βΌ CVE-2023-24754 βΌ
π Read
via "National Vulnerability Database".
libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24751 βΌ
π Read
via "National Vulnerability Database".
libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the mc_chroma function at motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24752 βΌ
π Read
via "National Vulnerability Database".
libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_hevc_epel_pixels_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25221 βΌ
π Read
via "National Vulnerability Database".
Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function in motion.cc.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46805 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Lauri Karisola / WP Trio Conditional Shipping for WooCommerce plugin <= 2.3.1 leading to activation/deactivation of plugin rulesets.π Read
via "National Vulnerability Database".
β LastPass: Keylogger on home PC led to cracked corporate password vault β
π Read
via "Naked Security".
Seems the crooks implanted a keylogger via a vulnerable media app (LastPass politely didn't say which one!) on a developer's home computer.π Read
via "Naked Security".
Naked Security
LastPass: Keylogger on home PC led to cracked corporate password vault
Seems the crooks implanted a keylogger via a vulnerable media app (LastPass politely didnβt say which one!) on a developerβs home computer.
π₯1
π΄ The Importance of Recession-Proofing Security Operations π΄
π Read
via "Dark Reading".
Make sure cybersecurity is taken seriously and consistently across the board. Educate the ecosystem beyond your own organization to mitigate security risks for everyone.π Read
via "Dark Reading".
Dark Reading
The Importance of Recession-Proofing Security Operations
Make sure cybersecurity is taken seriously and consistently across the board. Educate the ecosystem beyond your own organization to mitigate security risks for everyone.
π΄ What Happened in That Cyberattack? With Some Cloud Services, You May Never Know π΄
π Read
via "Dark Reading".
More cyberattackers are targeting organizations' cloud environments, but some cloud services, such as Google Cloud Platform's storage, fail to create adequate logs for forensics.π Read
via "Dark Reading".
Dark Reading
What Happened in That Cyberattack? With Some Cloud Services, You May Never Know
More cyberattackers are targeting organizations' cloud environments, but some cloud services, such as Google Cloud Platform's storage, fail to create adequate logs for forensics.
βΌ CVE-2023-0460 βΌ
π Read
via "National Vulnerability Database".
The YouTube Embedded 1.2 SDK binds to a service within the YouTube Main App. After binding, a remote context is created with the flags Context.CONTEXT_INCLUDE_CODE | Context.CONTEXT_IGNORE_SECURITY. This allows the client app to remotely load code from YouTube Main App by retrieving the Main AppΓ’β¬β’s ClassLoader. A potential vulnerability in the binding logic used by the client SDK where the SDK ends up calling bindService() on a malicious app rather than YT Main App. This creates a vulnerability where the SDK can load the malicious appΓ’β¬β’s ClassLoader instead, allowing the malicious app to load arbitrary code into the calling app whenever the embedded SDK is invoked. In order to trigger this vulnerability, an attacker must masquerade the Youtube app and install it on a device, have a second app that uses the Embedded player and typically distribute both to the victim outside of the Play Store.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39228 βΌ
π Read
via "National Vulnerability Database".
vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. vantage6 does not inform the user of wrong username/password combination if the username actually exists. This is an attempt to prevent bots from obtaining usernames. However, if a wrong password is entered a number of times, the user account is blocked temporarily. This issue has been fixed in version 3.8.0.π Read
via "National Vulnerability Database".
π΄ Linux Support Expands Cyber Spy Group's Arsenal π΄
π Read
via "Dark Reading".
An infamous Chinese cyber-hacking team has extended its SysUpdate malware framework to target Linux systems.π Read
via "Dark Reading".
Dark Reading
Linux Support Expands Cyber Spy Group's Arsenal
An infamous Chinese cyber-hacking team has extended its SysUpdate malware framework to target Linux systems.
π΄ Offensive Security Is Now OffSec - Refresh Reflects Future of Cybersecurity Learning and Skills Development π΄
π Read
via "Dark Reading".
Updated OffSecβ’ identity substantiates the company's commitment to expanding its cybersecurity content and resources to prepare infosec professionals for the future.π Read
via "Dark Reading".
Dark Reading
Offensive Security Is Now OffSec - Refresh Reflects Future of Cybersecurity Learning and Skills Development
Updated OffSecβ’ identity substantiates the company's commitment to expanding its cybersecurity content and resources to prepare infosec professionals for the future.
βΌ CVE-2023-23005 βΌ
π Read
via "National Vulnerability Database".
In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the alloc_memory_type return value (expects it to be NULL in the error case, whereas it is actually an error pointer).π Read
via "National Vulnerability Database".
βΌ CVE-2023-23006 βΌ
π Read
via "National Vulnerability Database".
In the Linux kernel before 5.15.13, drivers/net/ethernet/mellanox/mlx5/core/steering/dr_domain.c misinterprets the mlx5_get_uars_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer).π Read
via "National Vulnerability Database".
βΌ CVE-2023-23003 βΌ
π Read
via "National Vulnerability Database".
In the Linux kernel before 5.16, tools/perf/util/expr.c lacks a check for the hashmap__new return value.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25931 βΌ
π Read
via "National Vulnerability Database".
Medtronic identified that the Pelvic Health clinician apps, which are installed on the Smart Programmer mobile device, have a password vulnerability that requires a security update to fix. Not updating could potentially result in unauthorized control of the clinician therapy application, which has greater control over therapy parameters than the patient app. Changes still cannot be made outside of the established therapy parameters of the programmer. For unauthorized access to occur, an individual would need physical access to the Smart Programmer.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4901 βΌ
π Read
via "National Vulnerability Database".
Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the victim.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24133 βΌ
π Read
via "National Vulnerability Database".
Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey_5g parameter at /goform/WifiBasicSet.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23000 βΌ
π Read
via "National Vulnerability Database".
In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return value. Callers expect NULL in the error case, but an error pointer is used.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24129 βΌ
π Read
via "National Vulnerability Database".
Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey4 parameter at /goform/WifiBasicSet.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24134 βΌ
π Read
via "National Vulnerability Database".
Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey3 parameter at /goform/WifiBasicSet.π Read
via "National Vulnerability Database".