CVE-2022-38788

An issue was discovered in Nokia FastMile 5G Receiver 5G14-B 1.2104.00.0281. Bluetooth on the Nokia ODU uses outdated pairing mechanisms, allowing an attacker to passively intercept a paring handshake and after offline cracking retrieve the PIN and LTK long-term key...

Authentication header is passed on by Nextcloud Server due to a vulnerable GuzzleHTTP version

None...

PT-2022-24567 · Nokia · Nokia Odu +1

Name of the Vulnerable Software and Affected Versions: Nokia FastMile 5G Receiver 5G14-B version 1.2104.00.0281 Description: An issue was discovered in the Bluetooth pairing mechanism of the Nokia ODU, which uses outdated pairing mechanisms. This allows an attacker to passively intercept a pairin...

Twitter security under scrutiny after former executive turns whistleblower

A former Twitter executive has acted as a whistleblower and alleged some serious problems. Provided these accusations are true, the disclosure shows a side of Twitter that poses a threat to its own users' personal information, to company shareholders, to national security, and to democracy...

FreeBSD 安全漏洞

FreeBSD is a set of Unix-like operating systems from the FreeBSD Foundation. A security vulnerability exists in FreeBSD. By exploiting this vulnerability, an attacker can read segments of FreeBSD's memory via outdated virtual memory mappings to obtain sensitive information...

Pycord 安全漏洞

Pycord is a modern, easy-to-use, feature-rich, asynchronous-ready API wrapper open-sourced by Pycord Development. A security vulnerability exists in Pycord versions prior to 2.0.1 that stems from allowing a user to remotely shut down a bot running on pycord by adding it to a discordant server wit...

Chainlink oracle data feed is not further validated and can return stale answer

Lines of code Vulnerability details Impact Although the protocol recognizes that Chainlink oracles can provide outdated answers, using stale answers without further validation might not be a good practice. Moreover, in the updateExchangeRate function, where the latestRoundData method is used, the...

USN-5473-1: ca-certificates update | Cloud Foundry

usn-5473-1 Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.50 version of the Mozilla certificate authority...

PT-2022-4536 · Unknown · Prestashop

Name of the Vulnerable Software and Affected Versions: PrestaShop versions 1.6.0.10 through 1.7.x before 1.7.8.2 Description: The issue is related to a lack of protection against SQL injection attacks, allowing remote attackers to execute arbitrary code. This vulnerability has been exploited in t...

Warning for WordPress admins: uninstall the Modern WPBakery plugin immediately!

WordPress admins are being warned to remove a buggy plugin or risk a total site takeover. This particular threat relates to a plugin which is no longer in use: Modern WPBakery page builder addons. The vulnerability in the plugin, known as CVE-2021-24284, allows "unauthenticated arbitrary file...

Stale prices can be used by the system

Lines of code Vulnerability details updatedAt field of Chainlink's latestRoundData isn't checked, so even substantially outdated price will be used by the system. Proof of Concept Price is the only field that is read from Chainlink: function currentPriceuint256 decimals external view override...

Top Six Security Bad Habits, and How to Break Them

Cybercrime is on the rise, and attacks are getting faster, more nuanced and increasingly sophisticated. The number of cyberattack-related data breaches rose 27 percent in 2021 — an upward trend that shows no signs of slowing down. Bad security habits, such as using the same password more than onc...

Nexans FTTO GigaSwitch Outdated Components / Hardcoded Backdoor Vulnerability

Nexans FTTO GigaSwitch industrial/office switches HW version 5 suffer from having a hardcoded backdoor user and multiple outdated vulnerable software components. ======================================================================= title: Hardcoded Backdoor User and Outdated Software Components...

Nexans FTTO GigaSwitch industrial/office switches 信任管理问题漏洞

Nexans FTTO GigaSwitch industrial/office switches are a range of industrial switches from Nexans. A security vulnerability exists in Nexans FTTO GigaSwitch industrial/office switches HW version 5, which stems from the use of outdated and vulnerable software components...

Nexans FTTO GigaSwitch Outdated Components / Hardcoded Backdoor

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Hardcoded Backdoor User and Outdated Software Components product: Nexans FTTO GigaSwitch industrial/office switches HW version 5 vulnerable version: See "Vulnerable /...

Infiray IRAY-A8Z3 thermal camera 安全漏洞

The Infiray IRAY-A8Z3 thermal camera is a thermal camera from the Chinese company Infiray. A security vulnerability exists in the Infiray IRAY-A8Z3 thermal camera version 1.0.957, which originates from the use of hard-coded Web credentials, authenticated remote code execution, buffer overflow,...

Infiray IRAY-A8Z3 1.0.957 Code Execution / Overflow / Hardcoded Credentials

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: Infiray IRAY-A8Z3 thermal camera vulnerable version: V1.0.957 fixed version: None CVE number: CVE-2022-31208, CVE-2022-31209,...

Infiray IRAY-A8Z3 thermal camera 安全漏洞

The Infiray IRAY-A8Z3 thermal camera is a thermal camera from the Chinese company Infiray. A security vulnerability exists in the Infiray IRAY-A8Z3 thermal camera version 1.0.957, which originates from the use of hard-coded Web credentials, authenticated remote code execution, buffer overflow,...

Infiray IRAY-A8Z3 thermal camera 安全漏洞

The Infiray IRAY-A8Z3 thermal camera is a thermal camera from the Chinese company Infiray. A security vulnerability exists in the Infiray IRAY-A8Z3 thermal camera version 1.0.957, which originates from the use of hard-coded Web credentials, authenticated remote code execution, buffer overflow,...

In Cybersecurity, What You Can’t See Can Hurt You

The dangers to SMBs and businesses of all sizes from cyberattacks are well known. But what’s driving these attacks, and what do cybersecurity stakeholders need to do that they’re not already doing? To answer these questions, we recently analyzed dozens of detailed incident response IR reports fro...