Aggregator

A vulnerability classified as critical was found in SaltStack Salt up to 3000.2. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper certificate validation. This vulnerability is known as CVE-2020-35662. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in KDE Discover up to 5.18.6/5.21.2. This issue affects some unknown processing of the file libdiscover/backends/KNSBackend/KNSResource.cpp of the component URL Handler. The manipulation leads to Privilege Escalation. The identification of this vulnerability is CVE-2021-28117. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Exiv2 0.27. Affected is the function DataBufdata. The manipulation leads to resource consumption. This vulnerability is traded as CVE-2020-18899. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability, which was classified as very critical, was found in Oracle WebCenter Sites 12.2.1.3.0/12.2.1.4.0. This affects an unknown part of the component Terracotta Quartz Scheduler. The manipulation leads to xml external entity reference. This vulnerability is uniquely identified as CVE-2019-13990. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as very critical was found in Oracle Documaker 12.6.0/12.6.1/12.6.2/12.6.3/12.6.4. Affected by this vulnerability is an unknown functionality of the component Terracotta Quartz Scheduler. The manipulation leads to xml external entity reference. This vulnerability is known as CVE-2019-13990. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in FORT Validator up to 1.5.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component X.509 EE Certificate Handler. The manipulation leads to improper certificate validation. This vulnerability is known as CVE-2021-43114. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Pillow up to 8.x. Affected is the function PIL.ImageMath.eval. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2022-22817. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Connman up to 1.40. Affected by this vulnerability is an unknown functionality of the component TCP Server Reply Handler. The manipulation leads to out-of-bounds read. This vulnerability is known as CVE-2022-23096. The attack needs to be done within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, has been found in JiraTestResultReporter Plugin up to 165.v817928553942 on Jenkins. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2022-28136. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as very critical was found in Oracle Business Intelligence Enterprise Edition 12.2.1.4.0. Affected by this vulnerability is an unknown functionality of the component Framework. The manipulation leads to xml external entity reference. This vulnerability is known as CVE-2019-13990. The attack can be launched remotely. There is no exploit available.

NIS2 is an EU cybersecurity directive that covers an incredibly broad set of services including but not limited to Energy, Transportation, Finance, Healthcare, and Digital Infrastructure. The legislation is designed to ensure that these critical services maintain a consistent set of minimum responsibilities when it comes to managing their risk and responding to security incidents. […]

The post Simplifying NIS2 Compliance with Eclypsium appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.

The post Simplifying NIS2 Compliance with Eclypsium appeared first on Security Boulevard.

A vulnerability, which was classified as critical, has been found in ibon 3.2.1. Affected by this issue is some unknown functionality of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is handled as CVE-2014-7714. The attack can only be initiated within the local network. There is no exploit available.

第11期全国体制内单位及相关专业单位开源情报能力提升培训班--开源尖兵实战训练营将于2024年11月3日在四川警察学院集结开训。

临时邮箱也被称为一次性邮箱、24小时邮箱、10分钟邮箱、可丢弃邮箱等，是一种能接收邮件的邮箱服务，它免费在线使用，并且是完全匿名和安全的。

The thieves modify transaction messages to initiate unauthorized withdrawals, even when there are insufficient funds.

A vulnerability was found in GNU C Library 2.16. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to numeric error. This vulnerability was named CVE-2012-3480. Local access is required to approach this attack. Furthermore, there is an exploit available.

Nearby Texas Tech University Health Sciences Center's IT Systems Also Still Offline
Nearly three weeks after a ransomware attack, UMC Health System has restored electronic health records, but the Texas-based public health system is still working to recover other patient care IT systems. Nearby Texas Tech University Health Sciences Center is still dealing with a related outage.

A vulnerability, which was classified as critical, has been found in Apple tvOS up to 10.2.0. This issue affects some unknown processing of the component AVEVideoEncoder. The manipulation as part of Application leads to memory corruption. The identification of this vulnerability is CVE-2017-6996. The attack needs to be approached locally. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.