228 matches found
CVE-2025-49489
Improper Resource Shutdown or Release vulnerability in ASR FalconLinux、Kestrel、LapwingLinux on Linux conmgr components allows Resource Leak Exposure. This vulnerability is associated with program files conmgr/dialertask.C. This issue affects FalconLinux、Kestrel、LapwingLinux: before v1536...
Asrmicro ASR Series 安全漏洞
The Asrmicro ASR Series is a series of chips from China's Avantage Technology Asrmicro. A security vulnerability exists in Asrmicro ASR Series, which originates from an improper resource release in the dialertask.C file in the conmgr component, which could lead to a resource leak...
CVE-2021-22807
A CWE-787: Out-of-bounds Write vulnerability exists that could cause arbitrary code execution when a malicious .gd1 configuration file is loaded into the GUIcon tool. Affected Product: Eurotherm by Schneider Electric GUIcon Version 2.0 Build 683.003 and prior...
CVE-2021-38111
The DEF CON 27 badge allows remote attackers to exploit a buffer overflow by sending an oversized packet via the NFMI Near Field Magnetic Induction protocol...
Cybersecurity communities. Small hacker groups, big impact
TL;DR Cybersecurity communities and groups are an excellent opportunity to network and learn There are OWASP, DEF CON, 2600, university hacking societies, Meetup communities and more to choose from They provide workshops, talks, and practical learning opportunities benefiting both newcomers and...
SUSE CVE-2024-53203
In the Linux kernel, the following vulnerability has been resolved: usb: typec: fix potential array underflow in ucsiccgsynccontrol The "command" variable can be controlled by the user via debugfs. The worry is that if conindex is zero then "&uc-ucsi-connectorconindex - 1" would be an array...
AZL-55788 CVE-2024-53203 affecting package kernel for versions less than 5.15.184.1-1
In the Linux kernel, the following vulnerability has been resolved: usb: typec: fix potential array underflow in ucsiccgsynccontrol The "command" variable can be controlled by the user via debugfs. The worry is that if conindex is zero then "&uc-ucsi-connectorconindex - 1" would be an array...
AZL-55733 CVE-2024-53203 affecting package kernel for versions less than 6.6.90.1-1
In the Linux kernel, the following vulnerability has been resolved: usb: typec: fix potential array underflow in ucsiccgsynccontrol The "command" variable can be controlled by the user via debugfs. The worry is that if conindex is zero then "&uc-ucsi-connectorconindex - 1" would be an array...
UBUNTU-CVE-2024-53203
In the Linux kernel, the following vulnerability has been resolved: usb: typec: fix potential array underflow in ucsiccgsynccontrol The "command" variable can be controlled by the user via debugfs. The worry is that if conindex is zero then "&uc-ucsi-connectorconindex - 1" would be an array...
DEBIAN-CVE-2024-50076
In the Linux kernel, the following vulnerability has been resolved: vt: prevent kernel-infoleak in confontget font.data may not initialize all memory spaces depending on the implementation of vc-vcsw-confontget. This may cause info-leak, so to prevent this, it is safest to modify it to initialize...
AZL-52089 CVE-2024-50076 affecting package kernel for versions less than 6.6.64.2-1
In the Linux kernel, the following vulnerability has been resolved: vt: prevent kernel-infoleak in confontget font.data may not initialize all memory spaces depending on the implementation of vc-vcsw-confontget. This may cause info-leak, so to prevent this, it is safest to modify it to initialize...
UBUNTU-CVE-2024-50076
In the Linux kernel, the following vulnerability has been resolved: vt: prevent kernel-infoleak in confontget font.data may not initialize all memory spaces depending on the implementation of vc-vcsw-confontget. This may cause info-leak, so to prevent this, it is safest to modify it to initialize...
CVE-2024-10337
A vulnerability classified as critical has been found in SourceCodeHero Clothes Recommendation System 1.0. Affected is an unknown function of the file /admin/home.php?con=add. The manipulation of the argument cat/subcat/ t1/t2/text leads to sql injection. It is possible to launch the attack...
Root Access for Data Control: A DEF CON IoT Village Story
Every year, Rapid7 is a presenter at DEF CON’s IoT Village, sharing in-depth insight and expertise into the hacking of all things Internet of Things. This year, our perennial IoT hacking presenter, Principal Security Researcher, IoT, Deral Heiland, along with Rapid7 pentest team members, showed...
Malicious code in telegram-con (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c4423698d3e9c78a69cbb237d0f5e731fc3d3cb87d359523298398d8ef719c8f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-8050 Malicious code in telegram-con (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c4423698d3e9c78a69cbb237d0f5e731fc3d3cb87d359523298398d8ef719c8f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
GHSA-WQ9X-QWCQ-MMGF Diesel vulnerable to Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts
The following presentation at this year's DEF CON was brought to our attention on the Diesel Gitter Channel: SQL Injection isn't Dead: Smuggling Queries at the Protocol Level Archive link for posterity. Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to...
Researchers Uncover 10 Flaws in Google's File Transfer Tool Quick Share
As many as 10 security flaws have been uncovered in Google's Quick Share data transfer utility for Android and Windows that could be assembled to trigger remote code execution RCE chain on systems that have the software installed. "The Quick Share application implements its own specific...
Metasploit Weekly Wrap-Up 08/09/2024
Black Hat & DEF CON Hopefully folks were able to catch our Rapid7 researchers @zeroSteiner & Jack Heysel show off the Metasploit 6.4's features, focusing on combinations that allow for new, streamlined attack workflows at Black Hat. If not they will also be demoing at DEF CON tomorrow in room W30...
The top stories coming out of the Black Hat cybersecurity conference
Over the next two weeks, two of the largest cybersecurity conferences in the world will take place in Las Vegas: Black Hat and DEF CON. That means product announcements, buzzwords and stories about "X smart appliance could burn your house down!" or something like that. Over the next two weeks, Il...