βΌ CVE-2021-26837 βΌ
π Read
via "National Vulnerability Database".
SQL Injection vulnerability in SearchTextBox parameter in Fortra (Formerly HelpSystems) DeliverNow before version 1.2.18, allows attackers to execute arbitrary code, escalate privileges, and gain sensitive information.π Read
via "National Vulnerability Database".
π΄ 'ShroudedSnooper' Backdoors Use Ultra-Stealth in Mideast Telecom Attacks π΄
π Read
via "Dark Reading".
The threat cluster hasn't been seen before, but its custom Windows server backdoors have researchers intrigued thanks to their extremely effective stealth mechanisms.π Read
via "Dark Reading".
Dark Reading
'ShroudedSnooper' Backdoors Use Ultra-Stealth in Mideast Telecom Attacks
The threat cluster hasn't been seen before, but its custom Windows server backdoors have researchers intrigued thanks to their extremely effective stealth mechanisms.
π1
βΌ CVE-2023-0773 βΌ
π Read
via "National Vulnerability Database".
The vulnerability exists in Uniview IP Camera due to identification and authentication failure at its web-based management interface. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device.Successful exploitation of this vulnerability could allow the attacker to gain complete control of the targeted device.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2567 βΌ
π Read
via "National Vulnerability Database".
A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain parameters used in the Query functionality, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application.Authenticated users can extract arbitrary information from the DBMS in an uncontrolled way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32184 βΌ
π Read
via "National Vulnerability Database".
A Insecure Storage of Sensitive Information vulnerability in openSUSE opensuse-welcome allows local attackers to execute code as the user that runs opensuse-welcome if a custom layout is chosenThis issue affects opensuse-welcome: from 0.1 before 0.1.9+git.35.4b9444a.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32649 βΌ
π Read
via "National Vulnerability Database".
A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, allows an unauthenticated attacker to crash the IDS module by sending specially crafted malformed network packets.During the (limited) time window before the IDS module is automatically restarted, network traffic may not be analyzed.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32186 βΌ
π Read
via "National Vulnerability Database".
A Allocation of Resources Without Limits or Throttling vulnerability in SUSE RKE2 allows attackers with access to K3s servers apiserver/supervisor port (TCP 6443) cause denial of service.This issue affects RKE2: from 1.24.0 before 1.24.17+rke2r1, from v1.25.0 before v1.25.13+rke2r1, from v1.26.0 before v1.26.8+rke2r1, from v1.27.0 before v1.27.5+rke2r1, from v1.28.0 before v1.28.1+rke2r1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29245 βΌ
π Read
via "National Vulnerability Database".
A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, may allow an unauthenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application by sending specially crafted malicious network packets.Malicious users with extensive knowledge on the underlying system may be able to extract arbitrary information from the DBMS in an uncontrolled way, or to alter its structure and data.π Read
via "National Vulnerability Database".
π1
π¦Ώ How to Create and Use a Docker Secret From a File π¦Ώ
π Read
via "Tech Republic".
Learn how to create and use a Docker secret from a file for secure storage of sensitive data with this step-by-step tutorial.π Read
via "Tech Republic".
TechRepublic
How to Create and Use a Docker Secret From a File
Learn how to create and use a Docker secret from a file for secure storage of sensitive data with this step-by-step tutorial.
π¦Ώ How to Create and Use a Docker Secret From a File (+Video) π¦Ώ
π Read
via "Tech Republic".
In this step-by-step tutorial, learn how to create and use a Docker secret to help keep your data secure.π Read
via "Tech Republic".
TechRepublic
How to Create and Use a Docker Secret From a File (+Video)
Learn how to create and use a Docker secret from a file for secure storage of sensitive data with this step-by-step tutorial.
π΄ Engineering-Grade OT Protection π΄
π Read
via "Dark Reading".
The worst-case consequences of cyberattacks are sharply, qualitatively different on IT versus OT networks.π Read
via "Dark Reading".
Dark Reading
Engineering-Grade OT Protection
The worst-case consequences of cyberattacks are sharply, qualitatively different on IT versus OT networks.
βΌ CVE-2022-47557 βΌ
π Read
via "National Vulnerability Database".
** UNSUPPPORTED WHEN ASSIGNED ** Vulnerability in ekorCCP and ekorRCI that could allow an attacker with access to the network where the device is located to decrypt the credentials of privileged users, and subsequently gain access to the system to perform malicious actions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47554 βΌ
π Read
via "National Vulnerability Database".
** UNSUPPPORTED WHEN ASSIGNED ** Exposure of sensitive information in ekorCCP and ekorRCI, potentially allowing a remote attacker to obtain critical information from various .xml files, including .xml files containing credentials, without being authenticated within the web server.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47553 βΌ
π Read
via "National Vulnerability Database".
** UNSUPPPORTED WHEN ASSIGNED ** Incorrect authorisation in ekorCCP and ekorRCI, which could allow a remote attacker to obtain resources with sensitive information for the organisation, without being authenticated within the web server.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23957 βΌ
π Read
via "National Vulnerability Database".
An authenticated user can see and modify the value for Γ’β¬ΛnextΓ’β¬β’ query parameter in Symantec Identity Portal 14.4π Read
via "National Vulnerability Database".
βΌ CVE-2022-47555 βΌ
π Read
via "National Vulnerability Database".
** UNSUPPPORTED WHEN ASSIGNED ** Operating system command injection in ekorCCP and ekorRCI, which could allow an authenticated attacker to execute commands, create new users with elevated privileges or set up a backdoor.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4092 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability in Arconte ΓοΏ½urea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to read sensitive data from the database, modify data (insert/update/delete), perform database administration operations and, in some cases, execute commands on the operating system.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47558 βΌ
π Read
via "National Vulnerability Database".
** UNSUPPPORTED WHEN ASSIGNED ** Devices ekorCCP and ekorRCI are vulnerable due to access to the FTP service using default credentials. Exploitation of this vulnerability can allow an attacker to modify critical files that could allow the creation of new users, delete or modify existing users, modify configuration files, install rootkits or backdoors.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47556 βΌ
π Read
via "National Vulnerability Database".
** UNSUPPPORTED WHEN ASSIGNED ** Uncontrolled resource consumption in ekorRCI, allowing an attacker with low-privileged access to the web server to send continuous legitimate web requests to a functionality that is not properly validated, in order to cause a denial of service (DoS) on the device.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41834 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests.Γ Attackers could potentially inject malicious content into the HTTP response that is sent to the user's browser. Users should upgrade to Apache Flink Stateful Functions version 3.3.0.π Read
via "National Vulnerability Database".
π΄ CapraRAT Impersonates YouTube to Hijack Android Devices π΄
π Read
via "Dark Reading".
Pakistani threat group Transparent Tribe targets military and diplomatic personnel in India and Pakistan with romance-themed lures in the latest spyware campaign.π Read
via "Dark Reading".
Dark Reading
CapraRAT Impersonates YouTube to Hijack Android Devices
Pakistani threat group Transparent Tribe targets military and diplomatic personnel in India and Pakistan with romance-themed lures in the latest spyware campaign.