Aggregator

HELLCAT is Allegedly Selling the Data of The Knesset

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.10.13/6.11.2. Affected is the function alloc_flex_gd of the file fs/ext4/resize.c of the component ext4. The manipulation leads to off-by-one. This vulnerability is traded as CVE-2024-49880. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.10.13/6.11.2. It has been rated as critical. Affected by this issue is the function lpfc_sli_flush_io_rings of the component scsi. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2024-49891. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Zyloware Eyewear Has Been Claimed a Victim to BLACK SUIT Ransomware

Windows内核流服务本地权限提升漏洞(CVE-2024-30090)

Authors/Presenters:Michelle Eggers

Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their timely DEF CON 32 erudite content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 32 – AppSec Village – The Immortal Retrofuturism of Mainframes and How to Keep Them Safe appeared first on Security Boulevard.

A vulnerability, which was classified as critical, has been found in Open-Xchange Server 6.20.7/6.22.0/6.22.1. This issue affects some unknown processing. The manipulation of the argument location leads to code injection. The identification of this vulnerability is CVE-2013-1647. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

联合国最新估计预测全球人口将于 2084 年达到 103 亿的峰值。维也纳的 International Institute for Applied Systems Analysis 预测人口将于 2080 年达到 101 亿的峰值，西雅图的 Institute of Health Metrics and Evaluation 预测 2064 年达到 97 亿的峰值。然而现实中的人口出生率比悲观的估计还要差。举例来说，五年前联合国预测到 2023 年韩国新生儿数量 35 万，但实际只有 23 万。哥伦比亚 2023 年出生了 51 万名婴儿，五年内下降 22%，比联合国的预测低 30%。出生率快速下降的通常是富裕发达国家，然而如今很多发展中国家的出生率比发达国家还低。去年墨西哥出生率首次低于美国。研究人员因此估计，全球人口可能会在 2054 年达到 90 亿左右的峰值，比联合国的预测早 30 年。此外目前没有观察到出生率会反弹的迹象。

A vulnerability was found in SAP SAPCAR. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Permission Handler. The manipulation as part of File Archive leads to improper access controls. This vulnerability is known as CVE-2016-5847. Local access is required to approach this attack. Furthermore, there is an exploit available.

Keep your organization safe and drive real business impact with better situational awareness, threat monitoring, and communication As a student of protection history and former counter-terrorism special agent who investigated countless embassy bombings, kidnappings, hijackings, and assassinations, I know all too well that the threat landscape has always been dynamic. It ebbs and flows, primarily…

The post How to Elevate Your GSOC’s Impact in a World of Rising Threats appeared first on Ontic.

The post How to Elevate Your GSOC’s Impact in a World of Rising Threats appeared first on Security Boulevard.

A vulnerability classified as critical was found in Linux Kernel up to 5.15.81/6.0.11. This vulnerability affects the function nvme_ns_head_submit_bio. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2022-49003. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.11.3 and classified as critical. Affected by this issue is the function send_recv. The manipulation leads to use after free. This vulnerability is handled as CVE-2024-50030. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 5.15.81/6.0.11. This affects an unknown part. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2022-49004. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.0.11. This affects the function snd_soc_put_volsw_sx of the component ASoC. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2022-49005. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Umbraco CMS up to 14.2.x. It has been rated as critical. This issue affects some unknown processing of the component Webhook API. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2024-48925. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in PHPGurukul Medical Card Generation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/card-bwdates-reports-details.php of the component Report of Medical Card Page. The manipulation of the argument fromdate/todate leads to sql injection. This vulnerability is known as CVE-2024-10296. The attack can be launched remotely. Furthermore, there is an exploit available.