Security
Headlines
HeadlinesLatestCVEs

Tag

#nokia

CVE-2023-41354: 中華電信 NOKIA G-040W-Q - Exposure of Sensitive Information

Chunghwa Telecom NOKIA G-040W-Q Firewall function does not block ICMP TIMESTAMP requests by default, an unauthenticated remote attacker can exploit this vulnerability by sending a crafted package, resulting in partially sensitive information exposed to an actor.

CVE
Open in Source
#vulnerability#nokia#auth
CVE-2023-41350: 中華電信 NOKIA G-040W-Q Excessive Authentication Attempts

Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient measures to prevent multiple failed authentication attempts. An unauthenticated remote attacker can execute a crafted Javascript to expose captcha in page, making it very easy for bots to bypass the captcha check and more susceptible to brute force attacks.

CVE-2023-35684: Android Security Bulletin—September 2023

In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to an integer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21267: Android Security Bulletin—August 2023

In doKeyguardLocked of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-40359: XTERM - Change Log

xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters (i.e., neither alphanumeric nor underscore), aka a pointer/overflow issue.

SSH Remains Most Targeted Service in Cado’s Cloud Threat Report

By Waqas Cado Security Labs' 2023 Cloud Threat Findings Report dives deep into the world of cybercrime, cyberattacks, and vulnerabilities. This is a post from HackRead.com Read the original post: SSH Remains Most Targeted Service in Cado’s Cloud Threat Report

Dark.IoT & Custom Botnets Exploit Zyxel Flaw in DDoS Attacks

By Waqas The DDoS attacks have been observed in various regions, including Central America, North America, East Asia, and South Asia. This is a post from HackRead.com Read the original post: Dark.IoT & Custom Botnets Exploit Zyxel Flaw in DDoS Attacks

CVE-2023-21260: Android Automotive OS Update Bulletin—July 2023

In notification access permission dialog box, malicious application can embedded a very long service label that overflow the original user prompt and possibly contains mis-leading information to be appeared as a system message for user confirmation.

CVE-2023-21256: Android Security Bulletin—July 2023

In SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities via Settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

DDoS Attacks Soar by 168% on Government Services, StormWall Warns

By Waqas The telecommunications sector also faced a significant onslaught in Q2 2023, becoming the second most targeted industry with an 83% YoY increase in DDoS attacks. This is a post from HackRead.com Read the original post: DDoS Attacks Soar by 168% on Government Services, StormWall Warns