Aggregator

error code: 521

A vulnerability classified as critical has been found in Mutt up to 2.2.2. Affected is the function uudecoder. The manipulation leads to buffer overflow. This vulnerability is traded as CVE-2022-1328. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mutt and NeoMutt. It has been rated as problematic. Affected by this issue is some unknown functionality of the file imap/util.c of the component QRESYNC. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2021-32055. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in DedeCMS 5.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /src/dede/makehtml_js_action.php. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2024-3145. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as problematic has been found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/makehtml_rss_action.php. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2024-3146. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as problematic was found in DedeCMS 5.7. This vulnerability affects unknown code of the file /src/dede/makehtml_map.php. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2024-3147. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, has been found in DedeCMS 5.7.112. This issue affects some unknown processing of the file dede/makehtml_archives_action.php. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2024-3148. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in Mutt and NeoMutt. This affects an unknown part of the component STARTTLS Handler. The manipulation as part of Response leads to injection. This vulnerability is uniquely identified as CVE-2020-14954. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Working in Open-Source Intelligence: Get Paid for Something You Do Every Day
Open-source intelligence, commonly referred to as OSINT, is the collection, analysis and use of publicly available information from open sources. These sources include websites, social media, news articles, public records, forums and even multimedia content such as videos and photos.

Hackers Repeatedly Compromised GoDaddy's Web Hosting Environment
Internet registrar and web host GoDaddy agreed to two decades worth of third-party assessments over its cybersecurity practices in a settlement with the U.S. FTC. GoDaddy in February 2023 attributed a run of hacking incidents that began in 2019 to a "sophisticated threat actor group."

Cases are Latest in a Spate of HIPAA Settlements As Biden Administration Wraps Up
A medical supply firm will pay $3 million to settle issues found by a HIPAA investigation into a breach. Also, a public health system will pay $60,000 to resolve a right-of-access dispute. The cases are among the latest in a spate of HIPAA enforcement actions as the Biden administration wraps up.

US Cyber Defense Agency Was Not Initially Aware Hackers Were Part of Salt Typhoon
The U.S. federal government's first hint that Chinese hackers penetrated American telecommunications infrastructure came from telemetry on government networks, said Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency.

Hackers Exploit Malicious Macros in Diplomatic Documents to Target Asian Nations
Hackers possibly from the Russian Main Intelligence Directorate have been spying on neighboring government of Kazakhstan using legitimate documents that have been booby-trapped with malicious macros. The latest campaign, dubbed "Double-Tap," emerged in October 2024.

Working in Open-Source Intelligence: Get Paid for Something You Do Every Day
Open-source intelligence, commonly referred to as OSINT, is the collection, analysis and use of publicly available information from open sources. These sources include websites, social media, news articles, public records, forums and even multimedia content such as videos and photos.

Hackers Repeatedly Compromised GoDaddy's Web Hosting Environment
Internet registrar and web host GoDaddy agreed to two decades worth of third-party assessments over its cybersecurity practices in a settlement with the U.S. FTC. GoDaddy in February 2023 attributed a run of hacking incidents that began in 2019 to a "sophisticated threat actor group."

Cases are Latest in a Spate of HIPAA Settlements As Biden Administration Wraps Up
A medical supply firm will pay $3 million to settle issues found by a HIPAA investigation into a breach. Also, a public health system will pay $60,000 to resolve a right-of-access dispute. The cases are among the latest in a spate of HIPAA enforcement actions as the Biden administration wraps up.

US Cyber Defense Agency Was Not Initially Aware Hackers Were Part of Salt Typhoon
The U.S. federal government's first hint that Chinese hackers penetrated American telecommunications infrastructure came from telemetry on government networks, said Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency.

Hackers Exploit Malicious Macros in Diplomatic Documents to Target Asian Nations
Hackers possibly from the Russian Main Intelligence Directorate have been spying on neighboring government of Kazakhstan using legitimate documents that have been booby-trapped with malicious macros. The latest campaign, dubbed "Double-Tap," emerged in October 2024.

中国科学院信息工程研究所“ddddns”战队的解题报告。