Aggregator

A vulnerability was found in Mozilla Firefox up to 129.x. It has been rated as problematic. This issue affects some unknown processing of the component Internal Browser Event Interface. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2024-8382. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Firefox up to 129.x. It has been declared as critical. This vulnerability affects unknown code of the component Property Name Lookup. The manipulation leads to type confusion. This vulnerability was named CVE-2024-8381. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in SeaCMS 12.9. It has been classified as critical. This affects an unknown part of the file /dmplayer/dmku/index.php?ac=del. The manipulation of the argument id leads to sql injection. This vulnerability is uniquely identified as CVE-2024-44921. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Mozilla Firefox up to 129.x and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2024-8389. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Mozilla Firefox up to 129.x and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Notifications Handler. The manipulation leads to improper restriction of rendered ui layers. This vulnerability is known as CVE-2024-8388. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Mozilla Firefox up to 129.x. Affected is an unknown function. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2024-8387. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Python CPython up to 3.13.0rc1. This issue affects some unknown processing of the component Tar File Handler. The manipulation leads to inefficient regular expression complexity. The identification of this vulnerability is CVE-2024-6232. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Vulnerabilities in Microsoft apps for macOS could allow attackers to steal permissions and access sensitive data. Cisco Talos researchers discovered eight vulnerabilities in Microsoft apps for macOS. These flaws could allow attackers to inject malicious libraries into Microsoft’s apps and steal permissions. This could enable access to sensitive resources like the microphone, camera, and screen […]

A vulnerability classified as problematic was found in Mozilla Firefox up to 129.x. This vulnerability affects unknown code of the component Scheme Allocation Handler. The manipulation leads to improper authorization in handler for custom url scheme. This vulnerability was named CVE-2024-8383. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Withhive Kakao 2.11.1.0 and classified as critical. Affected by this issue is some unknown functionality of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is handled as CVE-2014-5852. The attack can only be initiated within the local network. There is no exploit available.

Oil and gas giant Halliburton has confirmed in a filing today to the Securities and Exchange Commission (SEC) that data was stolen in the recent attack linked to the RansomHub ransomware gang. [...]

A vulnerability has been found in Dark Summoner 1.03.39 and classified as critical. Affected by this vulnerability is an unknown functionality of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is known as CVE-2014-5851. The attack can only be done within the local network. There is no exploit available.

三大亮点抢先看！

Корпоративные клиенты в России столкнулись с новым ударом от корпорации.

A vulnerability was found in XOOPS John Mordo Jobs Module up to 2.4. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument cid leads to sql injection. This vulnerability is known as CVE-2007-2370. The attack can be launched remotely. Furthermore, there is an exploit available.

Zyxel has patched a myriad of vulnerabilities in its various networking devices, including a critical one (CVE-2024-7261) that may allow unauthenticated attackers to execute OS commands on many Zyxel access points (APs) and security routers by sending a specially crafted cookie to the vulnerable devices. CVE-2024-7261 CVE-2024-7261 is an OS command injection vulnerability that stems from the improper neutralization of special elements in the parameter “host” in the CGI program of some AP and security … More →

The post Critical flaw in Zyxel’s secure routers allows OS command execution via cookie (CVE-2024-7261) appeared first on Help Net Security.

Is the network defendable? This serious question is often conveniently left unasked because the answer is uncomfortable. On June 3, 1983, the day before I graduated from high school, MGM released the movie “War Games”.  For those who never saw the movie, the plot is essentially a teenage hacker accidentally kicks off an AI computer..

The post Is the “Network” Defendable? appeared first on Security Boulevard.

A vulnerability, which was classified as critical, was found in Kaave Fali 1.5.1. Affected is an unknown function of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is traded as CVE-2014-5850. The attack needs to be approached within the local network. There is no exploit available.