Aggregator

A vulnerability was found in WAVLINK WN535K2 and WN535K3 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/touchlist_sync.cgi. The manipulation of the argument IP leads to os command injection. The identification of this vulnerability is CVE-2022-2488. Access to the local network is required for this attack to succeed. Furthermore, there is an exploit available.

A vulnerability was found in Linux Kernel up to 5.10.81/5.15.4. It has been classified as problematic. Affected is the function resp_readcap16 of the component scsi_debug. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2021-47191. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 5.15.4. This issue affects the function flow_put. The manipulation leads to allocation of resources. The identification of this vulnerability is CVE-2021-47199. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.15.148/6.1.78/6.6.17/6.7.5. It has been classified as critical. This affects the function iio_device_register_sysfs_group. The manipulation leads to memory leak. This vulnerability is uniquely identified as CVE-2023-52643. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.7.5 and classified as critical. This issue affects the function irtoy_tx of the component ir_toy. The manipulation leads to memory leak. The identification of this vulnerability is CVE-2024-26829. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.8.1. This affects the function dquot_free_inode of the component quota. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2024-26878. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.6.22/6.7.10/6.8.1. Affected is the function free_irq of the component mt7921e. The manipulation leads to use after free. This vulnerability is traded as CVE-2024-26892. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Critical Vulnerability CVE-2025-0282 in Ivanti Connect Secure Enables Remote Command Execution via Buffer Overflow

This is a current list of where and when I am scheduled to speak:I’m speaking on “AI: Tr

Chicano Federation of San Diego County Has Fallen Victim to RHYSIDA Ransomware

Authors:(1) Muhammad Zia Hydari, Katz Graduate School of Business, University of Pittsburgh and Co

Microsoft has shed light on a now-patched security flaw impacting Apple macOS that, if successfully exploited, could have allowed an attacker running as "root" to bypass the operating system's System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions. The vulnerability in question is CVE-2024-44243 (CVSS score: 5.5), a medium-severity bug

Endpoint Security / VulnerabilityMicrosoft has shed light on a now-patched security flaw impacting

Authors:(1) Muhammad Zia Hydari, Katz Graduate School of Business, University of Pittsburgh and Co

Authors:(1) Muhammad Zia Hydari, Katz Graduate School of Business, University of Pittsburgh and Co

Around the year 1900, an author (Rudyard Kipling) wrote a poem called “The Elephant’s Child.” In it, he writes: “I keep six honest serving men They taught me all I knew Their names are What and Why and When And How and Where and Who.”  Little did Kipling know that these six friends would someday […]

The post Six Friends Every Security Team Needs appeared first on Security Boulevard.

Michael HenkelmanMichael is