Aggregator

A vulnerability has been found in Silabs Series 2 SoC and classified as problematic. This vulnerability affects unknown code of the component ECDH/EdDSA. The manipulation leads to comparison logic is vulnerable to power side-channel attacks. This vulnerability was named CVE-2025-3301. It is possible to launch the attack on the physical device. There is no exploit available.

A vulnerability classified as very critical has been found in SAP NetWeaver 7.50. Affected is an unknown function. The manipulation leads to unrestricted upload. This vulnerability is traded as CVE-2025-31324. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

From the power of collaborative defense to identity security and AI, catch up on the event's key themes and discussions

Tien landmachtmilitairen zijn vandaag in het Franse Arromanches-des-Bains begonnen aan een estafette van bijna 1.000 kilometer. Met de actie brengen zij het bevrijdingsvuur van de Normandische stranden naar het Friese Kazemattenmuseum.

Gutting CISA won't just lose us a partner. It will lose us momentum. And in this game, that's when things break.

The US Cybersecurity and Infrastructure Security Agency has added two flaws affecting SonicWall products to its catalog of Known Exploited Vulnerabilities

The United Kingdom's National Cyber Security Centre warned that ongoing cyberattacks impacting multiple UK retail chains should be taken as a "wake-up call." [...]

Борьба с порнографией становится ширмой, за которой прячется цифровой контроль.

A vulnerability, which was classified as critical, has been found in Wasmtime up to 2.0.1. This issue affects some unknown processing. The manipulation leads to sensitive information in resource not removed before reuse. The identification of this vulnerability is CVE-2022-39393. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in haf DotNetZip.Semverd up to 1.16.0. It has been rated as critical. This issue affects some unknown processing of the file src/Zip.Shared/ZipEntry.Extract.cs. The manipulation leads to path traversal. This vulnerability only affects products that are no longer supported by the maintainer. The identification of this vulnerability is CVE-2024-48510. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Linux Kernel. Affected by this issue is the function hci_uart_register_dev in the library include/linux/skbuff.h of the component Bluetooth. The manipulation leads to improper initialization. This vulnerability is handled as CVE-2025-23139. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.1.134/6.6.87/6.12.24/6.14.2. This affects the function devm_request_irq of the component pci_endpoint_test. The manipulation leads to privilege escalation. This vulnerability is uniquely identified as CVE-2025-23140. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.15-rc1 and classified as critical. Affected by this vulnerability is the function sctp_sendmsg of the component Socket Endpoint. The manipulation leads to use after free. This vulnerability is known as CVE-2025-23142. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.134/6.6.87/6.12.23/6.13.11/6.14.2 and classified as problematic. Affected by this issue is the function kb3930_probe of the component Mfd. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2025-23146. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.134/6.6.87/6.12.23/6.13.11/6.14.2. It has been rated as critical. This issue affects the function exynos_chipid_probe of the file ice_ptp.c of the component Soc. The manipulation leads to null pointer dereference. The identification of this vulnerability is CVE-2025-23148. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.6.87/6.12.23/6.13.11/6.14.2. Affected is the function led_sysfs_disable of the file drivers/leds/led-core.c of the component backlight. The manipulation leads to privilege escalation. This vulnerability is traded as CVE-2025-23144. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.1.134/6.6.87/6.12.23/6.13.11/6.14.2 and classified as problematic. Affected by this vulnerability is the function i3c_master_queue_ibi. The manipulation leads to uninitialized pointer. This vulnerability is known as CVE-2025-23147. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

部分哺乳动物和鸟类能跟随节奏信号做出动作，然而大多数脊椎动物几乎没有能够保持节拍同步的证据。发表在《Scientific Reports》期刊上的一项研究发现，一只 15 岁的加州海狮罗南(Ronan)在 3 岁时经过训练，能够识别节拍并随着节拍点头，且将这一能力保留到了成年。研究人员评估了罗南在112、120和128拍每分钟(bpm)的鼓点节奏下做出动作的一致性和协调性。随后将同样的声音呈现给10名大学生(18-23岁)，要求他们随着鼓点拍手。研究人员利用视频追踪软件检查了参与者打拍子的准确性，发现罗南打拍子总体而言比人类参与者更准确、变化性更小：罗南相较人类的准确性随着节奏加快而提高，其128拍每分钟下，平均节拍是129拍每分钟(±2.94)，而人类平均节拍是116.2拍每分钟(±7.34)。测试结束后，罗南得到一个装满鱼和冰的玩具作为奖励。

A vulnerability was found in Musanim Music Animation Machine MIDI Player 2006aug19 Release 035. It has been declared as very critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to memory corruption. This vulnerability is known as CVE-2011-0501. The attack can be launched remotely. Furthermore, there is an exploit available.

Attackers have been using two previously known vulnerabilities (CVE-2024-38475, CVE-2023-44221) to compromise SonicWall secure mobile access devices, the vendor has confirmed by updating the associated advisories. CISA has added the two flaws to its Known Exploited Vulnerabilities catalog, and Watchtowr researchers have analyzed how they can be being chained together and have released a proof-of-concept exploit (or, as they call it, a “Detection Artefact Generator”). The exploited vulnerabilities (CVE-2024-38475, CVE-2023-44221) Sonicwall SMA100 appliances are VPN … More →

The post Attackers exploited old flaws to breach SonicWall SMA appliances (CVE-2024-38475, CVE-2023-44221) appeared first on Help Net Security.