Aggregator

CVE-2024-50084 | Linux Kernel up to 6.6.57/6.11.4 vcap_api_encode_rule_test use after free (20b5342de51b/170792097bb2/217a3d98d1e9 / Nessus ID 213018)

Vuldb Updates
3 months 4 weeks ago
A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.6.57/6.11.4. This impacts the function vcap_api_encode_rule_test. The manipulation leads to use after free. This vulnerability is traded as CVE-2024-50084. Access to the local network is required for this attack to succeed. There is no exploit available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2024-50083 | Linux Kernel up to 5.10.227/5.15.168/6.1.113/6.6.57/6.11.4 request_sock_subflow_v4 net/mptcp/protocol.c denial of service (Nessus ID 212953 / WID-SEC-2024-3289)

Vuldb Updates
3 months 4 weeks ago
A vulnerability, which was classified as critical, was found in Linux Kernel up to 5.10.227/5.15.168/6.1.113/6.6.57/6.11.4. Affected is an unknown function of the file net/mptcp/protocol.c of the component request_sock_subflow_v4. The manipulation results in denial of service. This vulnerability is known as CVE-2024-50083. Access to the local network is required for this attack. No exploit is available. You should upgrade the affected component.
vuldb.com

Warlock Ransomware Exploiting SharePoint Vulnerabilities to Gain Access and Steal Credentials

Cyber Security News
3 months 4 weeks ago

In recent weeks, the cybersecurity community has witnessed the rapid emergence of Warlock, a novel ransomware strain that weaponizes unpatched Microsoft SharePoint servers to infiltrate enterprise networks. Initial analysis reveals that threat actors exploit publicly exposed SharePoint instances via specially crafted HTTP POST requests, deploying web shells that grant remote code execution within the target […]

The post Warlock Ransomware Exploiting SharePoint Vulnerabilities to Gain Access and Steal Credentials appeared first on Cyber Security News.

Tushar Subhra Dutta

Internet Archive Abused for Hosting Stealthy JScript Loader Malware

Cyber Security News
3 months 4 weeks ago

Security researchers have uncovered a novel malware delivery chain in recent weeks that leverages the Internet Archive’s legitimate infrastructure to host obfuscated payloads. The attack begins with a seemingly innocuous JScript file delivered via malspam, which in turn invokes a PowerShell loader. This PowerShell script reaches out to the Internet Archive (archive.org) to retrieve a […]

The post Internet Archive Abused for Hosting Stealthy JScript Loader Malware appeared first on Cyber Security News.

Tushar Subhra Dutta

Mozilla High Severity Vulnerabilities Enables Remote Code Execution

Cyber Security News
3 months 4 weeks ago

Mozilla has released Firefox 142 to address multiple high-severity security vulnerabilities that could allow attackers to execute arbitrary code remotely on affected systems.  The security advisory, published on August 19, 2025, reveals nine distinct vulnerabilities ranging from sandbox escapes to memory safety bugs, with several classified as high-impact threats capable of enabling remote code execution […]

The post Mozilla High Severity Vulnerabilities Enables Remote Code Execution appeared first on Cyber Security News.

Florence Nightingale

微软表示正在调查与安全更新相关的硬盘故障问题

Solidot
3 months 4 weeks ago
本周早些时候有报道称,日本用户报告微软最近释出的 Windows 11 24H2 安全更新 KB5063878 会导致硬盘出现问题,故障可能会在在硬盘连续写入超过 50GB 数据时发生。目前微软官方并没有标记 KB5063878 存在该问题。微软发言人在一份声明中表示,它已经收到了相关投诉,正与合作伙伴一起展开调查。SSD 控制器制造商群联电子(Phison) 也表示正在调查该问题。

CVE-2024-27349 | Apache HugeGraph-Server up to 1.2.x RESTful-API authentication spoofing (EUVD-2024-1128)

Vuldb Updates
3 months 4 weeks ago
A vulnerability identified as critical has been detected in Apache HugeGraph-Server up to 1.2.x. The impacted element is an unknown function of the component RESTful-API. This manipulation causes authentication bypass by spoofing. This vulnerability is tracked as CVE-2024-27349. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.
vuldb.com

CVE-2024-32741 | Siemens SIMATIC CN 4100 up to 2.x GRUB hard-coded password (ssa-273900)

Vuldb Updates
3 months 4 weeks ago
A vulnerability was found in Siemens SIMATIC CN 4100 up to 2.x. It has been declared as critical. This impacts an unknown function of the component GRUB. Executing manipulation can lead to use of hard-coded password. This vulnerability is registered as CVE-2024-32741. The attack needs to be launched locally. No exploit is available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-8023 | Mattermost up to 9.11.17/10.5.8/10.8.3/10.9.2 path traversal (EUVD-2025-25412 / WID-SEC-2025-1625)

Vuldb Updates
3 months 4 weeks ago
A vulnerability labeled as critical has been found in Mattermost up to 9.11.17/10.5.8/10.8.3/10.9.2. This issue affects some unknown processing. Such manipulation leads to path traversal. This vulnerability is listed as CVE-2025-8023. The attack may be performed from a remote location. There is no available exploit. The affected component should be upgraded.
vuldb.com

FBI Warns Russian State Hackers Targeting Critical Infrastructure Networking Devices

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
3 months 4 weeks ago

The Federal Bureau of Investigation (FBI) has issued a stark warning to the public, private sector, and international partners regarding persistent cyber threats from actors affiliated with the Russian Federal Security Service’s (FSB) Center 16. This unit, recognized in cybersecurity circles under monikers such as “Berserk Bear” and “Dragonfly,” has been actively exploiting vulnerabilities in […]

The post FBI Warns Russian State Hackers Targeting Critical Infrastructure Networking Devices appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

Managed ad