Yokogawa Electric 信任管理问题漏洞

Yokogawa Electric is a server of Yokogawa Electric Yokogawa, a Japanese company. A security vulnerability exists in Yokogawa Electric. The vulnerability stems from Yokogawa Electric not changing the internal Windows account password from the initial configuration. The following products and...

CVE-2022-26314

A vulnerability has been identified in Mendix Forgot Password Appstore module All versions = V3.3.0 V3.5.1, Mendix Forgot Password Appstore module Mendix 7 compatible All versions V3.2.2. Initial passwords are generated in an insecure manner. This could allow an unauthenticated remote attacker to...

CVE-2022-26314

A vulnerability has been identified in Mendix Forgot Password Appstore module All versions = V3.3.0 V3.5.1, Mendix Forgot Password Appstore module Mendix 7 compatible All versions V3.2.2. Initial passwords are generated in an insecure manner. This could allow an unauthenticated remote attacker to...

DEBIAN-CVE-2021-23214

When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption...

AZL-8973 CVE-2021-23214 affecting package postgresql for versions less than 14.2-1

When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption...

DEBIAN-CVE-2021-23222

A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption...

Second New 'IsaacWiper' Data Wiper Targets Ukraine After Russian Invasion

A new data wiper malware has been observed deployed against an unnamed Ukrainian government network, a day after destructive cyber attacks struck multiple entities in the country preceding the start of Russia's military invasion. Slovak cybersecurity firm ESET dubbed the new malware "IsaacWiper,"...

Iranian state-sponsored APT group MuddyWater targeting organizations via malicious executables

THREAT LEVEL: Red. United States Cyber Command USCYBERCOM has warned of an ongoing cyber attack by Iranian state sponsored actor named as MuddyWater. This APT group is currently targeting Middle Eastern countries and has also targeted European and North American nations. The Iranian-backed...

Lexmark 授权问题漏洞

Lexmark is a family of printers in the United States. An authorization issue vulnerability exists in Lexmark devices, which arises from the product's initial administrative account setup wizard allowing an unauthenticated user's access to the out-of-service erase function...

CVE-2022-23134

After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend...

CVE-2022-23134

After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend...

CVE-2022-23134

After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend...

Zabbix 授权问题漏洞

Zabbix is an open source monitoring system from Zabbix. The system supports network monitoring, server monitoring, cloud monitoring, and application monitoring. Zabbix suffers from an authorization issue vulnerability that stems from the fact that after the initial setup process, certain steps in...

Who is the Network Access Broker ‘Wazawaka?’

In a great many ransomware attacks, the criminals who pillage the victims network are not the same crooks who gained the initial access to the victim organization. More commonly, the infected PC or stolen VPN credentials the gang used to break in were purchased from a cybercriminal middleman know...

CVE-2021-43055

The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains an easily exploitable vulnerability that allows clients to inherit the permissions of the client that initially connected on the affected...

‘Fully Undetected’ SysJoker Backdoor Malware Targets Windows, Linux & macOS

A brand-new multiplatform malware, likely distributed via malicious npm packages, is spreading under the radar with Linux and Mac versions going fully undetected in VirusTotal, researchers warned. The Windows version, according to a Tuesday writeup from Intezer, has only six detections as of this...

How to test an application without Citrix Virtual Apps using RDP Initial App

Sometimes an application does not work as desired when published as an application through Citrix Virtual Apps. In the diagnostic process, you might be asked to test the application without Citrix as an RDP Initial App...

CVE-2021-45488

In NetBSD through 9.2, there is an information leak in the TCP ISN ISS generation algorithm...

NetBSD 安全特征问题漏洞

NetBSD is an open source Unix-like operating system from the NetBSD Foundation. NetBSD suffers from a security signature issue vulnerability that stems from an information leak in the TCP ISN ISS generation algorithm in NetBSD through 9.2...

PT-2021-24252 · Netbsd · Netbsd

Name of the Vulnerable Software and Affected Versions: NetBSD versions prior to 9.3 Description: The issue is related to an information leak in the TCP ISN ISS generation algorithm. This leak may potentially allow attackers to gather sensitive information. Recommendations: For versions prior to...