PT-2022-18704 · Pexip · Pexip Infinity

Name of the Vulnerable Software and Affected Versions: Pexip Infinity versions prior to 27.3 Description: The issue allows remote attackers to trigger a software abort via H.323. Recommendations: For versions prior to 27.3, update to version 27.3 or later to resolve the issue...

PT-2022-18701 · Pexip · Pexip Infinity

Name of the Vulnerable Software and Affected Versions: Pexip Infinity versions prior to 27.3 Description: The issue allows remote attackers to trigger a software abort via One Touch Join. Recommendations: For versions prior to 27.3, update to version 27.3 or later to resolve the issue...

PT-2022-18703 · Pexip · Pexip Infinity

Name of the Vulnerable Software and Affected Versions: Pexip Infinity versions prior to 27.3 Description: The issue allows remote attackers to trigger a software abort via Epic Telehealth. Recommendations: For versions prior to 27.3, update to version 27.3 or later to resolve the issue...

Popular NFT Marketplace Phished for $540M

Axie Infinity, a popular destination for 3 million traders of in-game collectible non-fungible tokens, reportedly lost $540M in cryptocurrency in a recruiting-themed spear phishing attack. The perpetrators of the crime are believed to be an advanced persistent threat group with ties to North...

Hackers Used Fake Job Offer to Hack and Steal $540 Million from Axie Infinity

The $540 million hack of Axie Infinity's Ronin Bridge in late March 2022 was the consequence of one of its former employees getting tricked by a fraudulent job offer on LinkedIn, it has emerged. According to a report from The Block published last week citing two people familiar with the matter, a...

Issues beyond expected behavior.

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. function unstakeuint256 amount external override nonReentrant whenNotPaused requireamount != 0, 'stake amount cant be 0'; uint256 noVesting = userstakedAmountsmsg.senderDuration.NONE.amount; uint256...

Check Point Response to CVE-2022-21449 - Java "Psychic Signatures"

Symptoms - On April 20, 2022, security researcher Neil Madden published a blog post in which he provided details about a newly disclosed vulnerability in Java, CVE-2022-21449 or "Psychic Signatures". This security vulnerability originates in an incorrect implementation of the ECDSA signature...

Lazarus Group Behind $540 Million Axie Infinity Crypto Hack and Attacks on Chemical Sector

The U.S. Treasury Department has implicated the North Korea-backed Lazarus Group aka Hidden Cobra in the theft of $540 million from video game Axie Infinity's Ronin Network last month. On Thursday, the Treasury tied the Ethereum wallet address that received the stolen digital currency to the thre...

infinity-best.com Cross Site Scripting vulnerability OBB-2510195

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Check Point Response to Spring Vulnerabilities CVE-2022-22963, CVE-2022-22946, CVE-2022-22947, CVE-2022-22965 (Spring4Shell), CVE-2022-22950

Solution On March 29, 2022, new CVEs were published on Spring Cloud: CVE-2022-22963, CVE-2022-22946, CVE-2022-22947, and CVE-2022-22950. On March 31, 2022, a bypass to the fix for CVE-2010-1622 was published by Praetorian, and received the nickname "Spring4Shell" see Spring Core on JDK9+ is...

$625m Stolen From Ronin Network – The Blockchain Behind Axie Infinity Game

By Waqas The company is collaborating with the law enforcement agency to recover 173,600 ETH and 25.5 million USDC USD… This is a post from HackRead.com Read the original post: $625m Stolen From Ronin Network - The Blockchain Behind Axie Infinity Game...

Pexip Infinity Trust Management Issue Vulnerability

Pexip Infinity Pexip Video Conferencing Cloud Collaboration Platform is a video conferencing cloud collaboration platform from the Norwegian company Pexip. The product provides high quality and secure cloud conferencing capabilities.A security vulnerability exists in versions of Pexip Infinity...

Pexip Infinity has an unspecified vulnerability (CNVD-2022-20148)

Pexip Infinity Pexip Video Conferencing Cloud Collaboration Platform is a video conferencing cloud collaboration platform from the Norwegian company Pexip. The product provides high quality and secure cloud conferencing capabilities.A security vulnerability exists in versions of Pexip Infinity...

Pexip Infinity licensing issue vulnerability

Pexip Infinity is a cloud collaboration platform for video conferencing from Pexip, a Norwegian company. A security vulnerability exists in Pexip Infinity Connect versions prior to 1.8.0, which stems from the omission of certain resource provisioning authenticity checks. An attacker could exploit...

CVE-2021-29656

Pexip Infinity Connect before 1.8.0 mishandles TLS certificate validation. The allow list is not properly checked...

CVE-2022-23228

Pexip Infinity before 27.0 has improper WebRTC input validation. An unauthenticated remote attacker can use excessive resources, temporarily causing denial of service...

CVE-2021-29656

Pexip Infinity Connect before 1.8.0 mishandles TLS certificate validation. The allow list is not properly checked...

CVE-2022-23228

Pexip Infinity before 27.0 has improper WebRTC input validation. An unauthenticated remote attacker can use excessive resources, temporarily causing denial of service...

CVE-2022-23228

Pexip Infinity before 27.0 has improper WebRTC input validation. An unauthenticated remote attacker can use excessive resources, temporarily causing denial of service...

CVE-2021-29655

Pexip Infinity Connect before 1.8.0 omits certain provisioning authenticity checks. Thus, untrusted code may execute...