Vulnerabilities

Vulnerabilities

Issued by: Security Week

The research, named Project Memoria, was conducted by enterprise device security firm Forescout in collaboration with others. It resulted in the discovery of the vulnerabilities tracked as Ripple20, AMNESIA:33, NUMBER:JACK, NAME:WRECK, INFRA:HALT, and NUCLEUS:13. TCP/IP stacks are leveraged by a wide range of devices for communication, including medical products, industrial control systems (ICS), printers, and…

Vulnerabilities

Issued by: Security Week

The most severe of the two bugs is CVE-2021-22955, a critical security hole that could lead to a DoS condition on appliances that have been configured as a VPN (Gateway) or AAA virtual server. The security flaw was identified in Citrix Application Delivery Controller (ADC, formerly NetScaler ADC), and Gateway (formerly NetScaler Gateway). Tracked as…

Vulnerabilities

Issued by: Security Week

Collectively referred to as NUCLEUS:13, the issues likely affect safety-critical devices, such as anesthesia machines, patient monitors and other types of devices used in healthcare. Other types of operational technology (OT) systems are also impacted. The most important of the newly identified issues is CVE-2021-31886 (CVSS score of 9.8), a stack-based buffer overflow that exists…

Vulnerabilities

Issued by: Security Week

Tracked as CVE-2021-30892 and named “Shrootless” by Microsoft, the vulnerability exists in the method used to install Apple-signed packages with post-install scripts. To successfully exploit the vulnerability, an attacker needs to create a specially crafted file that would allow them to hijack the installation process of said packages. Apple introduced SIP in macOS Yosemite to…

Vulnerabilities

Issued by: Security Week

The security holes, identified by a researcher who uses the online moniker “kimiya,” were discovered in the Tellus Lite V-Simulator and V-Server Lite products, which are used worldwide to remotely monitor and operate factories. Versions prior to 4.0.12.0 are affected. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday published an advisory to inform…

Vulnerabilities

Issued by: Security Week

The API allows add-ons to control the manner in which the browser connects to the Internet, and some extensions were found to abuse this. Specifically, the manner in which the offending add-ons interacted with the API prevented users from accessing updated blocklists, from downloading updates, and from updating content remotely configured. According to Mozilla, a…

Vulnerabilities

Issued by: Security Week

Specifically, a user could deposit a specific amount to the Polygon Plasma Bridge, withdraw the entire sum, and then submit the same withdrawal transaction an additional 223 times, each time receiving the full amount. Basically, one could deposit $1 million and withdraw $224 million. With the DepositManager for the Plasma Bridge holding roughly $850 million…