all InfoSec news
CVE-2023-31190 (dronescout_ds230_firmware)
July 11, 2023, 9:15 a.m. |
National Vulnerability Database web.nvd.nist.gov
Specifically, the firmware update procedure ignores and does not check the validity of the TLS certificate of the HTTPS endpoint from which the firmware update package (.tar.bz2 file) is downloaded.
An attacker with the ability to put himself in a Man-in-the-Middle situation (e.g., DNS poisoning, ARP poisoning, control of a node on the route to the endpoint, etc.) can trick …
authentication bluemark innovations certificate check cve dronescout dronescout ds230 ds230 endpoint file firmware firmware update https innovations package procedure tar tls update vulnerability
More from web.nvd.nist.gov / National Vulnerability Database
CVE-2023-45955 (lightstrip_firmware)
5 months, 3 weeks ago |
web.nvd.nist.gov
CVE-2023-21380 (android)
5 months, 4 weeks ago |
web.nvd.nist.gov
CVE-2023-21381 (android)
5 months, 4 weeks ago |
web.nvd.nist.gov
CVE-2023-21385 (android)
5 months, 4 weeks ago |
web.nvd.nist.gov
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Cybersecurity Engineer
@ Booz Allen Hamilton | USA, VA, Arlington (1550 Crystal Dr Suite 300) non-client
Invoice Compliance Reviewer
@ AC Disaster Consulting | Fort Myers, Florida, United States - Remote
Technical Program Manager II - Compliance
@ Microsoft | Redmond, Washington, United States
Head of U.S. Threat Intelligence / Senior Manager for Threat Intelligence
@ Moonshot | Washington, District of Columbia, United States
Customer Engineer, Security, Public Sector
@ Google | Virginia, USA; Illinois, USA