Aggregator

CVE-2017-14227 | MongoDB libbson 1.7.0 bson-iter.c bson_utf8_validate length memory corruption (FEDORA-2017-7edc2ea787 / Nessus ID 103547)

Vuldb Updates
3 months 1 week ago
A vulnerability was found in MongoDB libbson 1.7.0 and classified as critical. Impacted is the function bson_utf8_validate of the file bson-iter.c. The manipulation of the argument length as part of Argument results in memory corruption. This vulnerability is known as CVE-2017-14227. It is possible to launch the attack remotely. No exploit is available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2018-16790 | libbson 1.12.0 bson-iter.c _bson_iter_next_internal memory corruption (FEDORA-2018-77d864ff39 / Nessus ID 117814)

Vuldb Updates
3 months 1 week ago
A vulnerability was found in libbson 1.12.0. It has been declared as critical. This vulnerability affects the function _bson_iter_next_internal of the file bson-iter.c. Executing manipulation can lead to memory corruption. This vulnerability appears as CVE-2018-16790. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.
vuldb.com

CVE-2019-15790 | Apport on Ubuntu /proc/pid get_pid_info unnecessary privileges (Bug 172858)

Vuldb Updates
3 months 1 week ago
A vulnerability classified as problematic was found in Apport on Ubuntu. This affects the function get_pid_info of the file /proc/pid. Executing manipulation can lead to execution with unnecessary privileges. This vulnerability is registered as CVE-2019-15790. The attack needs to be launched locally. Furthermore, an exploit is available. Upgrading the affected component is advised.
vuldb.com

CVE-2020-15702 | Apport toctou

Vuldb Updates
3 months 1 week ago
A vulnerability classified as problematic was found in Apport. This affects an unknown part. The manipulation results in time-of-check time-of-use. This vulnerability was named CVE-2020-15702. The attack needs to be approached locally. There is no available exploit. Upgrading the affected component is advised.
vuldb.com

CVE-2015-1318 | Apport up to 2.17.0 Crash Reporter usr/share/apport/apport access control (USN-2569-1 / EDB-36746)

Vuldb Updates
3 months 1 week ago
A vulnerability, which was classified as problematic, has been found in Apport up to 2.17.0. This issue affects some unknown processing of the file usr/share/apport/apport of the component Crash Reporter. This manipulation causes improper access controls. This vulnerability appears as CVE-2015-1318. The attack requires local access. In addition, an exploit is available. It is advisable to upgrade the affected component.
vuldb.com

New TruffleNet BEC Campaign Leverages AWS SES Using Stolen Credentials to Compromise 800+ Hosts

Cyber Security News
3 months 1 week ago

Identity compromise has become one of the most significant threats facing cloud infrastructure, particularly when attackers gain access to legitimate credentials. These valid access keys enable adversaries to bypass traditional security defenses, creating opportunities for widespread exploitation. Amazon Web Services environments have witnessed a surge in such attacks, with the Simple Email Service emerging as […]

The post New TruffleNet BEC Campaign Leverages AWS SES Using Stolen Credentials to Compromise 800+ Hosts appeared first on Cyber Security News.

Tushar Subhra Dutta

Defense in Depth for AI: The MCP Security Architecture You’re Missing

Security Boulevard
3 months 1 week ago

As AI agents become integral to cloud native applications, the Model Context Protocol (MCP) has emerged as a leading standard for enabling these agents to interact with external tools and data sources. But with this new architectural pattern comes a critical security challenge: MCP-based systems require protection at three distinct layers, not just one. The..

The post Defense in Depth for AI: The MCP Security Architecture You’re Missing appeared first on Security Boulevard.

Sudeep Goswami

Synthetic Identity Theft in 2025: How Digital Identity Intelligence Detects Fraud That Doesn’t Exist

Security Boulevard
3 months 1 week ago

Synthetic identity theft — where criminals combine real and fabricated data to create entirely new “people” — is one of the fastest-growing forms of digital fraud. Unlike traditional identity theft, which steals from real individuals, synthetic identity fraud manufactures fake identities that appear legitimate to verification systems. This sophisticated type of fraud is costing organizations …

The post Synthetic Identity Theft in 2025: How Digital Identity Intelligence Detects Fraud That Doesn’t Exist appeared first on Security Boulevard.

Jason Wagner

CVE-2025-53476 | OpenPLC v3 a931181e8b81e36fadf7b74d5cba99b73c3f6d58 TCP Connection missing release of file descriptor or handle after effective lifetime (TALOS-2025-2223 / EUVD-2025-32061)

Vuldb Updates
3 months 1 week ago
A vulnerability labeled as problematic has been found in OpenPLC v3 a931181e8b81e36fadf7b74d5cba99b73c3f6d58. The impacted element is an unknown function of the component TCP Connection Handler. Executing manipulation can lead to missing release of file descriptor or handle after effective lifetime. This vulnerability is registered as CVE-2025-53476. It is possible to launch the attack remotely. No exploit is available.
vuldb.com

CVE-2025-54399 | Planet WGR-500 1.3411b190912 formPingCmd ipaddr stack-based overflow (TALOS-2025-2226 / EUVD-2025-32069)

Vuldb Updates
3 months 1 week ago
A vulnerability has been found in Planet WGR-500 1.3411b190912 and classified as critical. Affected by this vulnerability is the function formPingCmd. Performing manipulation of the argument ipaddr results in stack-based buffer overflow. This vulnerability was named CVE-2025-54399. The attack may be initiated remotely. There is no available exploit.
vuldb.com

Managed ad