Aggregator

A vulnerability, which was classified as critical, was found in Kamailio up to 4.3.4. This affects the function encode_msg of the file encode_msg.c of the component SEAS Module. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2016-2385. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Details have emerged about multiple security vulnerabilities in two implementations of the Manufacturing Message Specification (MMS) protocol that, if successfully exploited, could have severe impacts in industrial environments. "The vulnerabilities could allow an attacker to crash an industrial device or in some cases, enable remote code execution," Claroty researchers Mashav Sapir and Vera

On October 10, 2024, Microsoft released its latest round of security updates as part of the monthly Patch Tuesday. This month’s update addresses a total of 118 vulnerabilities, including five zero-days, two of which are actively being exploited. These vulnerabilities impact various Microsoft products, making it crucial for organizations to apply patches promptly and review any mitigations or workarounds.  Let’s ... Read More

The post Microsoft’s October 2024 Patch Tuesday: Addressing 5 Zero-Days and 118 Vulnerabilities appeared first on Nuspire.

The post Microsoft’s October 2024 Patch Tuesday: Addressing 5 Zero-Days and 118 Vulnerabilities appeared first on Security Boulevard.

New BeaverTail malware targets tech job seekers via fake recruiters on LinkedIn and X

A vulnerability was found in OkHttp up to 2.7.3/3.1.1. It has been declared as critical. This vulnerability affects unknown code of the component Certificate Handler. The manipulation leads to improper certificate validation. This vulnerability was named CVE-2016-2402. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

An international law enforcement operation led to the arrest of one of the three administrators of the dual dark web market 'Bohemia/Cannabia,' known for hosting ads for drug sales and distributed denial of service (DDoS) attacks. [...]

A vulnerability, which was classified as critical, was found in Progress Telerik Reporting up to 18.2.24.806. This affects an unknown part. The manipulation leads to use of externally-controlled input to select classes or code. This vulnerability is uniquely identified as CVE-2024-8048. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Progress Telerik Reporting up to 18.2.24.806. Affected by this issue is some unknown functionality of the component Hyperlink Handler. The manipulation leads to command injection. This vulnerability is handled as CVE-2024-7840. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

At Seceon’s 2024 Innovation and Certification Days, we had the privilege of hearing from one of our valued partners, Keith Johnson, Executive Vice President of Obviam. Keith shared his journey in cybersecurity and explained why Seceon’s aiXDR platform is the solution of choice for his MSP and MSSP clients. His insights were not only valuable

The post Partner Spotlight: Why Obviam Chose Seceon for AI-Driven XDR appeared first on Seceon Inc.

The post Partner Spotlight: Why Obviam Chose Seceon for AI-Driven XDR appeared first on Security Boulevard.

A vulnerability classified as problematic was found in Progress Telerik Report Server up to 10.2.24.709. Affected by this vulnerability is an unknown functionality. The manipulation leads to weak password requirements. This vulnerability is known as CVE-2024-7293. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Progress Telerik Report Server up to 10.2.24.709. Affected is an unknown function. The manipulation leads to improper restriction of excessive authentication attempts. This vulnerability is traded as CVE-2024-7292. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Progress Telerik Reporting up to 18.2.24.806. It has been rated as very critical. This issue affects some unknown processing. The manipulation leads to use of externally-controlled input to select classes or code. The identification of this vulnerability is CVE-2024-8014. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Progress Telerik Report Server up to 10.2.24.709. It has been declared as problematic. This vulnerability affects unknown code of the component HTTP Handler. The manipulation leads to resource consumption. This vulnerability was named CVE-2024-7294. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe InDesign Desktop up to 18.5.3/19.4. It has been classified as problematic. This affects an unknown part. The manipulation leads to unrestricted upload. This vulnerability is uniquely identified as CVE-2024-45137. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe InCopy up to 18.5.3/19.4 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to unrestricted upload. This vulnerability is handled as CVE-2024-45136. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Progress Telerik Reporting up to 10.2.24.806 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to use of externally-controlled input to select classes or code. This vulnerability is known as CVE-2024-8015. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Adobe Framemaker up to 2020.6/2022.4. Affected is an unknown function of the component File Handler. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2024-47421. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in PHPGurukul Hospital Management System 4.0. This issue affects some unknown processing of the file doctor/add-patient.php. The manipulation of the argument patname/pataddress leads to cross site scripting. The identification of this vulnerability is CVE-2024-46237. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in Adobe Framemaker up to 2020.6/2022.4. This vulnerability affects unknown code. The manipulation leads to integer underflow. This vulnerability was named CVE-2024-47425. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

WordPress 开源项目联合创始人 Matt Mullenweg 在声称属于其个人的网站 WordPress.org 的登陆页面专门加入了一个选项“I am not affiliated with WP Engine in any way, financially or otherwise”，要求用户声明与 WP Engine 没有任何关系。Matt Mullenweg 旗下的 WordPress.com 与 WP Engine 存在竞争关系，最近几周他与 WP Engine 的关系因其搭便车或其它原因而愈发紧张，双方都向对方提起了诉讼。而在 WordPress 的 Slack 频道，那些频繁就此问题质疑他的人则被他封禁了。