all InfoSec news
LG LED Assistant v2.1.65 Multiple Vulnerabilities
March 28, 2024, 8:22 p.m. | Jimi Sebree
Tenable Research Advisories www.tenable.com
Multiple vulnerabilities exist in LG LED Assistant v2.1.65.
Each issue has been assigned a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
CVE-2024-2862 - Unauthenticated Password Reset
The endpoint handler for /api/changePw in Common.js allows an unauthenticated remote attacker to change the application password without knowing the current one. The handler allows this if it determines the password changing request is coming the local host. The remote attacker can make the request to appear coming from the local …
More from www.tenable.com / Tenable Research Advisories
Approach.App Multiple Vulnerabilities
1 week, 6 days ago |
www.tenable.com
Path Traversal Affecting Multiple CData Products
3 weeks, 6 days ago |
www.tenable.com
Arcserve Unified Data Protection 9.2 Multiple Vulnerabilities
1 month, 2 weeks ago |
www.tenable.com
Jobs in InfoSec / Cybersecurity
Social Engineer For Reverse Engineering Exploit Study
@ Independent study | Remote
Information Security Specialist, Sr. (Container Hardening)
@ Rackner | San Antonio, TX
Principal Security Researcher (Advanced Threat Prevention)
@ Palo Alto Networks | Santa Clara, CA, United States
EWT Infosec | IAM Technical Security Consultant - Manager
@ KPMG India | Bengaluru, Karnataka, India
Security Engineering Operations Manager
@ Gusto | San Francisco, CA; Denver, CO; Remote
Network Threat Detection Engineer
@ Meta | Denver, CO | Reston, VA | Menlo Park, CA | Washington, DC