Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

CVE-2023-20076: Cisco Security Advisory: Cisco IOx Application Hosting Environment Command Injection Vulnerability

A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system. This vulnerability is due to incomplete sanitization of parameters that are passed in for activation of an application. An attacker could exploit this vulnerability by deploying and activating an application in the Cisco IOx application hosting environment with a crafted activation payload file. A successful exploit could allow the attacker to execute arbitrary commands as root on the underlying host operating system.

CVE
Open in Source
#vulnerability#web#ios#cisco#perl#auth
CVE-2022-43779: AMI UEFI Firmware December 2022 Security Update (TOCTOU)

A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS) which might allow arbitrary code execution, denial of service, and information disclosure. AMI has released updates to mitigate the potential vulnerability.

CVE-2022-34377: DSA-2022-204: Dell PowerEdge Improper SMM Communication Buffer Verification Vulnerability

Dell PowerEdge BIOS contains an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

Attacker Allure: A Look at the Super Bowl's Operational Cyber-Risks

Event organizers should be exercising various cyberattack scenarios to ensure they have the proper checks and balances in place to respond accordingly and maintain resilience.

CVE-2022-24410: DSA-2022-325: Dell Client Security Update for Dell Client BIOS

Dell BIOS contains an information exposure vulnerability. An unauthenticated local attacker with physical access to the system and knowledge of the system configuration could potentially exploit this vulnerability to read system information via debug interfaces.

4 Ways to Handle AI Decision-Making in Cybersecurity

As evolving cyber threats force security teams to adopt AI to automate workflows, we ask how the relationship between humans and AI will pan out.

Weee! Grocery Service Hacked, 1.1m Accounts Leaked

By Habiba Rashid The stolen Weee! database has been leaked on the infamous BreachForums and Russian-speaking cybercrime forums. This is a post from HackRead.com Read the original post: Weee! Grocery Service Hacked, 1.1m Accounts Leaked

Lessons From the Cold War: How Quality Trumps Quantity in Cybersecurity

High-quality tools and standards remain critical components in cybersecurity efforts even as budgets decline. It's important that staff knows response procedures and their roles, and also communicates well.

Critical Infrastructure at Risk from New Vulnerabilities Found in Wireless IIoT Devices

A set of 38 security vulnerabilities has been uncovered in wireless industrial internet of things (IIoT) devices from four different vendors that could pose a significant attack surface for threat actors looking to exploit operational technology (OT) environments. "Threat actors can exploit vulnerabilities in Wireless IIoT devices to gain initial access to internal OT networks," Israeli