🗓️ Vulnerability in Apache Pulsar allowed manipulator-in-the-middle attacks 🗓️
📖 Read
via "The Daily Swig".
Clients vulnerable due to improper certificate validation📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Vulnerability in Apache Pulsar allowed manipulator-in-the-middle attacks
Clients vulnerable due to improper certificate validation
🛠 nfstream 6.5.2 🛠
📖 Read
via "Packet Storm Security".
nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.📖 Read
via "Packet Storm Security".
Packetstormsecurity
nfstream 6.5.2 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🛠 Suricata IDPE 6.0.8 🛠
📖 Read
via "Packet Storm Security".
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Suricata IDPE 6.0.8 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
‼ CVE-2022-40083 ‼
📖 Read
via "National Vulnerability Database".
Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery (SSRF).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22524 ‼
📖 Read
via "National Vulnerability Database".
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an unauthenticated remote attacker could utilize a SQL-Injection vulnerability to gain full database access, modify users and stop services .📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22522 ‼
📖 Read
via "National Vulnerability Database".
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain full access to the device.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40912 ‼
📖 Read
via "National Vulnerability Database".
ETAP Lighting International NV ETAP Safety Manager 1.0.0.32 is vulnerable to Cross Site Scripting (XSS). Input passed to the GET parameter 'action' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22523 ‼
📖 Read
via "National Vulnerability Database".
An improper authentication vulnerability exists in the Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 Web-App which allows an authentication bypass to the context of an unauthorised user if free-access is disabled.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28816 ‼
📖 Read
via "National Vulnerability Database".
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy is prone to reflected XSS which only affects the Sentilo service.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40082 ‼
📖 Read
via "National Vulnerability Database".
Hertz v0.3.0 ws discovered to contain a path traversal vulnerability via the normalizePath function.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22526 ‼
📖 Read
via "National Vulnerability Database".
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a missing authentication allows for full access via API.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39261 ‼
📖 Read
via "National Vulnerability Database".
Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a user input. It is possible to use the `source` or `include` statement to read arbitrary files from outside the templates' directory when using a namespace like `@somewhere/../some.file`. In such a case, validation is bypassed. Versions 1.44.7, 2.15.3, and 3.4.3 contain a fix for validation of such template names. There are no known workarounds aside from upgrading.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28813 ‼
📖 Read
via "National Vulnerability Database".
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of an SQL-injection to gain access to a volatile temporary database with the current states of the device.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40942 ‼
📖 Read
via "National Vulnerability Database".
Tenda TX3 US_TX3V1.0br_V16.03.13.11 is vulnerable to stack overflow via compare_parentcontrol_time.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22525 ‼
📖 Read
via "National Vulnerability Database".
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an remote attacker with admin rights could execute arbitrary commands due to missing input sanitization in the backup restore function📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28811 ‼
📖 Read
via "National Vulnerability Database".
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could utilize an improper input validation on an API-submitted parameter to execute arbitrary OS commands.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28815 ‼
📖 Read
via "National Vulnerability Database".
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy server was discovered to contain a SQL injection vulnerability allowing an attacker to query other tables of the Sentilo service.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43980 ‼
📖 Read
via "National Vulnerability Database".
The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28814 ‼
📖 Read
via "National Vulnerability Database".
Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 was discovered to be vulnerable to a relative path traversal vulnerability which enables remote attackers to read arbitrary files and gain full control of the device.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28812 ‼
📖 Read
via "National Vulnerability Database".
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain SuperUser access to the device.📖 Read
via "National Vulnerability Database".
🕴 The Countdown to DORA 🕴
📖 Read
via "Dark Reading".
With provisional agreement reached on the Digital Operational Resilience Act, the clock is now ticking for banks and information and communications technology (ICT) services companies with European operations. Here's what you need to know.📖 Read
via "Dark Reading".
Dark Reading
The Countdown to DORA
With provisional agreement reached on the Digital Operational Resilience Act, the clock is now ticking for banks and information and communications technology (ICT) services companies with European operations. Here's what you need to know.