Aggregator

via the respected Software Engineering expertise of Mikkel Noe-Nygaard and the lauded Software Engineering / Enterprise Agile Coaching work of Luxshan Ratnaravi at Comic Agilé!

Permalink

The post Comic Agilé – Mikkel Noe-Nygaard, Luxshan Ratnaravi – #308 – What Are Those? appeared first on Security Boulevard.

Google on Wednesday announced a new partnership with the Global Anti-Scam Alliance (GASA) and DNS Research Federation (DNS RF) to combat online scams. The initiative, which has been codenamed the Global Signal Exchange (GSE), is designed to create real-time insights into scams, fraud, and other forms of cybercrime pooling together threat signals from different data sources in order to create

A vulnerability was found in Yatsoft Switch Off up to 2.3. It has been classified as problematic. Affected is an unknown function in the library swnet.dll. The manipulation leads to infinite loop. This vulnerability is traded as CVE-2004-1792. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

摆渡攻击显威力

Microsoft has fixed a known issue that was causing Word to delete some Windows users' documents instead of saving them. [...]

Компания усиливает меры безопасности после атаки.

A vulnerability classified as critical has been found in Linux Kernel up to 6.1.92/6.6.32/6.8.11/6.9.2. Affected is an unknown function of the component xmit. The manipulation leads to use of uninitialized variable. This vulnerability is traded as CVE-2024-38538. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in PoDoFo 0.9.6. This issue affects the function PoDoFo::Impose::PdfTranslator::setSource of the file pdftranslator.cpp. The manipulation as part of PDF File leads to null pointer dereference. The identification of this vulnerability is CVE-2019-9199. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in PoDoFo 0.9.6. It has been classified as problematic. This affects the function PdfPagesTreeCache of the file doc/PdfPagesTreeCache.cpp. The manipulation leads to improper resource management. This vulnerability is uniquely identified as CVE-2019-10723. It is possible to launch the attack on the local host. There is no exploit available.

A vulnerability classified as problematic was found in Linux Kernel up to 6.1.63/6.5.12/6.6.2. Affected by this vulnerability is the function cifs_debug_data_proc_show of the file /proc/fs/cifs/DebugData. The manipulation leads to use after free. This vulnerability is known as CVE-2023-52752. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.5. Affected by this issue is some unknown functionality. The manipulation leads to denial of service. This vulnerability is handled as CVE-2023-52916. Access to the local network is required for this attack to succeed. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in PoDoFo 0.9.5. Affected by this issue is the function GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement of the file graphicsstack.h. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2017-6841. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in PoDoFo 0.9.4. This vulnerability affects the function PoDoFo::PdfColorGray::~PdfColorGray of the file PdfColor.cpp. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2017-6849. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in OpenSSL up to 3.3.1. It has been declared as critical. This vulnerability affects the function SSL_select_next_proto of the component Client Protocol Handler. The manipulation of the argument client/client_len leads to memory corruption. This vulnerability was named CVE-2024-5535. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Microsoft .NET, .NET Framework and Visual Studio. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to inefficient algorithmic complexity. This vulnerability is known as CVE-2024-43484. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft .NET and Visual Studio. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to inefficient algorithmic complexity. This vulnerability is handled as CVE-2024-43485. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in OWASP ModSecurity 3.0.12. It has been classified as problematic. Affected is an unknown function of the component Input Handler. The manipulation of the argument name leads to denial of service. This vulnerability is traded as CVE-2024-46292. The attack needs to be approached within the local network. Furthermore, there is an exploit available.

A vulnerability was found in libcoap up to 4.3.5-rc2 and classified as problematic. This issue affects the function coap_handle_request_put_block of the file src/coap_block.c. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2024-46304. The attack may be initiated remotely. There is no exploit available.