#nokia

Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient measures to prevent multiple failed authentication attempts. An unauthenticated remote attacker can execute a crafted Javascript to expose captcha in page, making it very easy for bots to bypass the captcha check and more susceptible to brute force attacks.

In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to an integer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In doKeyguardLocked of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters (i.e., neither alphanumeric nor underscore), aka a pointer/overflow issue.

By Waqas Cado Security Labs' 2023 Cloud Threat Findings Report dives deep into the world of cybercrime, cyberattacks, and vulnerabilities. This is a post from HackRead.com Read the original post: SSH Remains Most Targeted Service in Cado’s Cloud Threat Report

By Waqas The DDoS attacks have been observed in various regions, including Central America, North America, East Asia, and South Asia. This is a post from HackRead.com Read the original post: Dark.IoT & Custom Botnets Exploit Zyxel Flaw in DDoS Attacks

In notification access permission dialog box, malicious application can embedded a very long service label that overflow the original user prompt and possibly contains mis-leading information to be appeared as a system message for user confirmation.

In SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities via Settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

By Waqas The telecommunications sector also faced a significant onslaught in Q2 2023, becoming the second most targeted industry with an 83% YoY increase in DDoS attacks. This is a post from HackRead.com Read the original post: DDoS Attacks Soar by 168% on Government Services, StormWall Warns

By Waqas Since early Monday morning, the AO3 website has been experiencing intermittent periods of going offline and coming back online. This is a post from HackRead.com Read the original post: Archive of Our Own Website Suffering Massive DDoS Attacks