Aggregator

A vulnerability classified as critical was found in Linux Kernel up to 5.15.70/5.19.11/6.0. This vulnerability affects the function __qlt_24xx_handle_abts of the component qla2xxx. The manipulation leads to memory leak. This vulnerability was named CVE-2022-48650. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Logpoint up to 7.3.x. It has been rated as problematic. This issue affects some unknown processing of the component Shared Widgets. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2024-30176. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in ViewerJS 0.5.8. It has been rated as problematic. This issue affects some unknown processing of the component URL TAG Handler. The manipulation leads to open redirect. The identification of this vulnerability is CVE-2024-25676. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in HDF5 up to 1.14.3. Affected is the function H5Z__nbit_decompress_one_byte of the file H5Znbit.c. The manipulation leads to heap-based buffer overflow. This vulnerability is traded as CVE-2024-32615. Access to the local network is required for this attack. There is no exploit available.

A vulnerability was found in Nuki Bridge up to 1.8.0/1.9.1. It has been rated as critical. This issue affects some unknown processing of the component JTAG. The manipulation leads to missing authentication. The identification of this vulnerability is CVE-2022-32503. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oxygen XML Web Author and Content Fusion. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-25662. The attack can be launched remotely. There is no exploit available.

AuditForge AuditForge (PwnDoc fork) is a pentest reporting application making it simple and easy to write your findings and generate a customizable Docx report. The main goal is to have more time to search...

The post auditforge: A pentest reporting application appeared first on Penetration Testing Tools.

What is Acra Acra helps you easily secure your databases in distributed, microservice-rich environments. It allows you to selectively encrypt sensitive records with strong multi-layer cryptography, detect potential intrusions and SQL injections and cryptographically compartmentalize...

The post Acra: database protection suite appeared first on Penetration Testing Tools.

Dr. Memory: the memory debugger Dr. Memory is a memory monitoring tool capable of identifying memory-related programming errors such as accesses of uninitialized memory, accesses to unaddressable memory (including outside of allocated heap units...

The post drmemory: Memory Debugger for Windows, Linux, Mac, and Android appeared first on Penetration Testing Tools.

NSFOCUS Showcases Two Groundbreaking Topics at SAS 2024: An In-Depth Analysis of the DarkCasino APT Group and the Evolution of New Botnets. SANTA CLARA, Calif., October 30, 2024 – The 17th Security Analyst Summit (SAS), a premier global event focused on cybersecurity, recently concluded in Bali, Indonesia, where NSFOCUS was invited to participate. As the […]

The post NSFOCUS Showcases Two Groundbreaking Topics at SAS 2024 appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

The post NSFOCUS Showcases Two Groundbreaking Topics at SAS 2024 appeared first on Security Boulevard.

A vulnerability classified as critical has been found in Cisco Video Surveillance Manager. This affects an unknown part. The manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2013-3429. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle Database Server 10.1.0.3 and classified as critical. This issue affects some unknown processing of the file sys.dbms_cdc_ipublish.create_scn_change_set. The manipulation of the argument CHANGE_SET_NAME leads to sql injection. The identification of this vulnerability is CVE-2005-1197. The attack may be initiated remotely. There is no exploit available.

由清华大学网络科学与网络空间研究院、奇安信集团、蚂蚁集团、广东联通、百度安全、赛尔网络、北京航空航天大学国家卓越工程师学院主办，复旦大学计算机科学技术学院、西安交通大学、腾讯安全应急响应中心、北京蓝莲

The post How Security Automation Platforms Streamline SOC Operations appeared first on AI-enhanced Security Automation.

The post How Security Automation Platforms Streamline SOC Operations appeared first on Security Boulevard.

複数のFortinet製品に関する脆弱性（悪用あり）が公開されています。対象となる製品およびバージョンは多岐にわたります。この問題は、当該製品を修正済みのバージョンに更新することで解決します。詳細は開発者が提供する情報を参照してください。

Normalyze’s AI-Powered DSPM Technology Boosts Proofpoint’s Data Visibility, Control
Proofpoint will acquire DSPM startup Normalyze to strengthen its data security offerings across cloud, SaaS and hybrid environments. The company aims to give security teams enhanced visibility, control and human-centric risk reduction for sensitive data across complex infrastructures.

Foreign Minister Tajani Condemns Conspiracy as 'Threat to Democracy'
The foreign minister of Italy condemned Monday as a threat to democracy the private investigation firm that prosecutors in Milan say illegally accessed government databases for years to assemble illicit dossiers. Four individuals are under house arrest.

Foreign Influence Campaigns Intensify as Experts Tout Election Security Upgrades
More than 50 million votes have already been cast in the 2024 United States presidential elections, but new reports indicate the cyber and physical threats continue to escalate - with potential implications that could extend well beyond Election Day.

Scaling Business Often a Challenge in the Country, Experts Told Lawmakers
Dependence on foreign capital in the United Kingdom for investments into artificial intelligence will stymie British technological progress, a parliamentary committee heard Tuesday. An absence of capital makes it hard for British firms to scale operations, said Michael Holmes, CEO at Scale Space