Altai IX500 安全漏洞

Altai IX500 is an indoor wireless access point from Altai. A security vulnerability exists in Altai IX500. An attacker could exploit the vulnerability to gain unauthorized access, data theft, and network attacks...

CVE-2024-51398

The CVE-2024-51398 entry concerns Altai X500 Indoor 22 802.11ac Wave 2 AP web management with a weak password leakage vulnerability. Connected sources identify the affected product as Altai X500 Indoor 22 802.11ac Wave 2 AP and describe a weakness in the web management interface that could allow ...

CVE-2024-51398

Altai Technologies Ltd Altai X500 Indoor 22 802.11ac Wave 2 AP web Management Weak password leakage in the background may lead to unauthorized access, data theft, and network attacks, seriously threatening network security...

CVE-2024-51398

Altai Technologies Ltd Altai X500 Indoor 22 802.11ac Wave 2 AP web Management Weak password leakage in the background may lead to unauthorized access, data theft, and network attacks, seriously threatening network security...

Fortinet Fortigate Lack of certificate verification when establishing secure connections (FG-IR-18-292)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-18-292 advisory. - An improper certificate validation vulnerability CWE-295 in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer...

Planet Fitness Workouts mobile apps do not properly validate TLS certificates

RISK EVALUATION The Planet Fitness Workouts iOS and Android mobile apps are vulnerable to network attacks due to improper TLS certificate validation, allowing an attacker to obtain session tokens and sensitive information. This issue was fixed in version 9.8.12. 2. RECOMMENDED PRACTICES Upgrade...

CVE-2024-5328 SSRF Vulnerability in lunary-ai/lunary

A Server-Side Request Forgery SSRF vulnerability exists in the lunary-ai/lunary application, specifically within the endpoint '/auth/saml/tto/download-idp-xml'. The vulnerability arises due to the application's failure to validate user-supplied URLs before using them in server-side requests. An...

CentOS 9 : kernel-5.14.0-347.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the kernel-5.14.0-347.el9 build changelog. - A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious conte...

Cybercriminals Weaponizing Open-Source SSH-Snake Tool for Network Attacks

A recently open-sourced network mapping tool called SSH-Snake has been repurposed by threat actors to conduct malicious activities. "SSH-Snake is a self-modifying worm that leverages SSH credentials discovered on a compromised system to start spreading itself throughout the network," Sysdig...

TunnelCrack Vulnerabilities

SonicWall PSIRT is aware of a research publication that outlines a series of attacks known as 'TunnelCrack' vulnerabilities. These attacks occur when VPN client traffic leaks outside of the secure VPN tunnel, typically happening when clients connect to untrusted networks, like rogue Wi-Fi access...

PT-2023-3965

Name of the Vulnerable Software and Affected Versions Oracle Java SE version 8u371 Description The issue is related to a vulnerability in the JavaFX component of Oracle Java SE, allowing an unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successfu...

Video: How Talos’ open-source tools can assist anyone looking to improve their security resilience

Cisco Talos remit is not just to protect our customers from cyber attacks. We also strive to make the internet a better and safer place. Thats one of the reasons why we create and release open-source software, for free. These tools are available to anyone in the security community to enhance thei...

Oracle Linux 8 : php:7.4 (ELSA-2023-2903)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2903 advisory. - CVE-2015-2331: integer overflow when processing ZIP archives 1204676,1204677 - fixes for CVE-2012-1162 and CVE-2012-1163 - fix: due to an integer...

OpenJDK: certificate validation issue in TLS session negotiation (8298310)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit...

CVE-2023-27495 Bypass of CSRF protection in the presence of predictable userInfo in @fastify/csrf-protection

@fastify/csrf-protection is a plugin which helps protect Fastify servers against CSRF attacks. The CSRF protection enforced by the @fastify/csrf-protection library in combination with @fastify/cookie can be bypassed from network and same-site attackers under certain conditions...

Security Bulletin: IBM MQ is affected by a vulnerability in Apache Commons Net (CVE-2021-37533)

Summary IBM MQ Managed File Transfer is affected by a vulnerability in Apache Commons Net. Vulnerability Details CVEID:CVE-2021-37533 DESCRIPTION: Apache Commons Net could allow a remote attacker to obtain sensitive information, caused by an issue with the FTP client trusting the host from PASV...

Why Attackers Target the Healthcare Industry

Key Takeaways: Personal health information PHI is an incredibly valuable category of personal data. When compromised and sold on the dark web, this data can be sold for thousands of dollars. Healthcare is a valuable target to attackers, including the group Killnet, which targeted healthcare sites...

CVE-2022-44037

An access control issue in APsystems ENERGY COMMUNICATION UNIT ECU-C Power Control Software V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2 allows attackers to access sensitive data and execute specific commands and functions with full admin rights without authenticating allows him to perform multiple...

CVE-2021-35246 Unprotected Transport of Credentials (HSTS) Vulnerability

The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a platform for attacks against its users...

Security Bulletin: RMI vulnerability in Java, as used with WebSphere eXtreme Scale

Abstract A security vulnerability in the Remote Method Invocation component of the Java Runtime Environment allows unauthenticated network attacks which can result in unauthorized operating system takeover including arbitrary code execution. Content VULNERABILITY DETAILS: CVE-2013-1537 A...