Aggregator

A vulnerability was found in Oracle Sun Data Center InfiniBand Switch 36 up to 2.2.1. It has been declared as very critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to memory corruption. This vulnerability is known as CVE-2015-0235. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

新闻速览 •2024年第三季度电信服务质量通告：下架333款存在问题的不良手机应用 •《全民数字素养与技能发展 […]

信创及信创安全当前已进入快速发展和落地应用的重要阶段，无论工信主管部门还是各重要行业用户的主管单位都出台了一系 […]

Threat actors continue to probe the payments ecosystem for vulnerabilities and were successful in conducting fraud schemes affecting multiple financial institutions, technologies, and processes, according to Visa. The resurgence of physical theft Scammers are going back to basics with an increase of physical theft over the past six months, capitalizing on the window between the theft and the victim’s awareness. After a theft, the most common ways the criminals are capitalizing on their theft by … More →

The post Fraudsters revive old tactics mixed with modern technology appeared first on Help Net Security.

A vulnerability classified as critical was found in Linux Kernel up to 6.8.9. Affected by this vulnerability is the function __skb_linearize of the component tipc. The manipulation leads to memory leak. This vulnerability is known as CVE-2024-36954. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 5.4.179/5.10.100/5.15.23/5.16.9. Affected by this issue is some unknown functionality of the component qedf. The manipulation leads to improper update of reference count. This vulnerability is handled as CVE-2022-48823. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.16.5 and classified as critical. This issue affects the function pciehp_isr of the component IRQ Handler. The manipulation leads to infinite loop. The identification of this vulnerability is CVE-2021-47617. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.16.5. It has been classified as critical. This affects the function __rtnl_newlink of the component rtnetlink. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2022-48742. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 5.16.9. This issue affects the function tun_dst_unclone of the component net. The manipulation leads to memory leak. The identification of this vulnerability is CVE-2022-48809. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.8.4. It has been classified as critical. Affected is the function tcf_skbmod_dump in the library lib/iov_iter.c. The manipulation leads to stack-based buffer overflow. This vulnerability is traded as CVE-2024-35893. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.8.8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_keys.c of the component spectrum_acl_tcam. The manipulation leads to information disclosure. This vulnerability is known as CVE-2024-36007. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.12 and classified as critical. Affected by this issue is the function sdio_add_func. The manipulation leads to memory leak. This vulnerability is handled as CVE-2023-52730. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.16.16 and classified as problematic. This issue affects the function packet_recvmsg. The manipulation leads to out-of-bounds read. The identification of this vulnerability is CVE-2022-48839. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.8.8 and classified as critical. Affected by this issue is some unknown functionality in the library lib/parman.c of the component spectrum_acl_tcam. The manipulation leads to memory leak. This vulnerability is handled as CVE-2024-35853. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.8.8. Affected is an unknown function of the component spectrum_acl_tcam. The manipulation leads to use after free. This vulnerability is traded as CVE-2024-35855. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.10.201/5.15.139/6.1.63/6.5.12/6.6.2. It has been classified as critical. Affected is the function imon_context of the component media. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2023-52754. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

iniNet Solutionsが提供するSpiderControl SCADA PC HMI Editorには、パストラバーサルの脆弱性が存在します。

A vulnerability was found in Apple macOS up to 10.12.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component FontParser. The manipulation leads to memory corruption. This vulnerability is known as CVE-2017-2407. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

In this Help Net Security video, Jake King, Head of Threat & Security Intelligence at Elastic, discusses the key findings from the 2024 Elastic Global Threat Report. Adversaries are utilizing off-the-shelf tools Offensive security tools (OSTs), including Cobalt Strike and Metasploit, made up ~54% of observed malware alerts Cobalt Strike accounted for 27% of malware attacks Enterprises are misconfiguring cloud environments, allowing adversaries to thrive Nearly 47% of Microsoft Azure failures were tied to storage … More →

The post Adversarial groups adapt to exploit systems in new ways appeared first on Help Net Security.

A vulnerability was found in Asus RT-N10LX 2.0.0.39. It has been rated as problematic. Affected by this issue is the function urlFilterList. The manipulation of the argument URL Keyword List leads to cross site scripting. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is handled as CVE-2023-34941. The attack may be launched remotely. There is no exploit available.