Aggregator

A vulnerability, which was classified as problematic, was found in Docker Desktop up to 4.34.1. This affects an unknown part of the component Changelog Extension. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-8695. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in ORDAT FOSS-Online up to 2.24.00. Affected by this issue is some unknown functionality of the component Forgot Password Handler. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2024-34336. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Keyfactor EJBCA up to 8.3.0. Affected by this vulnerability is an unknown functionality of the component CMP CLI Client. The manipulation leads to improper enforcement of message integrity. This vulnerability is known as CVE-2024-36066. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Mirapolis LMS 4.6.x. Affected is an unknown function. The manipulation of the argument ID/STEP leads to improper control of resource identifiers. This vulnerability is traded as CVE-2024-25270. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 17.1.6/17.2.4/17.3.1. It has been rated as problematic. This issue affects some unknown processing of the component Session Token Handler. The manipulation of the argument CI_JOB_TOKEN leads to privilege context switching error. The identification of this vulnerability is CVE-2024-8641. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in GitLab Enterprise Edition up to 17.2.4/17.3.1. It has been declared as problematic. This vulnerability affects unknown code of the component Pipeline Execution Handler. The manipulation leads to improper protection of alternate path. This vulnerability was named CVE-2024-8311. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 17.1.6/17.2.4/17.3.1. It has been classified as critical. This affects an unknown part of the component Pipeline Handler. The manipulation leads to authentication bypass by spoofing. This vulnerability is uniquely identified as CVE-2024-6678. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 17.1.6/17.2.4/17.3.1 and classified as problematic. Affected by this issue is some unknown functionality of the component graphql Log Handler. The manipulation leads to sensitive information in log files. This vulnerability is handled as CVE-2024-4472. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Wibu-Systems WibuKey up to 6.69 and classified as problematic. Affected by this vulnerability is an unknown functionality in the library WibuKey64.sys of the component Packet Handler. The manipulation leads to denial of service. This vulnerability is known as CVE-2024-45182. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Wibu-Systems WibuKey up to 6.69. Affected is an unknown function in the library WibuKey64.sys. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2024-45181. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Microsoft High Definition Audio Bus Driver 10.0.19041.3636. This issue affects the function HDAudBus_DMA of the component IRP Handler. The manipulation leads to improper control of resource through lifetime. The identification of this vulnerability is CVE-2024-45383. It is possible to launch the attack on the local host. There is no exploit available.

Специалисты описали масштабную структуру киберармии Ким Чен Ына.

Jerry Dawkins, PhD In the world of cybersecurity, the recent incident involving Snowflake has sparked a significant discussion around the shared responsibility between vendors and customers. The attacks, which targeted over 100 Snowflake customers, have highlighted vulnerabilities that arise not from the platform itself, but from how customers manage their security environments. A Bold Stance: […]

The post Navigating the Shared Responsibility Model: Lessons Learned from the Snowflake Cybersecurity Incident appeared first on CISO Global.

The post Navigating the Shared Responsibility Model: Lessons Learned from the Snowflake Cybersecurity Incident appeared first on Security Boulevard.

A vulnerability was found in wordbox Algeria Radio 2.5 and classified as critical. Affected by this issue is some unknown functionality of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is handled as CVE-2014-6678. The attack needs to be initiated within the local network. There is no exploit available.

Most investors aren't demanding cybersecurity preparedness from startups, but founders should still be worried about the risks.

A vulnerability has been found in Ticket Round Up 3.0.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is known as CVE-2014-6677. The attack needs to be done within the local network. There is no exploit available.

Authors/Presenters:Elias Heftrig, Haya Shulman, Michael Waidner

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.

Permalink

The post USENIX Security ’23 – Downgrading DNSSEC: How to Exploit Crypto Agility for Hijacking Signed Zones appeared first on Security Boulevard.