#git

Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function sub_90998.

By Habiba Rashid Cryptocurrency firms, including FTX, BlockFi, and Genesis, have contacted victims of data breaches caused by a sim-swapping attack… This is a post from HackRead.com Read the original post: Kroll SIM-Swapping Attack Causes Data Breach at 3 Top Crypto Firms

Sliver from v1.5.x to v1.5.39 has an improper cryptographic implementation, which allows attackers to execute a man-in-the-middle attack via intercepted and crafted responses.

Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks via ‘sqoop import --connect’, obtain airflow server permissions, etc. The attacker needs to be logged in and have authorization (permissions) to create/edit connections. It is recommended to upgrade to a version that is not affected. This issue was reported independently by happyhacking-k, And Xie Jianming and LiuHui of Caiji Sec Team also reported it.

Deserialization of Untrusted Data, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Software Foundation Apache Airflow Spark Provider. When the Apache Spark provider is installed on an Airflow deployment, an Airflow user that is authorized to configure Spark hooks can effectively run arbitrary code on the Airflow node by pointing it at a malicious Spark server. Prior to version 4.1.3, this was not called out in the documentation explicitly, so it is possible that administrators provided authorizations to configure Spark hooks without taking this into account. We recommend administrators to review their configurations to make sure the authorization to configure Spark hooks is only provided to fully trusted users. To view the warning in the docs please visit  https://airflow.apache.org/docs/apache-airflow-providers-apache-spark/4.1.3/connections/spark.html

Improper Authorization of Index Containing Sensitive Information in GitHub repository omeka/omeka-s prior to 4.0.4.

Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.4.

The sabotage of more than 20 trains in Poland by apparent supporters of Russia was carried out with a simple “radio-stop” command anyone could broadcast with $30 in equipment.

By Waqas In today’s digitized landscape, where technology connects us in ways we couldn’t have imagined just a few decades… This is a post from HackRead.com Read the original post: Defying the Dark Arts: Strategies for Countering Cyber Threats

By Waqas In today’s rapidly evolving technological landscape, virtualization has emerged as a cornerstone of modern IT infrastructure. As businesses… This is a post from HackRead.com Read the original post: Efficiency in a Virtualized World: A Deep Dive into Modern IT