ZDI-22-805: KeySight N6841A RF Sensor UserFirmwareRequestHandler Directory Traversal Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of KeySight N6841A RF Sensor. Authentication is not required to exploit this vulnerability....
Ransomware Roundup – 2022/05/26
FortiGuard Labs became aware of a number of new Ransomware strains for the week of May 23rd, 2022. It is imperative to raise awareness about...
USN-5450-1: Subversion vulnerabilities
Evgeny Kotkov discovered that subversion servers did not properly follow path-based authorization rules in certain cases. An attacker could potentially use this issue to retrieve...
New Linux-based ransomware targets VMware servers
Researchers at Trend Micro have discovered some new Linux-based ransomware that's being used to attack VMware ESXi servers, a bare-metal hypervisor for creating and running...
Rapidly evolving IoT malware EnemyBot now targeting Content Management System servers and Android devices
Executive summary AT&T Alien Labs™ has been tracking a new IoT botnet dubbed “EnemyBot”, which is believed to be distributed by threat actor Keksec. During...
CVE-2021-28509
This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of...
CVE-2021-28508
This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of...
CWE-69 – Improper Handling of Windows ::DATA Alternate Data Stream
Description The software does not properly prevent access to, or detect usage of, alternate data streams (ADS). An attacker can use an ADS to hide...
CWE-689 – Permission Race Condition During Resource Copy
Description The product, while copying or cloning a resource, does not set the resource's permissions or access control until the copy is complete, leaving the...