Aggregator

A vulnerability was found in Sharp NEC Display Solutions NP-CB4500UL, NP-CB4500WL, NP-CB4700UL, NP-P525UL, NP-P525UL+, NP-P525ULG, NP-P525ULJL, NP-P525WL, NP-P525WL+, NP-P525WLG, NP-P525WLJL, NP-CG6500UL, NP-CG6500WL, NP-CG6700UL, NP-P605UL, NP-P605UL+, NP-P605ULG, NP-P605ULJL, NP-CA4120X, NP-CA4160W, NP-CA4160X, NP-CA4200U, NP-CA4200W, NP-CA4202W, NP-CA4260X, NP-CA4300X, NP-CA4355X, NP-CD2100U, NP-CD2120X, NP-CD2300X, NP-CR2100X, NP-CR2170W, NP-CR2170X, NP-CR2200U, NP-CR2200W, NP-CR2280X, NP-CR2310X, NP-CR2350X, NP-MC302XG, NP-MC332WG, NP-MC332WJL, NP-MC342XG, NP-MC372X, NP-MC372XG, NP-MC382W, NP-MC382WG, NP-MC422XG, NP-ME342UG, NP-ME372W, NP-ME372WG, NP-ME372WJL, NP-ME382U, NP-ME382UG, NP-ME382UJL, NP-ME402X, NP-ME402XG, NP-ME402XJL, NP-CB4500XL, NP-CG6400UL, NP-CG6400WL, NP-CG6500XL, NP-PE455UL, NP-PE455ULG, NP-PE455WL, NP-PE455WLG, NP-PE505XLG, NP-CB4600U, NP-CF6600U, NP-P474U, NP-P554U, NP-P554U+, NP-P554UG, NP-P554UJL, NP-CG6600UL, NP-P547UL, NP-P547ULG, NP-P547ULJL, NP-P607UL+, NP-P627UL, NP-P627UL+, NP-P627ULG, NP-P627ULJL, NP-PV710UL-B, NP-PV710UL-B1, NP-PV710UL-W, NP-PV710UL-W+, NP-PV710UL-W1, NP-PV730UL-BJL, NP-PV730UL-WJL, NP-PV800UL-B, NP-PV800UL-B+, NP-PV800UL-B1, NP-PV800UL-BJL, NP-PV800UL-W, NP-PV800UL-W+, NP-PV800UL-W1, NP-PV800UL-WJL, NP-CA4200X, NP-CA4265X and NP-CA4300U and classified as problematic. Affected by this issue is some unknown functionality of the component SNMP Service. The manipulation leads to inclusion of undocumented features or chicken bits. This vulnerability is handled as CVE-2024-7011. The attack can only be done within the local network. There is no exploit available.

A vulnerability has been found in GitLab Enterprise Edition up to 17.2.7/17.3.3/17.4.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Private Project Handler. The manipulation leads to incorrect provision of specified functionality. This vulnerability is known as CVE-2024-8974. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in GitLab Enterprise Edition up to 17.2.7/17.3.3/17.4.0. Affected is an unknown function. The manipulation leads to escaping of output. This vulnerability is traded as CVE-2024-4099. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in OpenPrinting libcupsfilters up to 2.1b1. This issue affects the function cfGetPrinterAttributes5 of the component IPP Attribute Handler. The manipulation leads to improper input validation. The identification of this vulnerability is CVE-2024-47076. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in projectworlds Online Voting System 1.0. This vulnerability affects unknown code of the file voter.php. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-45986. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in OpenPrinting cups-filters up to 2.0.1. This affects an unknown part of the component PPD File Handler. The manipulation of the argument FoomaticRIPCommandLine leads to command injection. This vulnerability is uniquely identified as CVE-2024-47177. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in OpenPrinting libppd up to 2.1b1. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to buffer overflow. This vulnerability is handled as CVE-2024-47175. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in OpenPrinting cups-browsed 2.0.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component CUPS Service. The manipulation leads to binding to an unrestricted ip address. This vulnerability is known as CVE-2024-47176. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Microsoft Windows 10/11/Server 2016/Server 2019/Server 2022. It has been classified as critical. Affected is an unknown function of the component Drive Remapping. The manipulation leads to untrusted search path. This vulnerability is traded as CVE-2024-6769. Attacking locally is a requirement. There is no exploit available.

# Exploit Title: Reflected XSS in Elaine's Realtime CRM Automation v6.18.17# Date: 09/2024# Exploi

ABB Cylon Aspect 3.07.00 (networkDiagAjax.php) Remote Code ExecutionVendor: ABB Ltd.Product web pa

Artificial intelligence (AI) is emerging as a top concern in the cybersecurity world, with 48% of respondents identifying it as the most significant security risk facing their organizations, according to a HackerOne survey of 500 security professionals.

The post Security Professionals Cite AI as Top Security Risk appeared first on Security Boulevard.

ABB Cylon Aspect 3.07.01 (config.inc.php) Hard-coded Credentials in phpMyAdminVendor: ABB Ltd.Prod

California court refuses to dismiss computer crime charges against an entity that analyzed Hunter Biden’s laptop.

The post The Return of the Laptop From Hell appeared first on Security Boulevard.

俄罗斯数字通信部披露，Google 已在俄罗斯境内限制创建新账户。当地电信运营商报告，Google 向俄罗斯用户发送的短信数量大幅减少。短信在新账号创建时被用于验证。现有用户的短信双因素认证仍然有效，俄罗斯数字通信部警告，未来这项服务也可能终止，它建议用户备份数据，切换到其它身份验证方法，或者切换到国内的服务。俄罗斯用户本月初报告了无法通过俄罗斯电话号码注册 Google 新账号的问题。

These last two days, a lot has been talked about a "Doomsday 9.9 RCE bug'" in Linux [1]. We now hav

Tosint is an open-source Telegram OSINT tool that extracts useful information from Telegram bots and channels. It’s suited for security researchers, investigators, and others who want to gather insights from Telegram sources. Several law enforcement agencies utilize Tosint to gather intelligence and monitor cybercriminal activities. “I created Tosint to analyze and track cybercriminals, particularly those involved in phishing attacks. As head of threat intelligence at D3Lab, I counter phishing for various Italian and international banks … More →

The post Tosint: Open-source Telegram OSINT tool appeared first on Help Net Security.

But as we start delegating LLMs and LAMs the authority to act on our behalf (our personal avatars), we create a true data privacy nightmare.

The post How the Promise of AI Will Be a Nightmare for Data Privacy appeared first on Security Boulevard.

戳我立即查看