176 matches found
Metasploit Weekly Wrap-Up
BYOS: Bring your own stager We try hard to make sure we have a great choice of fully-functional payloads to choose from, but sometimes you might want to “branch” out on your own, and if that’s the case we’ve got you covered. In an attempt to make Metasploit play well with others, we’ve introduced...
CVE-2020-4926
A vulnerability in the Spectrum Scale 5.1 core component and IBM Elastic Storage System 6.1 could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191600...
Code injection
A vulnerability in the Spectrum Scale 5.1 core component and IBM Elastic Storage System 6.1 could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191600...
CVE-2020-4926
A vulnerability in the Spectrum Scale 5.1 core component and IBM Elastic Storage System 6.1 could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191600...
Authentication flaw
Improper authentication vulnerability in the communication protocol provided by AD Automation Design server of CENTUM VP R6.01.10 to R6.09.00, CENTUM VP Small R6.01.10 to R6.09.00, CENTUM VP Basic R6.01.10 to R6.09.00, and B/M9000 VP R8.01.01 to R8.03.01 allows an attacker to use the functions...
CVE-2022-26034
The CVE-2022-26034 issue affects Yokogawa CENTUM VP family and B/M9000 VP (notably CENTUM VP R6.01.10–R6.09.00; B/M9000 VP R8.01.01–R8.03.01; and ProSafe-RS up to R4.07.00 if RS4E5000 is installed). The root cause is improper authentication in the AD server’s communication protocol, enabling an a...
CVE-2022-26034
Improper authentication vulnerability in the communication protocol provided by AD Automation Design server of CENTUM VP R6.01.10 to R6.09.00, CENTUM VP Small R6.01.10 to R6.09.00, CENTUM VP Basic R6.01.10 to R6.09.00, and B/M9000 VP R8.01.01 to R8.03.01 allows an attacker to use the functions...
USN-5377-1: Linux kernel (BlueField) vulnerabilities
It was discovered that the network traffic control implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-1055 Yiqi Sun and Kevin Wang discovered that the...
PT-2022-1913
Name of the Vulnerable Software and Affected Versions PJSIP affected versions not specified Description The issue is related to a stack overflow in the PJSUA API when calling the pjsua playlist create function. An attacker-controlled file names argument may cause a buffer overflow since it is...
CVE-2021-35533
Improper Input Validation vulnerability in the APDU parser in the Bidirectional Communication Interface BCI IEC 60870-5-104 function of Hitachi Energy RTU500 series allows an attacker to cause the receiving RTU500 CMU of which the BCI is enabled to reboot when receiving a specially crafted messag...
Cybersecurity Experts Warn of a Rise in Lyceum Hacker Group Activities in Tunisia
A threat actor, previously known for striking organizations in the energy and telecommunications sectors across the Middle East as early as April 2018, has evolved its malware arsenal to strike two entities in Tunisia. Security researchers at Kaspersky, who presented their findings at the...
CVE-2021-27499
Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application layer encryption of the communication protocol between the Ypsomed mylife App and mylife Cloud uses non-random IVs, which allows...
CVE-2021-27503
Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application encrypts on the application layer of the communication protocol between the Ypsomed mylife App and mylife Cloud credentials based on...
Code injection
Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application layer encryption of the communication protocol between the Ypsomed mylife App and mylife Cloud uses non-random IVs, which allows...
CVE-2021-27503
CVE-2021-27503 affects Ypsomed mylife Cloud (all versions before 1.7.2) and mylife App (before 1.7.5). The root cause is encryption at the application layer based on hard-coded secrets in the client–server protocol, which can enable man-in-the-middle tampering of messages. The Red Hat and other s...
CVE-2021-27503
Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application encrypts on the application layer of the communication protocol between the Ypsomed mylife App and mylife Cloud credentials based on...
CVE-2021-27499
Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application layer encryption of the communication protocol between the Ypsomed mylife App and mylife Cloud uses non-random IVs, which allows...
CVE-2021-27499
Summary: CVE-2021-27499 affects Ypsomed mylife Cloud (pre-1.7.2) and mylife App (pre-1.7.5). The root cause is use of non-random IVs in the CBC-mode encryption of the communication protocol between the mylife App and mylife Cloud, allowing an attacker to tamper with messages and potentially affec...
Ypsomed mylife App trust management issue vulnerability
Ypsomed mylife App is an application of Ypsomed AG. To optimize communication between people with diabetes and healthcare professionals, mylife Therapy Management is an easy-to-use, easy-to-share solution for diabetes therapy data. mylife App is vulnerable to a trust management issue, which stems...
CVE-2020-27269
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications lacks replay protection measures, which allows unauthenticated, physically proximate attackers to replay communication sequences...