CVE-2026-25659

Ericsson Packet Core Gateway (PCG) before version 1.30 is affected by an Improper Handling of Missing Values (CWE-230). A crafted message can be repeatedly sent to cause service degradation; impact persists while the attack continues and the system recovers once the attack stops. Remediation: upg...

Fortinet FortiClient (All) - Lack of client-side certificate validation using SAML SSO (FG-IR-22-230) (macOS)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-230 advisory. - An improper certificate validation vulnerability CWE-295 in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7,...

Fortinet FortiClient (All) - Lack of client-side certificate validation using SAML SSO (FG-IR-22-230)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-230 advisory. - An improper certificate validation vulnerability CWE-295 in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7,...

CVE-2022-48895

In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Don't unregister on shutdown Michael Walle says he noticed the following stack trace while performing a shutdown with "reboot -f". He suggests he got "lucky" and just hit the correct spot for the reboot while ther...

CVE-2024-32030

Kafka UI is an Open-Source Web UI for Apache Kafka Management. Kafka UI API allows users to connect to different Kafka brokers by specifying their network address and port. As a separate feature, it also provides the ability to monitor the performance of Kafka brokers by connecting to their JMX...

CVE-2024-32030 Remote code execution via JNDI resolution in JMX metrics collection in Kafka UI

Kafka UI is an Open-Source Web UI for Apache Kafka Management. Kafka UI API allows users to connect to different Kafka brokers by specifying their network address and port. As a separate feature, it also provides the ability to monitor the performance of Kafka brokers by connecting to their JMX...

New Lawsuit Attempting to Make Adversarial Interoperability Legal

Lots of complicated details here: too many for me to summarize well. It involves an obscure Section 230 provision--and an even more obscure typo. Read this...

Unitronics Vision series PLCs 安全漏洞

Unitronics Vision series PLCs are a series of PLCs from Unitronics, Inc. A security vulnerability exists in Unitronics Vision series PLCs that originates from a vulnerability that allows an attacker to retrieve message mode passwords without authentication. Affected products and versions:...

Two Supreme Court cases could change the Internet as we know it

The Supreme Court is about to reconsider Section 230, a law thats been the foundation of the way we have used the Internet for decades. The court will be handling a few cases that at first glance are about online platforms' liability for hosting accounts from foreign terrorists. But at a deeper...

CISA Warns of Flaws Affecting Industrial Control Systems from Major Manufacturers

The U.S. Cybersecurity and Infrastructure Security Agency CISA has released several Industrial Control Systems ICS advisories warning of critical security flaws affecting products from Sewio, InHand Networks, Sauter Controls, and Siemens. The most severe of the flaws relate to Sewio's RTLS Studio...

PT-2023-7518 · Sauter · Sauter Controls Nova 106 +2

Name of the Vulnerable Software and Affected Versions: SAUTER Controls Nova 200–220 Series versions 3.3-006 and prior SAUTER Controls Nova 230 versions affected versions not specified SAUTER Controls Nova 106 versions affected versions not specified BACnetstac version 4.2.1 and prior Description:...

US school district sues Facebook, Instagram, Snapchat, TikTok over harm to kids

Public schools in a Seattle district filed a lawsuit on Friday against parent companies of the biggest social networks on the internet, alleging social media is to blame for "a youth mental health crisis", and saying these companies have purposefully designed, refined, and operated their platform...

Amazon Linux 2022 : ghostscript (ALAS2022-2022-230)

The version of ghostscript installed on the remote host is prior to 9.56.1-5. It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-230 advisory. - A NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of...

AutomationDirect DirectLOGIC with Serial Communication

1. EXECUTIVE SUMMARY CVSS v3 7.7 ATTENTION: Low attack complexity Vendor: AutomationDirect Equipment: DirectLOGIC with Serial Communication Vulnerability: Cleartext Transmission of Sensitive Information 2. UPDATE OR REPOSTED INFORMATION This updated advisory is a follow-up to the original...

Siemens Product WIBU Systems CodeMeter Runtime Denial of Service Vulnerability

PSSRCAPE is a transmission and distribution network protection simulation software. pssRE i is a power system simulation and analysis tool for transmission operation and planning. pssRODMS i is a transmission network modeling and analysis tool. sicam 230 is a scalable process control system for a...

A week in security (December 28 – January 3)

First off we would like to wish all our readers a happy and secure 2021! Last week on Malwarebytes Labs we presented an overview of developments in the SearchDimension hijackers, we looked at the most enticing cyberattacks of 2020, and we also looked back at the strangest cybersecurity events of...

The EARN-IT Act

Prepare for another attack on encryption in the U.S. The EARN-IT Act purports to be about protecting children from predation, but it's really about forcing the tech companies to break their encryption schemes: The EARN IT Act would create a "National Commission on Online Child Sexual Exploitation...

ec2-54-65-12-66.ap-northeast-1.compute.amazonaws.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-975874 Security Researcher MAS00712 Helped patch 230 vulnerabilities Received 4 Coordinated Disclosure badges Received 9 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting...

CVE-2019-13407

A XSS found in Advan VD-1 firmware versions up to 230. VD-1 responses a path error message when a requested resource was not found in page cgibin/ssi.cgi. It leads to a reflected XSS because the error message does not escape properly...

CVE-2019-13408

A relative path traversal vulnerability found in Advan VD-1 firmware versions up to 230. It allows attackers to download arbitrary files via url cgibin/ExportSettings.cgi?Download=filepath, without any authentication...