‼ CVE-2022-33178 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33183 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote authenticated attacker to perform stack buffer overflow using in “firmwaredownloadâ€� and “diagshowâ€� commands.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33184 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, 7.4.2j could allow local authenticated attackers to exploit stack-based buffer overflows and execute arbitrary code as the root user account.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28169 ‼
📖 Read
via "National Vulnerability Database".
Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user. By exploiting this vulnerability, a user whose role is not an admin can create a new user with an admin role using the operator session id. The issue was replicated after intercepting the admin, and operator authorization headers sent unencrypted and editing a user addition request to use the operator's authorization header.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33180 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with “seccryptocfgâ€�, “configuploadâ€�.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33179 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells with “set contextâ€� and escalate privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28170 ‼
📖 Read
via "National Vulnerability Database".
Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33182 ‼
📖 Read
via "National Vulnerability Database".
A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root using switch commands “supportlinkâ€�, “firmwaredownloadâ€�, “portcfgupload, license, and “fosexecâ€�.📖 Read
via "National Vulnerability Database".
⚠ Apple megaupdate: Ventura out, iOS and iPad kernel zero-day – act now! ⚠
📖 Read
via "Naked Security".
Ventura hits the market with 112 patches, Catalina's gone missing, and iPhones and iPads get a critical kernel-level zero-day patch...📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
⚠ Clearview AI image-scraping face recognition service hit with €20m fine in France ⚠
📖 Read
via "Naked Security".
"We told you to stop but you ignored us," said the French regulator, "so now we're coming after you again."📖 Read
via "Naked Security".
Naked Security
Clearview AI image-scraping face recognition service hit with €20m fine in France
“We told you to stop but you ignored us,” said the French regulator, “so now we’re coming after you again.”
‼ CVE-2022-43750 ‼
📖 Read
via "National Vulnerability Database".
drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43747 ‼
📖 Read
via "National Vulnerability Database".
baramundi Management Agent (bMA) in baramundi Management Suite (bMS) 2021 R1 and R2 and 2022 R1 allows remote code execution. This is fixed in 2022 R2.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31256 ‼
📖 Read
via "National Vulnerability Database".
A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called by the sendmail systemd service of openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: SUSE openSUSE Factory sendmail versions prior to 8.17.1-1.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25849 ‼
📖 Read
via "National Vulnerability Database".
The package joyqi/hyper-down from 0.0.0 are vulnerable to Cross-site Scripting (XSS) because the module of parse markdown does not filter the href attribute very well.📖 Read
via "National Vulnerability Database".
🕴 Dark Reading Launches New Section Dedicated to ICS/OT Security 🕴
📖 Read
via "Dark Reading".
ICS/OT Security joins the lineup of 14 cybersecurity topic sections on the media site.📖 Read
via "Dark Reading".
Dark Reading
Dark Reading Launches New Section Dedicated to ICS/OT Security
ICS/OT Security joins the lineup of 14 cybersecurity topic sections on the media site.
🕴 Top 10 Kubernetes Security Risks Every DevSecOps Pro Should Know 🕴
📖 Read
via "Dark Reading".
The mission to run any containerized application on any infrastructure makes security a challenge on Kubernetes.📖 Read
via "Dark Reading".
Dark Reading
Top 10 Kubernetes Security Risks Every DevSecOps Pro Should Know
The mission to run any containerized application on any infrastructure makes security a challenge on Kubernetes.
🕴 Baltimore/Washington International Thurgood Marshall Airport Selects Telos to Process Background Checks for Aviation Workers 🕴
📖 Read
via "Dark Reading".
Telos' aviation channeling service offers increased efficiency and flexibility in credentialing operations at the busiest airport in the Washington-Baltimore region.📖 Read
via "Dark Reading".
Dark Reading
Baltimore/Washington International Thurgood Marshall Airport Selects Telos to Process Background Checks for Aviation Workers
Telos' aviation channeling service offers increased efficiency and flexibility in credentialing operations at the busiest airport in the Washington-Baltimore region.
🛠 nfstream 6.5.3 🛠
📖 Read
via "Packet Storm Security".
nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.📖 Read
via "Packet Storm Security".
Packetstormsecurity
nfstream 6.5.3 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🕴 Rezilion Vulnerability Scanner Benchmark Report Finds Top Scanners Only 73% Accurate 🕴
📖 Read
via "Dark Reading".
Majority of vulnerability scanner tools overwhelming teams with false positives and missing exploitable vulnerabilities.📖 Read
via "Dark Reading".
Dark Reading
Rezilion Vulnerability Scanner Benchmark Report Finds Top Scanners Only 73% Accurate
Majority of vulnerability scanner tools overwhelming teams with false positives and missing exploitable vulnerabilities.
🕴 Open Source Is Just the Tip of the Iceberg in Software Supply Chain Security 🕴
📖 Read
via "Dark Reading".
As more of the software stack consists of third-party code, it's time for a more-advanced open source vetting system.📖 Read
via "Dark Reading".
Dark Reading
Open Source Is Just the Tip of the Iceberg in Software Supply Chain Security
As more of the software stack consists of third-party code, it's time for a more-advanced open source vetting system.
🕴 BlackBerry Launches Cyber Threat Intelligence Service to Strengthen Cyber Defenses 🕴
📖 Read
via "Dark Reading".
New service from BlackBerry's Threat Research and Intelligence Team reduces unknowns to enhance detection and response.📖 Read
via "Dark Reading".
Dark Reading
BlackBerry Launches Cyber Threat Intelligence Service to Strengthen Cyber Defenses
New service from BlackBerry's Threat Research and Intelligence Team reduces unknowns to enhance detection and response.