PT-2022-19868 · Western Digital · Western Digital My Cloud

Name of the Vulnerable Software and Affected Versions: Western Digital My Cloud versions prior to 5.25.124 Description: The issue is related to an Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices. This vulnerability allows...

CVE-2022-29838

CVE-2022-29838 describes an Improper Authentication vulnerability in the encrypted volumes and auto-mount features of Western Digital My Cloud devices. The issue allows insecure direct access to drive information in the event of a device reset. Affected product: Western Digital My Cloud (Linux) w...

python-scciclient: missing server certificate verification

A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle MITM attacks...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2.4 (python-paramiko) security update

An update for python-paramiko is now available for Red Hat OpenStack Platform 16.2.4 Train. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

DEV-0139 launches targeted attacks against the cryptocurrency industry

Over the past several years, the cryptocurrency market has considerably expanded, gaining the interest of investors and threat actors. Cryptocurrency itself has been used by cybercriminals for their operations, notably for ransom payment in ransomware attacks, but we have also observed threat...

Mozilla Thunderbird Security Advisories (MFSA2022-50, MFSA2022-50) - Windows

Mozilla Thunderbird is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

The 5 Core Principles of the Zero-Trust Cybersecurity Model

When even the US Government concludes that to ensure baseline security practices are in place and to realize the security benefits of cloud-based infrastructure while mitigating associated risks, they must migrate to a zero-trust model, every organization should be actively moving in that...

XWiki Platform 安全漏洞

XWiki Platform is the French company XWiki's set of Wiki platform for creating Web collaboration applications. An input validation error vulnerability exists in XWiki Platform that stems from not properly clearing obfuscated entries. An attacker could exploit this vulnerability to obtain encrypte...

libguestfs security, bug fix, and enhancement update

1.48.4-2.0.1 - Add btrfs-progs to the packages installed in the appliance Orabug: 34137448 - Replace upstream references from a description tag - Fix build on Oracle Linux Orabug: 29319324 - Set DISTROORACLELINUX correspeonding to ol 1:1.48.4-2 - Rebase to new stable branch version 1.48.4 resolve...

PT-2022-36778 · Unknown · Libarchive

Name of the Vulnerable Software and Affected Versions: libarchive affected versions not specified Description: The issue is related to a heap-buffer-overflow read crash. It occurs in the archive read has encrypted entries function. Recommendations: At the moment, there is no information about a...

Fedora: Security Advisory for krb5 (FEDORA-2022-88cefef88c)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

IBM Sterling Partner Engagement Manager Information Disclosure Vulnerability (CNVD-2022-85417)

An information disclosure vulnerability exists in IBM Sterling Partner Engagement Manager version 2.0, an automated management tool from International Business Machines Corporation IBM. The vulnerability stems from inadequate protection of sensitive information and encrypted storage of locally...

DEV-0569 finds new ways to deliver Royal ransomware, various payloads

Recent activity from the threat actor that Microsoft tracks as DEV-0569, known to distribute various payloads, has led to the deployment of the Royal ransomware, which first emerged in September 2022 and is being distributed by multiple threat actors. Observed DEV-0569 attacks show a pattern of...

DEV-0569 finds new ways to deliver Royal ransomware, various payloads

Recent activity from the threat actor that Microsoft tracks as DEV-0569, known to distribute various payloads, has led to the deployment of the Royal ransomware, which first emerged in September 2022 and is being distributed by multiple threat actors. Observed DEV-0569 attacks show a pattern of...

CVE-2022-34354

IBM Sterling Partner Engagement Manager 2.0 allows encrypted storage of client data to be stored locally which can be read by another user on the system. IBM X-Force ID: 230424...

CVE-2022-34354

IBM Sterling Partner Engagement Manager 2.0 allows encrypted storage of client data to be stored locally which can be read by another user on the system. IBM X-Force ID: 230424...

CVE-2022-34354 IBM Sterling Partner Engagement Manager information disclosure

IBM Sterling Partner Engagement Manager 2.0 allows encrypted storage of client data to be stored locally which can be read by another user on the system. IBM X-Force ID: 230424...

CVE-2022-34354 IBM Sterling Partner Engagement Manager information disclosure

IBM Sterling Partner Engagement Manager 2.0 allows encrypted storage of client data to be stored locally which can be read by another user on the system. IBM X-Force ID: 230424...

CVE-2022-34354

Affected product: IBM Sterling Partner Engagement Manager 2.0. The vulnerability is an information disclosure where encrypted client data stored locally can be read by another user on the same system. Root cause: inadequate protection of locally stored data leading to exposure. Impact: confidenti...

IBM Sterling Partner Engagement Manager 安全漏洞

An information disclosure vulnerability exists in IBM Sterling Partner Engagement Manager version 2.0, an automated management tool from International Business Machines Corporation IBM. The vulnerability stems from inadequate protection of sensitive information and encrypted storage of locally...