.5 has been updated to properly authenticate pool-upgrade transactions before any processing is performed by the request handler. The transactions are further sanitized to prevent remote code execution. As a workaround, endorsers should not create DIDs for untrusted users. A vulnerable ledger should configure `auth_rules` to prevent new DIDs from being written to the ledger until the network can be upgraded.📖 Read
via "National Vulnerability Database".
🕴 Name That Edge Toon: Mime's the Word 🕴
📖 Read
via "Dark Reading".
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.📖 Read
via "Dark Reading".
Dark Reading
Name That Edge Toon: Mime's the Word
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.
🕴 As LA Unified Battles Ransomware, CISA Warns About Back-to-School Attacks 🕴
📖 Read
via "Dark Reading".
Hours after Los Angeles Unified School District hit with ransomware attack, CISA issued an alert that threat actors are actively targeting the education sector.📖 Read
via "Dark Reading".
Dark Reading
As LA Unified Battles Ransomware, CISA Warns About Back-to-School Attacks
Hours after Los Angeles Unified School District was hit with ransomware attack, CISA issued an alert that threat actors are actively targeting the education sector.
‼ CVE-2022-26455 ‼
📖 Read
via "National Vulnerability Database".
In gz, there is a possible memory corruption due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07177858; Issue ID: ALPS07177858.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23691 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability exists in certain AOS-CX switch models which could allow an attacker with access to the recovery console to bypass normal authentication. A successful exploit allows an attacker to bypass system authentication and achieve total switch compromise in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1070 and below, AOS-CX 10.06.xxxx: 10.06.0210 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address this security vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2438 ‼
📖 Read
via "National Vulnerability Database".
The Broken Link Checker plugin for WordPress is vulnerable to deserialization of untrusted input via the '$log_file' value in versions up to, and including 1.11.16. This makes it possible for authenticated attackers with administrative privileges and above to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39326 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.📖 Read
via "National Vulnerability Database".