The vulnerability of the Intel Computing Improvement Program (Intel CIP) data collection tool, related to insufficient verification of input data, allows attackers to enhance their privileges.

The vulnerability of the data collection tool under the Intel Computing Improvement Program Intel CIP is related to insufficient testing of input data. Exploiting this vulnerability can allow attackers to enhance their privileges...

PT-2024-10612 · Touchpal · Touch Pal

Name of the Vulnerable Software and Affected Versions: Touch Pal application affected versions not specified Description: The issue concerns a wrong configuration in the Touch Pal application that can lead to the collection of user behavior data without the user's awareness. Recommendations: At t...

An air fryer, a ring, and a vacuum get brought into a home. What they take out is your data (Lock and Code S05E24)

This week on the Lock and Code podcast… The month, a consumer rights group out of the UK posed a question to the public that they’d likely never considered: Were their air fryers spying on them? By analyzing the associated Android apps for three separate air fryer models from three different...

CVE-2024-8074

Missing Authentication for Critical Function, Missing Authorization vulnerability in Nomysoft Informatics Nomysem allows Collect Data as Provided by Users. This issue affects Nomysem: before 13.10.2024...

CVE-2024-8074

Missing Authentication for Critical Function, Missing Authorization vulnerability in Nomysoft Informatics Nomysem allows Collect Data as Provided by Users. This issue affects Nomysem: before 13.10.2024...

Nomysoft Informatics Nomysem 安全漏洞

Nomysoft Informatics Nomysem is an application from Nomysoft Informatics, Inc. A security vulnerability exists in Nomysoft Informatics Nomysem versions prior to 13.10.2024 that stems from an improper privilege management vulnerability that allows collection of user-supplied data...

PT-2024-38788

Name of the Vulnerable Software and Affected Versions: Nomysem versions prior to 13.10.2024 Description: The issue is related to Improper Privilege Management, allowing the collection of data as provided by users. Recommendations: For versions prior to 13.10.2024, update to a version released aft...

The vulnerability of the Intel Computing Improvement Program’s data collection tool, related to insufficient verification of input data, allows a perpetrator to trigger a service failure.

The vulnerability of the data collection tool in the Intel Computing Improvement Program is related to insufficient testing of input data. Exploiting this vulnerability could allow an attacker to trigger a service failure...

The vulnerability of the data collection tool for Azure Monitor Agents from virtual machines and physical servers arises from incorrect handling of the link before accessing the file. This allows attackers to escalate their privileges.

The vulnerability of the data collection tool for Azure Monitor Agents, which are used for monitoring virtual machines and physical servers, is related to an incorrect definition of the link before accessing the file. Exploiting this vulnerability could allow an attacker to increase their...

Opera Browser Fixes Big Security Hole That Could Have Exposed Your Information

A now-patched security flaw in the Opera web browser could have enabled a malicious extension to gain unauthorized, full access to private APIs. The attack, codenamed CrossBarking , could have made it possible to conduct actions such as capturing screenshots, modifying browser settings, and accou...

The vulnerability of the LAquis SCADA data collection and process control tool, related to the lack of protective measures for the website structure, allows attackers to perform cross-site scripting attacks.

The vulnerability of the LAquis SCADA data collection and process control tool is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

Virtuozzo Hybrid Infrastructure 6.3 (6.3.0-170)

In this release, Virtuozzo Hybrid Infrastructure provides a range of new features that cover the compute service and our ecosystem of backup and disaster recovery solutions. Additionally, this release delivers stability and security improvements, and addresses issues found in previous releases...

Virtuozzo Hybrid Infrastructure 6.2 Update 1 Hotfix 2 (6.2.1-66)

This update provides stability fixes. Vulnerability id: VSTOR-93320 Cannot update a cluster due to little free space on the boot partition. Vulnerability id: VSTOR-93349 During a cluster update, VM live migration may fail with the libvirt error. Vulnerability id: VSTOR-93365 Fixed detaching CD-RO...

CVE-2024-9987 SQL Injection in CSV Module Data Collection

A post-authentication SQL Injection vulnerability within the filters parameter of the extensions/agentsmodulescsv functionality. This issue affects Pandora FMS: from 700 through 777.3...

CVE-2024-9987 SQL Injection in CSV Module Data Collection

A post-authentication SQL Injection vulnerability within the filters parameter of the extensions/agentsmodulescsv functionality. This issue affects Pandora FMS: from 700 through 777.3...

Modern TVs have “unprecedented capabilities for surveillance and manipulation,” group reveals

Your television is debuting the latest, most captivating program: You. In a report titled “How TV Watches Us: Commercial Surveillance in the Streaming Era,” the Center for Digital Democracy CDD spotlighted a massive data-driven surveillance apparatus that ensnares the public through modern...

CVE-2024-6400

Cleartext Storage of Sensitive Information, Exposure of Sensitive Information Through Data Queries vulnerability in Finrota Netahsilat allows Retrieve Embedded Sensitive Data, Authentication Bypass, IMAP/SMTP Command Injection, Collect Data from Common Resource Locations. This issue solved in...

Malicious Package

Overview google.fhir.r4.google is a malicious package. This package contains malicious code that collects sensitive information about the victim and sends it to the attacker's remote server. While this package might be attempting to impersonate a valid organization, there is no connection between...

Malicious Package

Overview openai-bun-test is a malicious package. This package contains malicious code that collects sensitive information about the victim and sends it to the attacker's remote server. While this package might be attempting to impersonate a valid organization, there is no connection between that...

Malicious Package

Overview asp.app is a malicious package. This package contains malicious code that collects sensitive information about the victim and sends it to the attacker's remote server. While this package might be attempting to impersonate a valid organization, there is no connection between that...