Aggregator

A vulnerability was found in Notification for Telegram Plugin up to 3.3.1 on WordPress. It has been classified as critical. Affected is an unknown function of the component Test Message Handler. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2024-9685. It is possible to launch the attack remotely. There is no exploit available.

HiddenLayer launched several new features to its AISec Platform and Model Scanner, designed to enhance risk detection, scalability, and operational control for enterprises deploying AI at scale. As the pace of AI adoption accelerates, so do the threats targeting these systems, necessitating security measures that stay ahead of increasingly sophisticated adversaries. These updates to HiddenLayer’s platform allow organizations to deploy AI models more securely across diverse environments while mitigating critical risks. “It’s vital that security … More →

The post HiddenLayer enhances risk detection for enterprise AI models appeared first on Help Net Security.

A vulnerability was found in TRtek Software Distant Education Platform and classified as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2024-9286. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Adobe Substance3D Stager up to 3.0.3 and classified as critical. This vulnerability affects unknown code. The manipulation leads to out-of-bounds write. This vulnerability was named CVE-2024-45152. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Adobe Substance3D Stager up to 3.0.3. This affects an unknown part. The manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2024-45144. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Adobe Substance3D Stager up to 3.0.3. Affected by this issue is some unknown functionality. The manipulation leads to heap-based buffer overflow. This vulnerability is handled as CVE-2024-45143. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Adobe Substance3D Stager up to 3.0.3. Affected by this vulnerability is an unknown functionality. The manipulation leads to out-of-bounds write. This vulnerability is known as CVE-2024-45141. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Adobe Substance3D Stager up to 3.0.3. Affected is an unknown function. The manipulation leads to write-what-where condition. This vulnerability is traded as CVE-2024-45142. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Substance3D Stager up to 3.0.3. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to out-of-bounds write. The identification of this vulnerability is CVE-2024-45140. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Substance3D Stager up to 3.0.3. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to heap-based buffer overflow. This vulnerability was named CVE-2024-45139. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Firefox up to 131.0.1. It has been classified as critical. This affects an unknown part of the component Animation Timeline Handler. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2024-9680. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle Data Integrator 11.1.1.9.0/12.2.1.3.0. It has been rated as critical. Affected by this issue is some unknown functionality of the component Jave APIs. The manipulation leads to data processing error. This vulnerability is handled as CVE-2016-2510. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Discord has been suddenly blocked in Russia and Turkey since yesterday due to illegal activity residing on the platform, leaving legitimate users in those countries unable to visit the website or connect to the service. [...]

Threat actors with ties to North Korea have been observed targeting job seekers in the tech industry to deliver updated versions of known malware families tracked as BeaverTail and InvisibleFerret. The activity cluster, tracked as CL-STA-0240, is part of a campaign dubbed Contagious Interview that Palo Alto Networks Unit 42 first disclosed in November 2023. "The threat actor behind CL-STA-0240

Netwrix released a new version of Netwrix Threat Manager. The upgrade expands the product’s capabilities to the cloud environment of Microsoft Entra ID (formerly Azure AD) in addition to on-premises instances of Active Directory (AD). Now, real-time alerting to suspicious activities and automated response to reduce damage is available for on-premises, cloud, and hybrid IT infrastructures. “Based on our beta testing, the added coverage of Entra ID in Netwrix Threat Manager 3.0 shows the real … More →

The post Netwrix Threat Manager 3.0 prevents improper changes in Microsoft Entra ID appeared first on Help Net Security.

Новый виток в противостоянии злоумышленников и Microsoft.

A vulnerability classified as problematic has been found in Jtekt Electronics GC-A22W-CW, GC-A24W-C(W), GC-A26W-C(W), GC-A24, GC-A24-M, GC-A25, GC-A26, GC-A26-J2, GC-A27-C and GC-A28-C. This affects an unknown part of the component Packets Handler. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2023-49140. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Elecom WRC-X3000GSN, WRC-X3000GS and WRC-X3000GSA. Affected is an unknown function of the component Request Handler. The manipulation leads to os command injection. This vulnerability is traded as CVE-2023-49695. The attack needs to be done within the local network. There is no exploit available.

A vulnerability was found in Common Services soliberte Module on PrestaShop. It has been classified as problematic. This affects an unknown part of the file functions/point_list.php. The manipulation of the argument lat/lng leads to information disclosure. This vulnerability is uniquely identified as CVE-2023-40921. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.