Aggregator

CVE-2025-36186 | IBM DB2/DB2 Connect Server up to 12.1.3 Configuration unnecessary privileges (EUVD-2025-38305)

VulDB Recent Entries
3 months ago
A vulnerability described as critical has been identified in IBM DB2 and DB2 Connect Server up to 12.1.3. This impacts an unknown function of the component Configuration Handler. The manipulation results in execution with unnecessary privileges. This vulnerability is known as CVE-2025-36186. Attacking locally is a requirement. No exploit is available. Upgrading the affected component is recommended.
vuldb.com

CVE-2024-47118 | IBM DB2/DB2 Connect Server up to 10.5.11/11.1.4.7/11.5.9/12.1.3 stack-based overflow

VulDB Recent Entries
3 months ago
A vulnerability marked as critical has been reported in IBM DB2 and DB2 Connect Server up to 10.5.11/11.1.4.7/11.5.9/12.1.3. This affects an unknown function. The manipulation leads to stack-based buffer overflow. This vulnerability is traded as CVE-2024-47118. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2025-33012 | IBM DB2 up to 10.5.11/11.1.4.7/11.5.9/12.1.3 a key past its expiration date

VulDB Recent Entries
3 months ago
A vulnerability labeled as critical has been found in IBM DB2 up to 10.5.11/11.1.4.7/11.5.9/12.1.3. The impacted element is an unknown function. Executing manipulation can lead to use of a key past its expiration date. This vulnerability appears as CVE-2025-33012. The attack may be performed from remote. There is no available exploit. The affected component should be upgraded.
vuldb.com

CVE-2025-2534 | IBM DB2/DB2 Connect Server up to 11.1.4.7/11.5.9/12.1.3 memory allocation

VulDB Recent Entries
3 months ago
A vulnerability identified as problematic has been detected in IBM DB2 and DB2 Connect Server up to 11.1.4.7/11.5.9/12.1.3. The affected element is an unknown function. Performing manipulation results in uncontrolled memory allocation. This vulnerability is reported as CVE-2025-2534. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.
vuldb.com

CVE-2025-36008 | IBM DB2/DB2 Connect Server up to 11.5.9/12.1.3 allocation of resources

VulDB Recent Entries
3 months ago
A vulnerability categorized as critical has been discovered in IBM DB2 and DB2 Connect Server up to 11.5.9/12.1.3. Impacted is an unknown function. Such manipulation leads to allocation of resources. This vulnerability is documented as CVE-2025-36008. The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2025-36006 | IBM DB2/DB2 Connect Server up to 10.5.11/11.1.4.7/11.5.9/12.1.3 denial of service

VulDB Recent Entries
3 months ago
A vulnerability was found in IBM DB2 and DB2 Connect Server up to 10.5.11/11.1.4.7/11.5.9/12.1.3. It has been rated as problematic. This issue affects some unknown processing. This manipulation causes denial of service. This vulnerability is registered as CVE-2025-36006. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.
vuldb.com

Honeypot: Requests for (Code) Repositories, (Sat, Nov 8th)

不安全
3 months ago
好的,我现在需要帮用户总结一篇文章的内容,控制在100字以内。首先,我得仔细阅读用户提供的文章内容。 文章的作者是Didier Stevens,他提到在自己的honeypot(蜜罐)上发现了针对代码仓库的请求。具体来说,攻击者试图访问一些特定的文件和目录,比如.git/logs/refs/remotes/origin/main、.github/dependabot.yml等等。这些请求可能来自试图获取敏感信息或进行攻击的人。 用户的要求是用中文总结,不超过100字,并且不需要特定的开头。所以我要抓住重点:honeypot检测到针对代码仓库的恶意请求,提醒用户注意在线发布的内容安全。 接下来,我需要将这些信息浓缩成简洁的句子。确保涵盖主要点:honeypot、恶意请求、代码仓库、敏感文件、提醒安全。 最后检查字数,确保在限制内,并且表达清晰。 作者报告其蜜罐检测到针对代码仓库的恶意请求,涉及.git、.github、.gitlab等目录及文件,提醒用户注意在线发布内容的安全性。

New “LANDFALL” Android Malware Uses Samsung 0-Day Vulnerability Hidden in WhatsApp Images

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
3 months ago

Cybersecurity researchers at Unit 42 have uncovered a sophisticated Android spyware campaign that exploited a previously unknown zero-day vulnerability in Samsung Galaxy devices. The malware, dubbed LANDFALL, leveraged a critical vulnerability in Samsung’s image processing library to deliver commercial-grade surveillance capabilities through maliciously crafted image files sent via WhatsApp. The LANDFALL campaign exploited CVE-2025-21042, a […]

The post New “LANDFALL” Android Malware Uses Samsung 0-Day Vulnerability Hidden in WhatsApp Images appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Mayura Kathir

New Microsoft Teams Feature Exposes Users to Phishing and Malware Risks

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
3 months ago

Microsoft is poised to roll out a significant update to Teams, enabling users to initiate chats with anyone using just an email address even if the recipient isn’t a Teams user. While the feature, launching in targeted releases by early November 2025 and globally by January 2026, promises expanded connectivity across Android, desktop, iOS, Linux, […]

The post New Microsoft Teams Feature Exposes Users to Phishing and Malware Risks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Mayura Kathir

James D. Watson 去世,享年 97 岁

Solidot
3 months ago
与 Francis Crick 共同发现 DNA 双螺旋结构并因此获得 1962 年诺贝尔生理学或医学奖的分子生物学家 James D. Watson 去世,享年 97 岁,其子 Duncan 称父亲本周因感染去医院接受治疗,之后转入了临终关怀中心,周四在纽约长岛的临终关怀中心去世。DNA 双螺旋结构被认为是科学史上最重要的发现之一,但也陷入了盗用 Rosalind Elsie Franklin 的 DNA 晶体衍射图片的争议。

Managed ad