#ios

There is a denial of service vulnerability in the Wi-Fi module of the HUAWEI WS7100-20 Smart WiFi Router.Successful exploit could cause a denial of service (DoS) condition.

This is what happens when a CISO gets tired of reacting to attacks and goes on the offensive.

authentik is an open-source Identity provider focused on flexibility and versatility. In versions prior to 2022.10.4, and 2022.11.4, any authenticated user can create an arbitrary number of accounts through the default flows. This would circumvent any policy in a situation where it is undesirable for users to create new accounts by themselves. This may also affect other applications as these new basic accounts would exist throughout the SSO infrastructure. By default the newly created accounts cannot be logged into as no password reset exists by default. However password resets are likely to be enabled by most installations. This vulnerability pertains to the user context used in the default-user-settings-flow, /api/v3/flows/instances/default-user-settings-flow/execute/. This issue has been fixed in versions 2022.10.4 and 2022.11.4.

Digital transformation initiatives are challenging because IT still has to make sure performance doesn't suffer by making applications available from anywhere.

A vulnerability classified as problematic was found in Nagios NCPA. This vulnerability affects unknown code of the file agent/listener/templates/tail.html. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 2.4.0 is able to address this issue. The name of the patch is 5abbcd7aa26e0fc815e6b2b0ffe1c15ef3e8fab5. It is recommended to upgrade the affected component. VDB-216874 is the identifier assigned to this vulnerability.

An issue was discovered in illumos before f859e7171bb5db34321e45585839c6c3200ebb90, OmniOS Community Edition r151038, OpenIndiana Hipster 2021.04, and SmartOS 20210923. A local unprivileged user can cause a deadlock and kernel panic via crafted rename and rmdir calls on tmpfs filesystems. Oracle Solaris 10 and 11 is also affected.

In Directus before 9.7.0, the default settings of CORS_ORIGIN and CORS_ENABLED are true.

Categories: News Tags: security vulnerabilities Tags: cryptocurrency Tags: lock and code Tags: SevenRooms Tags: adult popunder Tags: ad fraud Tags: AV-TEST Tags: Gemini Tags: cryptocurrency Tags: Play ransomware Tags: ransomware Tags: blocking IP addresses Tags: BEC scam Tags: BEC Tags: Bricklink Tags: Lego Tags: Netflix Tags: Disney+ Tags: password sharing Tags: The Guardian Tags: ransomware attack Tags: Godfather malware Tags: Godfather Tags: Android banking malware The most interesting security related news from the week of December 19 to 25. (Read more...) The post A week in security (December 19 - 25) appeared first on Malwarebytes Labs.

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX pfcdd kernel extension to cause a denial of service. IBM X-Force ID: 239170.

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX perfstat kernel extension to cause a denial of service. IBM X-Force ID: 239169.