Aggregator

A vulnerability was found in Linux Kernel up to 6.10.6. It has been declared as problematic. Affected by this vulnerability is the function xhci_mem_clearup of the component usb. The manipulation leads to allocation of resources. This vulnerability is known as CVE-2024-45027. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.10.9. It has been declared as critical. Affected by this vulnerability is the function raw_copy_to_user/raw_copy_from_user. The manipulation leads to memory corruption. This vulnerability is known as CVE-2024-46792. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.10.4. It has been rated as critical. This issue affects the function preempt_fence_work_func. The manipulation leads to deadlock. The identification of this vulnerability is CVE-2024-44956. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Ivanti Connect Secure up to 22.7R2.2. Affected is an unknown function of the component IPsec. The manipulation leads to heap-based buffer overflow. This vulnerability is traded as CVE-2024-37377. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Ivanti Connect Secure up to 22.7R2.0. Affected by this vulnerability is an unknown functionality of the component IPsec. The manipulation leads to out-of-bounds read. This vulnerability is known as CVE-2024-37401. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Russian cyberspies Gamaredon has been discovered using two Android spyware families named 'BoneSpy' and 'PlainGnome' to spy on and steal data from mobile devices. [...]

Russian cyberspies Gamaredon has been discovered using two Android spyware families named 'BoneSpy' and 'PlainGnome' to spy on and steal data from mobile devices. [...]

A vulnerability classified as critical has been found in Oracle Financial Services Price Creation and Discovery 8.0.6/8.0.7. Affected is an unknown function of the component User Interface. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2020-11022. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in WsMp3 Daemon 0.0.8/0.0.9/0.0.10. It has been classified as critical. Affected is an unknown function of the component HTTP Request Handler. The manipulation as part of GET/POST Request leads to path traversal. This vulnerability is traded as CVE-2003-0338. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

crymore is Allegedly Selling Access to an Unidentified Bangaldesh Educational Organization

Новый инструмент в поисках неуловимой тёмной материи.

A Threat Actor Claims to have Leaked the Data of Grandbetting Online Casino Platform

In this episode, Paul Asadoorian, Alec Summers, and Lisa Olson discuss the 25th anniversary of the CVE program, its evolution, and the importance of transparency in vulnerability management. They explore the history of CVE, the process of creating CVE records, and the role of CNAs in ensuring accountability. The conversation also addresses challenges related to […]

The post BTS #43 - CVE Turns 25 appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.

The post BTS #43 – CVE Turns 25 appeared first on Security Boulevard.

What happens when passion, talent, and opportunity collide in the university’s tech scene? Meet David Nathanson and Daniel Garay, the freshmen duo who took the University of Richmond’s Capture the Flag (CTF) competition by storm. With David bringing his coding journey from Nicaragua and Daniel harnessing his self-taught skills in AI and machine learning, they… Continue reading Podcast Episode 21: Interview with the University of Richmond’s CTF Winning Team

The post Podcast Episode 21: Interview with the University of Richmond’s CTF Winning Team appeared first on Assura, Inc..

The post Podcast Episode 21: Interview with the University of Richmond’s CTF Winning Team appeared first on Security Boulevard.

A vulnerability has been found in Linux Kernel up to 6.10.4 and classified as critical. Affected by this vulnerability is the function notify_handler. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2024-44937. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.6.50/6.10.9. This affects the function pm8001_phy_control of the component pm80xx. The manipulation leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2024-47666. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.