βΌ CVE-2022-2484 βΌ
π Read
via "National Vulnerability Database".
The signature check in the Nokia ASIK AirScale system module version 474021A.101 can be bypassed allowing an attacker to run modified firmware. This could result in the execution of a malicious kernel, arbitrary programs, or modified Nokia programs.π Read
via "National Vulnerability Database".
βΌ CVE-2018-25068 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in devent globalpom-utils up to 4.5.0 and classified as critical. This vulnerability affects the function createTmpDir of the file globalpomutils-fileresources/src/main/java/com/anrisoftware/globalpom/fileresourcemanager/FileResourceManagerProvider.java. The manipulation leads to insecure temporary file. The attack can be initiated remotely. Upgrading to version 4.5.1 is able to address this issue. The name of the patch is 77a820bac2f68e662ce261ecb050c643bd7ee560. It is recommended to upgrade the affected component. VDB-217570 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44939 βΌ
π Read
via "National Vulnerability Database".
Efs Software Easy Chat Server Version 3.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. This vulnerability allows attackers to execute arbitrary code via a crafted DLL.π Read
via "National Vulnerability Database".
βΌ CVE-2018-25067 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in JoomGallery up to 3.3.3. This affects an unknown part of the file administrator/components/com_joomgallery/views/config/tmpl/default.php of the component Image Sort Handler. The manipulation leads to sql injection. Upgrading to version 3.3.4 is able to address this issue. The name of the patch is dc414ee954e849082260f8613e15a1c1e1d354a1. It is recommended to upgrade the affected component. The identifier VDB-217569 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40201 βΌ
π Read
via "National Vulnerability Database".
Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to a Stack-Based Buffer Overflow when a malformed design (DGN) file is parsed. This may allow an attacker to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41613 βΌ
π Read
via "National Vulnerability Database".
Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to an Out-of-Bounds Read when when parsing DGN files, which may allow an attacker to crash the product, disclose sensitive information, or execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2482 βΌ
π Read
via "National Vulnerability Database".
A vulnerability exists in NokiaΓ’β¬β’s ASIK AirScale system module (versions 474021A.101 and 474021A.102) that could allow an attacker to place a script on the file system accessible from Linux. A script placed in the appropriate place could allow for arbitrary code execution in the bootloader.π Read
via "National Vulnerability Database".
βΌ CVE-2013-10008 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in sheilazpy eShop. It has been classified as critical. Affected is an unknown function. The manipulation leads to sql injection. The name of the patch is e096c5849c4dc09e1074104531014a62a5413884. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217572.π Read
via "National Vulnerability Database".
βΌ CVE-2014-125052 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in JervenBolleman sparql-identifiers and classified as critical. This issue affects some unknown processing of the file src/main/java/org/identifiers/db/RegistryDao.java. The manipulation leads to sql injection. The name of the patch is 44bb0db91c064e305b192fc73521d1dfd25bde52. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217571.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2483 βΌ
π Read
via "National Vulnerability Database".
The bootloader in the Nokia ASIK AirScale system module (versions 474021A.101 and 474021A.102) loads public keys for firmware verification signature. If an attacker modifies the flash contents to corrupt the keys, secure boot could be permanently disabled on a given device.π Read
via "National Vulnerability Database".
π΄ In Memoriam: Remembering Those Who Passed π΄
π Read
via "Dark Reading".
Security stands on the shoulders of giants. We take a moment to remember their contributions toward keeping people, data, and systems safe.π Read
via "Dark Reading".
Dark Reading
In Memoriam: Remembering Those Who Passed
Security stands on the shoulders of giants. We take a moment to remember their contributions toward keeping people, data, and systems safe.
βΌ CVE-2022-45911 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur on the Classic UI login page by injecting arbitrary JavaScript code in the username field. This occurs before the user logs into the system, which means that even if the attacker executes arbitrary JavaScript, they will not get any sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45913 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur via one of attributes in webmail URLs to execute arbitrary JavaScript code, leading to information disclosure.π Read
via "National Vulnerability Database".
βΌ CVE-2014-125053 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Piwigo-Guest-Book up to 1.3.0. It has been declared as critical. This vulnerability affects unknown code of the file include/guestbook.inc.php of the component Navigation Bar. The manipulation of the argument start leads to sql injection. Upgrading to version 1.3.1 is able to address this issue. The name of the patch is 0cdd1c388edf15089c3a7541cefe7756e560581d. It is recommended to upgrade the affected component. VDB-217582 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
π’ Play ransomware gang behind recent cyber attack on Rackspace π’
π Read
via "ITPro".
Rackspace said that βmore than halfβ of affected customers have regained access to data in the wake of the attackπ Read
via "ITPro".
ITPro
Play ransomware gang behind recent cyber attack on Rackspace
Rackspace said that βmore than halfβ of affected customers have regained access to data in the wake of the attack
π’ The IT Pro Podcast: Going passwordless π’
π Read
via "ITPro".
Something you are, or something you have, could be more important than a password you know in the near futureπ Read
via "ITPro".
ITPro
The IT Pro Podcast: Going passwordless
Something you are, or something you have, could be more important than a password you know in the near future
π±1
π’ Research: Luxury cars and emergency services vehicles vulnerable to remote takeover π’
π Read
via "ITPro".
A "global API issue" has been highlighted through months-long research into brands such as Ferrari and Mercedes-Benz, leaving owners open to hacking, account takeovers, and moreπ Read
via "ITPro".
ITPro
Research: Luxury cars and emergency services vehicles vulnerable to remote takeover
A "global API issue" has been highlighted through months-long research into brands such as Ferrari and Mercedes-Benz, leaving owners open to hacking, account takeovers, and more
π’ Cyber attack on car dealership Arnold Clark forces systems offline π’
π Read
via "ITPro".
The company was notified on 23 December about the suspicious incident and IT systems remain down, impacting customer-facing servicesπ Read
via "ITPro".
ITPro
Cyber attack on car dealership Arnold Clark forces systems offline
The company was notified on 23 December about the suspicious incident and IT systems remain down, impacting customer-facing services
π’ Podcast transcript: Going passwordless π’
π Read
via "ITPro".
Read the full transcript for this episode of the IT Pro Podcastπ Read
via "ITPro".
ITPro
Podcast transcript: Going passwordless
Read the full transcript for this episode of the IT Pro Podcast
π’ Rapid7 hires whistleblower Peiter "Mudge" Zatko a year after Twitter sacking π’
π Read
via "ITPro".
Zatko will advise clients at the security firm, in his first public role since launching his whistleblower campaign against Twitterπ Read
via "ITPro".
ITPro
Rapid7 hires whistleblower Peiter "Mudge" Zatko a year after Twitter sacking
Zatko will advise clients at the security firm, in his first public role since launching his whistleblower campaign against Twitter
π1