TP-Link Archer AX-21 Command Injection Vulnerability

TP-Link Archer AX-21 contains a command injection vulnerability that allows for remote code execution...

ax-env (>=0.2.2 <=0.3.1), fb-sapp (>=0.5.3 <=0.5.4) +4 more potentially affected by CVE-2022-4899 via zstd (>=1.4.4.0 <=1.5.2.6)

zstd PYPI version =1.4.4.0, =0.2.2, =0.5.3, =0.0.1a0, =1.0.0, =1.3.0 Source cves: CVE-2022-4899 Source advisory: OSV:GHSA-5C9C-6X87-F9VM...

ax-env (>=0.2.2 <=0.3.1), fb-sapp (>=0.5.3 <=0.5.4) +4 more potentially affected by CVE-2022-4899 via zstd (>=1.4.4.0 <=1.5.2.6)

zstd PYPI version =1.4.4.0, =0.2.2, =0.5.3, =0.0.1a0, =1.0.0, =1.3.0 Source cves: CVE-2022-4899 Source advisory: OSV:PYSEC-2023-121...

CBL Mariner 2.0 Security Update: kernel (CVE-2022-1204)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-1204 advisory. - A use-after-free flaw was found in the Linux kernel's Amateur Radio AX.25 protocol functionality in the way a...

CBL Mariner 2.0 Security Update: kernel (CVE-2022-1205)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-1205 advisory. - A NULL pointer dereference flaw was found in the Linux kernel's Amateur Radio AX.25 protocol functionality in...

Tridium Niagara AX Insufficiently Protected Credentials (CVE-2012-4028)

Tridium Niagara AX Framework does not properly store credential data, which allows context-dependent attackers to bypass intended access restrictions by using the stored information for authentication. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-o...

Tridium Niagara AX Insufficiently Protected Credentials (CVE-2012-3025)

The default configuration of Tridium Niagara AX Framework through 3.6 uses a cleartext base64 format for transmission of credentials in cookies, which allows remote attackers to obtain sensitive information by sniffing the network. This plugin only works with Tenable.ot. Please visit...

Tridium Niagara AX Path Traversal (CVE-2012-4027)

Directory traversal vulnerability in Tridium Niagara AX Framework allows remote attackers to read files outside of the intended images, nav, and px folders by leveraging incorrect permissions, as demonstrated by reading the config.bog file. This plugin only works with Tenable.ot. Please visit...

Tridium Niagara Enterprise Security, Niagara AX, and Niagara 4 Improper Neutralization of Input During Web Page Generation (CVE-2018-18985)

Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4 a cross-site scripting vulnerability has been identified that may all...

Tridium Niagara AX Improper Authentication (CVE-2012-3024)

Tridium Niagara AX Framework through 3.6 uses predictable values for 1 session IDs and 2 keys, which might allow remote attackers to bypass authentication via a brute-force attack. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more informatio...

Tridium Niagara Improper Authentication (CVE-2017-16748)

An attacker can log into the local Niagara platform Niagara AX Framework Versions 3.8 and prior or Niagara 4 Framework Versions 4.4 and prior using a disabled account name and a blank password, granting the attacker administrator access to the Niagara system. This plugin only works with Tenable.o...

Tridium Niagara AX Path Traversal (CVE-2012-4701)

Directory traversal vulnerability in Tridium Niagara AX 3.5, 3.6, and 3.7 allows remote attackers to read sensitive files, and consequently execute arbitrary code, by leveraging 1 valid credentials or 2 the guest feature. This plugin only works with Tenable.ot. Please visit...

PT-2023-19481 · Tenda · Tenda Ax3

Name of the Vulnerable Software and Affected Versions: Tenda AX3 version 16.03.12.11 Description: A stack overflow issue was discovered via the timeType function at the "/goform/SetSysTimeCfg" API endpoint. Recommendations: For Tenda AX3 version 16.03.12.11, consider disabling access to the...

Similarities between hacktivist groups reveal Iranian connection

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary COBALT SAPLING is a threat actor group that is believed to be Iranian in origin. The group has been found to operate multiple hacktivist group personas, including Moses Staff and Abrahams Ax. Researchers...

Researchers Uncover Connection b/w Moses Staff and Emerging Abraham's Ax Hacktivists Group

New research has linked the operations of a politically motivated hacktivist group known as Moses Staff to another nascent threat actor named Abraham's Ax that emerged in November 2022. This is based on "several commonalities across the iconography, videography, and leak sites used by the groups,...

Researchers Uncover Connection b/w Moses Staff and Emerging Abraham's Ax Hacktivists Group

New research has linked the operations of a politically motivated hacktivist group known as Moses Staff to another nascent threat actor named Abraham's Ax that emerged in November 2022. This is based on "several commonalities across the iconography, videography, and leak sites used by the groups,...

aimodelshare (>=0.0.157 <=0.1.0), aliby (>=0.1.18 <=0.1.55) +69 more potentially affected by unknown CVE via tensorflow (>=2.9.0 <=2.9.2)

tensorflow PYPI version =2.9.0, =0.0.157, =0.1.18, =0.1.11, =0.30.0, =0.2.6, =0.0.1, =1.0.0, =0.0.0, =4.8.2, =0.9.0, =0.99.1 - cvt-tensorflow =1.1.4 and more Source cves: unknown CVE Source advisory: OSV:GHSA-XF83-Q765-XM6M...

Ubuntu: Security Advisory (USN-5650-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5650-1 linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities

It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-33655 It was...

acuity (=6.18.0), acuitypro (=6.18.0) +60 more potentially affected by CVE-2022-35972 via tensorflow (>=2.8.0 <=2.8.0rc1)

tensorflow PYPI version =2.8.0, =1.2.8, =1.0.43, =0.2.2, =0.0.1, =0.0.2, =0.2.8, =0.14.0, =0.1.3, =0.0.9, =0.2.27, =0.2.41 - complaintclassify =0.0.5 - conversational-sentence-encoder =0.0.6 and more Source cves: CVE-2022-35972 Source advisory: OSV:GHSA-4PC4-M9MJ-V2R9...