‼ CVE-2021-38363 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in ONOS 2.5.1. In IntentManager, the install-requested intent (which causes an exception) remains in pendingMap (in memory) forever. Deletion is possible neither by a user nor by the intermittent Intent Cleanup process.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29609 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in ONOS 2.5.1. An intent with the same source and destination shows the INSTALLING state, indicating that its flow rules are installing. Improper handling of such an intent is misleading to a network operator.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24035 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in ONOS 2.5.1. The purge-requested intent remains on the list, but it does not respond to changes in topology (e.g., link failure). In combination with other applications, it could lead to a failure of network management.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29607 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in ONOS 2.5.1. Modification of an existing intent to have the same source and destination shows the INSTALLED state without any flow rule. Improper handling of such an intent is misleading to a network operator.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29944 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in ONOS 2.5.1. There is an incorrect comparison of paths installed by intents. An existing intents does not redirect to a new path, even if a new intent that shares the path with higher priority is installed.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29608 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in ONOS 2.5.1. An intent with a port that is an intermediate point of its path installs an invalid flow rule, causing a network loop.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38364 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in ONOS 2.5.1. There is an incorrect comparison of flow rules installed by intents. A remote attacker can install or remove a new intent, and consequently modify or delete the existing flow rules related to other intents.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29605 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in ONOS 2.5.1. IntentManager attempts to install the IPv6 flow rules of an intent into an OpenFlow 1.0 switch that does not support IPv6. Improper handling of the difference in capabilities of the intent and switch is misleading to a network operator.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29606 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in ONOS 2.5.1. An intent with a large port number shows the CORRUPT state, which is misleading to a network operator. Improper handling of such port numbers causes inconsistency between intent and flow rules in the network.📖 Read
via "National Vulnerability Database".
âš Ex-CEO of breached pyschotherapy clinic gets prison sentence for bad data security âš
📖 Read
via "Naked Security".
Did the sentence fit the crime? Read the backstory, and then have your say in our comments! (You may post anonymously.)📖 Read
via "Naked Security".
Naked Security
Ex-CEO of breached pyschotherapy clinic gets prison sentence for bad data security
Did the sentence fit the crime? Read the backstory, and then have your say in our comments! (You may post anonymously.)
🕴 Global Spyware Attacks Spotted Against Both New & Old iPhones 🕴
📖 Read
via "Dark Reading".
Campaigns that wielded NSO Group's Pegasus against high-risk users over a six-month period demonstrate the growing sophistication and relentless nature of spyware actors.📖 Read
via "Dark Reading".
Dark Reading
Global Spyware Attacks Spotted Against Both New & Old iPhones
Campaigns that wielded NSO Group's Pegasus against high-risk users over a six-month period demonstrate the growing sophistication and relentless nature of spyware actors.
‼ CVE-2023-22309 ‼
📖 Read
via "National Vulnerability Database".
Reflective Cross-Site-Scripting in Webconf in Tribe29 Checkmk Appliance before 1.6.4.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29926 ‼
📖 Read
via "National Vulnerability Database".
PowerJob V4.3.2 has unauthorized interface that causes remote code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46302 ‼
📖 Read
via "National Vulnerability Database".
Broad access controls could allow site users to directly interact with the system Apache installation when providing the reverse proxy configurations for Tribe29's Checkmk <= 2.1.0p6, Checkmk <= 2.0.0p27, and all versions of Checkmk 1.6.0 (EOL) allowing an attacker to perform remote code execution with root privileges on the underlying host.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27652 ‼
📖 Read
via "National Vulnerability Database".
An issue found in Ego Studio SuperClean v.1.1.9 and v.1.1.5 allows an attacker to gain privileges cause a denial of service via the update_info field of the _default_.xml file.📖 Read
via "National Vulnerability Database".
🕴 Tech Insight: Dangers of Using Large Language Models Before They Are Baked 🕴
📖 Read
via "Dark Reading".
Today's LLMs pose too many trust and security risks.📖 Read
via "Dark Reading".
Dark Reading
Expert Insight: Dangers of Using Large Language Models Before They Are Baked
Today's LLMs pose too many trust and security risks.
🕴 Twitter's 2FA Policy Is a Call for Passkey Disruption 🕴
📖 Read
via "Dark Reading".
Overcoming the limitations of consumer MFA with a new flavor of passwordless.📖 Read
via "Dark Reading".
Dark Reading
Twitter's 2FA Policy Is a Call for Passkey Disruption
Overcoming the limitations of consumer MFA with a new flavor of passwordless.
âš S3 Ep131: Can you really have fun with FORTRAN? âš
📖 Read
via "Naked Security".
Loop-the-loop in this week's episode. Entertaining, educational and all in plain English. Transcript inside.📖 Read
via "Naked Security".
Naked Security
S3 Ep131: Can you really have fun with FORTRAN?
Loop-the-loop in this week’s episode. Entertaining, educational and all in plain English. Transcript inside.
‼ CVE-2023-25601 ‼
📖 Read
via "National Vulnerability Database".
On version 3.0.0 through 3.1.1, Apache DolphinScheduler's python gateway suffered from improper authentication: an attacker could use a socket bytes attack without authentication. This issue has been fixed from version 3.1.2 onwards. For users who use version 3.0.0 to 3.1.1, you can turn off the python-gateway function by changing the value `python-gateway.enabled=false` in configuration file `application.yaml`. If you are using the python gateway, please upgrade to version 3.1.2 or above.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1255 ‼
📖 Read
via "National Vulnerability Database".
Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM platform can crash in rare circumstances. The AES-XTS algorithm is usually used for disk encryption. The AES-XTS cipher decryption implementation for 64 bit ARM platform will read past the end of the ciphertext buffer if the ciphertext size is 4 mod 5, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext buffer is unmapped, this will trigger a crash which results in a denial of service. If an attacker can control the size and location of the ciphertext buffer being decrypted by an application using AES-XTS on 64 bit ARM, the application is affected. This is fairly unlikely making this issue a Low severity one.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23938 ‼
📖 Read
via "National Vulnerability Database".
Tuleap is a Free & Source tool for end to end traceability of application and system developments. Affected versions are subject to a cross site scripting attack which can be injected in the name of a color of select box values of a tracker and then reflected in the tracker administration. Administrative privilege is required, but an attacker with tracker administration rights could use this vulnerability to force a victim to execute uncontrolled code in the context of their browser. This issue has been addressed in Tuleap Community Edition version 14.5.99.4. Users are advised to upgrade. There are no known workarounds for this issue.📖 Read
via "National Vulnerability Database".