Aggregator

VMware fixed a code execution flaw in Fusion hypervisor Pierluigi Paganini September 03, 2024

A vulnerability has been found in Adobe Acrobat Reader up to 11.0.22/2015.006.30355/2017.011.30066/2017.012.20098 and classified as critical. This vulnerability affects unknown code. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2017-16406. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Mozilla 释出了 Firefox 130，新版本变化不大，下一个版本将引入垂直标签。Firefox 130 的主要变化包括：整页翻译之后选择一段文本翻译到不同语言；设置中新的 Firefox Labs 页面可用于实验不同功能，AI Chatbot 可以添加到侧边栏快速访问，切换标签时可选择让画中画自动显示在活跃标签上；Linux 上的 Overscroll 动画；Firefox 翻译支持越南语等 11 种新语言，安全修正，等等。

A vulnerability, which was classified as critical, has been found in Zhwnl ecalendar2 4.5.3. Affected by this issue is some unknown functionality of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is handled as CVE-2014-5862. Access to the local network is required for this attack. There is no exploit available.

Skip to contentIn episode 14 of “The AI Fix”, Graham makes an apology, Mark wonders if sui

VICIdial Multiple Authenticated SQL Injection### This module requires Metasploit: https://metaspl

TVT NVMS-1000 Directory Traversal### This module requires Metasploit: https://metasploit.com/down

IntelliNet 2.0 Remote Root#!/usr/local/bin/nodeconst { execSync } = require('child_process');con

Tennessee-Based Specialty Networks Incident Is Latest Attack on Business Associates
A vendor that provides information systems and transcription services to radiology practices is alerting 411,037 people of a hack discovered last December involving the theft of sensitive data. The firm already faces at least four proposed federal class action lawsuits related to the hack.

Sprague Replaces Veteran CEO, Plans to Double Down on PTaaS and AI Red Teaming
HackerOne has tapped F5's longtime product leader as it next chief executive to continue expanding its portfolio beyond operating vulnerability disclosure programs. The firm tasked Kara Sprague with building on existing growth in areas including AI red teaming and penetration testing as a service.

Director Hails New Guidance as 'First Step' in Resolving BGP Security Risks
Harry Coker, director of the Office of the National Cyber Director, described new guidance published Tuesday that aims to bolster internet routing security as a critical "first step" in addressing long-standing security issues that threaten the backbone of global communications.

Agency Publishes Notice Soliciting Comments on Potential Federal Response
An artificial intelligence-fueled growth in data center construction has the federal government asking what it should do to help manage data security risks. The NTIA is interested in identifying opportunities "to improve data centers’ market development, supply chain resilience, and data security."

A CVSS score 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H severity vulnerability discovered by 'Chizuru Toyama of TXOne Networks' was reported to the affected vendor on: 2024-09-04, 62 days ago. The vendor is given until 2025-01-02 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.5 AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2024-09-04, 62 days ago. The vendor is given until 2025-01-02 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2024-09-04, 62 days ago. The vendor is given until 2025-01-02 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N severity vulnerability discovered by 'Poh Jia Hao of STAR Labs SG Pte. Ltd.' was reported to the affected vendor on: 2024-09-04, 62 days ago. The vendor is given until 2025-01-02 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A frequently asked question in cybersecurity is “What affects me?”. Companies want to know not only what is affecting other companies but what is specifically affecting similar companies in their industry and is therefore likely to affect them.

The post Research Identifies Prevalence of Brand Impersonation in Three-Year Cross-Industry Analysis appeared first on Security Boulevard.

WMCTF2024 | 倒计时3天 | 等你来战

A vulnerability classified as critical has been found in WP Events Manager Plugin up to 2.1.11 on WordPress. This affects an unknown part. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2024-7717. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in IP Vault Plugin up to 1.1 on WordPress. This vulnerability affects unknown code. The manipulation leads to protection mechanism failure. This vulnerability was named CVE-2022-4536. The attack can be initiated remotely. There is no exploit available.