SBI SECURITIES Co.,Ltd. Security Vulnerabilities

Debian: Security Advisory (DLA-1807-1)

The remote host is missing an update for the...

Mageia: Security Advisory (MGASA-2016-0428)

The remote host is missing an update for...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 17 security fixes: [1484394] High CVE-2024-0812: Inappropriate implementation in Accessibility. Reported by Anonymous on 2023-09-19 [1504936] High CVE-2024-0808: Integer underflow in WebUI. Reported by Lyra Rebane (rebane2001) on 2023-11-24 [1496250]...

Debian: Security Advisory (DLA-1801-1)

The remote host is missing an update for the...

Mageia: Security Advisory (MGASA-2022-0376)

The remote host is missing an update for...

Mageia: Security Advisory (MGASA-2017-0046)

The remote host is missing an update for...

Command Execution Vulnerability in SuperMap iServer 10i of Beijing SuperMap Software Co.

SuperMap iServer is a cloud GIS application server based on high-performance cross-platform GIS kernel. A command execution vulnerability exists in SuperMap iServer 10i of Beijing SuperMap Software Co. Ltd. that can be exploited by an attacker to gain control of the...

Ex-Google Engineer Arrested for Stealing AI Technology Secrets for China

The U.S. Department of Justice (DoJ) announced the indictment of a 38-year-old Chinese national and a California resident for allegedly stealing proprietary information from Google while covertly working for two China-based tech companies. Linwei Ding (aka Leon Ding), a former Google engineer who.....

Slackware: Security Advisory (SSA:2008-180-01)

The remote host is missing an update for...

Debian: Security Advisory (DSA-2902-1)

The remote host is missing an update for the...

CVE-2023-48347

In video decoder, there is a possible out of bounds read due to improper input validation. This could lead to local denial of service with no additional execution privileges...

CVE-2023-48342

In media service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges...

CVE-2023-48340

In video decoder, there is a possible out of bounds write due to improper input validation. This could lead to local denial of service with no additional execution privileges...

CVE-2023-48349

In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges...

CVE-2023-48345

In video decoder, there is a possible out of bounds read due to improper input validation. This could lead to local denial of service with no additional execution privileges...

CVE-2023-48348

In video decoder, there is a possible out of bounds write due to improper input validation. This could lead to local denial of service with no additional execution privileges...

CVE-2023-48344

In video decoder, there is a possible out of bounds read due to improper input validation. This could lead to local denial of service with no additional execution privileges...

CVE-2023-48343

In video decoder, there is a possible out of bounds write due to improper input validation. This could lead to local denial of service with no additional execution privileges...

New Leak Shows Business Side of China’s APT Menace

A new data leak that appears to have come from one of China's top private cybersecurity firms provides a rare glimpse into the commercial side of China's many state-sponsored hacking groups. Experts say the leak illustrates how Chinese government agencies increasingly are contracting out foreign...

Debian: Security Advisory (DSA-2533-1)

The remote host is missing an update for the...

Unauthorized access vulnerability in SuperMap iServer of Beijing SuperMap Software Co. Ltd (CNVD-2023-61163)

SuperMap iServer is a cloud GIS application server based on high-performance cross-platform GIS kernel. An unauthorized access vulnerability exists in SuperMap iServer of Beijing SuperMap Software Co. Ltd, which can be exploited by attackers to obtain sensitive...

CVE-2023-48351

In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges...

CVE-2023-48341

In video decoder, there is a possible out of bounds read due to improper input validation. This could lead to local denial of service with no additional execution privileges...

Debian: Security Advisory (DLA-3624-1)

The remote host is missing an update for the...

Mageia: Security Advisory (MGASA-2022-0357)

The remote host is missing an update for...

CVE-2023-48350

In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges...

CVE-2023-48346

In video decoder, there is a possible improper input validation. This could lead to local denial of service with no additional execution privileges...

CVE-2023-51767

OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim...

SQL Injection Vulnerability in Electronic Document Security Management System of Beijing Yisaitong Technology Development Co., Ltd (CNVD-2024-00987)

Electronic document security management system is a controllable authorization of electronic document security sharing management system, using real-time dynamic encryption and decryption protection technology and real-time rights recovery mechanism, to provide all kinds of electronic documents...

U.S. Charges Iranian Hacker, Offers $10 Million Reward for Capture

The U.S. Department of Justice (DoJ) on Friday unsealed an indictment against an Iranian national for his alleged involvement in a multi-year cyber-enabled campaign designed to compromise U.S. governmental and private entities. More than a dozen entities are said to have been targeted, including...

Hewlett Packard Enterprise also searched by Cozy Bear

Hewlett Packard Enterprise (HPE) has disclosed that the state-sponsored actor known as Cozy Bear (aka Midnight Blizzard), gained unauthorized access to HPE’s cloud-based email environment. This news comes only days after Microsoft broke very similar news that it got hacked by this same state...

Debian: Security Advisory (DSA-2736-1)

The remote host is missing an update for the...

SUSE: Security Advisory (SUSE-SU-2018:2051-1)

The remote host is missing an update for...

Signed third party UEFI bootloaders are vulnerable to Secure Boot bypass

Overview A security feature bypass vulnerability exists in signed 3rd party UEFI bootloaders that allows bypass of the UEFI Secure Boot feature. An attacker who successfully exploits this vulnerability can bypass the UEFI Secure Boot feature and execute unsigned code during the boot process....

Arbitrary File Read Vulnerability in Damon Qizi Conference Data Visualization System (DMQZDV Experience Edition) of Wuhan Damon Database Co.

Damon Qiji big data visualization system is a one-stop tool platform for big data display. An arbitrary file read vulnerability exists in the Damon Qizhi Big Data Visualization System (DMQZDV Experience Version) of Wuhan Damon Database...

HTTP/2 CONTINUATION frames can be utilized for DoS attacks

Overview HTTP allows messages to include named fields in both header and trailer sections. These header and trailer fields are serialised as field blocks in HTTP/2, so that they can be transmitted in multiple fragments to the target implementation. Many HTTP/2 implementations do not properly limit....

Unauthorized Access Vulnerability in the MEGVII Face Recognition Passing Platform of Beijing Kuangyi Technology Co.

Beijing Kuangshi Technology Co., Ltd. is an artificial intelligence company focusing on IoT scenarios. An unauthorized access vulnerability exists in the Kuangxiang MEGVII face recognition pass platform of Beijing Kuangxiang Technology Co. that can be exploited by attackers to obtain sensitive...

CVE-2023-5091

Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory. This issue affects Valhall GPU Kernel Driver: from r37p0 through...

Unauthorized Access Vulnerability in Website Monitoring and Warning Platform of Yuanjiang Shengbang (Beijing) Network Security Technology Co.

Ltd. is an independent innovative enterprise dedicated to WEB application security solutions and application delivery. There is an unauthorized access vulnerability in the website monitoring and warning platform of Yuanjiang Shengbang (Beijing) Network Security Technology Co., Ltd, which can be...

Design/Logic Flaw

Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory. This issue affects Valhall GPU Kernel Driver: from r37p0 through...

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 25, 2024 to March 31, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 405 vulnerabilities disclosed in 320...

Mageia: Security Advisory (MGASA-2021-0272)

The remote host is missing an update for...

CVE-2022-34344

Missing Authorization vulnerability in Rymera Web Co Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More.This issue affects Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles,...

Authorization

Missing Authorization vulnerability in Rymera Web Co Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More.This issue affects Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles,...

Directory Traversal Vulnerability in the Training Platform of Shenzhen Sigma Data Technology Co.

Shenzhen Sigma Data Technology Co., Ltd. is an enterprise mainly engaged in software and information technology service industry. Shenzhen Sigma Data Technology Co., Ltd. practical training teaching platform (to fish with the party) there is a directory traversal vulnerability, an attacker can use....

About the security content of macOS Monterey 12.7.3

About the security content of macOS Monterey 12.7.3 This document describes the security content of macOS Monterey 12.7.3. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...

OpenSSL 3.0.0 to 3.0.6 decodes some punycode email addresses in X.509 certificates improperly

Overview Two buffer overflow vulnerabilities were discovered in OpenSSL versions 3.0.0 through 3.0.6. These vulnerabilities were introduced in version 3.0.0 with the inclusion of support for punycode email address parsing for X.509 certificates. OpenSSL's assessment of the severity of the...

Debian: Security Advisory (DLA-1771-1)

The remote host is missing an update for the...

cuevana123.co Cross Site Scripting vulnerability OBB-3737743

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

openSUSE Security Update : the Linux Kernel (openSUSE-2020-1698)

The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2020-12351: Fixed a type confusion while processing AMP packets aka 'BleedingTooth' aka 'BadKarma' (bsc#1177724). CVE-2020-24490: Fixed a heap buffer...