Expert released PoC Code Microsoft Edge Remote Code Execution flaw
Security expert published the PoC exploit code for the recently fixed critical remote code execution flaw in Edge web browser tracked as CVE-2018-8495. The October 2018 Patch Tuesday addressed 50 known vulnerabilities in Microsoft’s products, 12 of them were labeled as critical. One of the issues…
NUUO NVRmini2 and NVRsolo
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: NUUO Equipment: NVRmini2, NVRsolo Vulnerabilities: Stack-based Buffer Overflow, Leftover Debug Code 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to achieve remote code execution and user account modification….
NUUO CMS
. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: NUUO Equipment: CMS ——— Begin Update A Part 1 of 3 ——– Vulnerabilities: Use of Insufficiently Random Values, Use of Obsolete Function, Incorrect Permission Assignment for Critical Resource, Use of Hard-coded Credentials, Path Traversal, Unrestricted…
Delta Industrial Automation TPEditor
1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Low skill level to exploit Vendor: Delta Electronics Equipment: Delta Industrial Automation TPEditor Vulnerabilities: Out-of-bounds Write, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash the accessed device, resulting in a buffer overflow condition that may allow remote…
Juniper Networks has released security updates to address serious vulnerabilities affecting the Junos operating system.
This week, Juniper Networks has patched dozens of serious security provided security patches for each of them, the security advisories are available on the company website. The most severe flaw is probably the CVE-2018-0049, which could be exploited by an attacker to crash the Junos kernel by sending…
Yokogawa STARDOM Controllers (Update A)
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Yokogawa Equipment: STARDOM Controllers ——— Begin Update A Part 1 of 5 ——– Vulnerabilities: Use of Hard-coded Credentials, Session Fixation, Insufficiently Protected Credentials, Resource Exhaustion ——— End Update A Part 1 of 5 ——– 2. UPDATE…
BD Kiestra and InoquIA Systems (Update A)
1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable from adjacent network Vendor: Becton, Dickinson and Company (BD) Equipment: BD Kiestra and InoqulA systems Vulnerabilities: Product UI does not Warn User of Unsafe Actions 2. UPDATE INFORMATION This updated advisory is a follow-up to the original…
Medtronic 2090 Carelink Programmer Vulnerabilities (Update B)
1. EXECUTIVE SUMMARY CVSS v3 7.1 Vendor: Medtronic Equipment: 2090 CareLink Programmer ——— Begin Update B Part 1 of 5 ——– 29901 Encore Programmer ——— End Update B Part 1 of 5 ——– Vulnerabilities: Storing Passwords in a Recoverable Format, Relative Path Traversal, Improper Restriction of Communication Channel…
Publicly Available Tools Seen in Cyber Incidents Worldwide
Summary This report is a collaborative research effort by the cyber security authorities of five nations: Australia, Canada, New Zealand, the United Kingdom, and the United States.[1][2][3][4][5] In it we highlight the use of five publicly available tools, which have been used for malicious purposes…
Siemens SCALANCE W1750D
1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely/public exploits are available Vendor: Siemens Equipment: SCALANCE W1750D Vulnerability: Cryptographic issues 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to decrypt TLS traffic. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports the vulnerability affects the following…
Stay connected