250 matches found
CVE-2024-20259
A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. This vulnerability is due to a crafted IPv4 DHCP request packet being mishandle...
Cisco IOS XE Software DHCP Snooping with Endpoint Analytics Denial of Service Vulnerability
A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. This vulnerability is due to a crafted IPv4 DHCP request packet being mishandle...
PT-2024-13337 · Ibm · Ibm Sterling Secure Proxy
Name of the Vulnerable Software and Affected Versions: IBM Sterling Secure Proxy versions 6.0.3 through 6.1.0 Description: The issue concerns the failure to set the secure attribute on authorization tokens or session cookies. Attackers may exploit this by sending a http:// link to a user or by...
CVE-2023-42016
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the...
Ski & bike helmets protect your head, not location or voice
TL;DR Livall smart ski and bike helmet app leaks the wearers real time position Group audio chat allows snooping on conversations Both issues are due to missing authorisation Bike app affects 1 million users, ski app affects a few thousand users Fixed by the vendor, but after we had to call on a...
Vulnerabilities in EDK2 NetworkPkg IP stack implementation.
Overview Multiple vulnerabilities were discovered in the TCP/IP stack NetworkPkg of Tianocore EDKII, an open source implementation of Unified Extensible Firmware Interface UEFI. Researchers at Quarkslab have identified a total of 9 vulnerabilities that if exploited via network can lead to remote...
Mobile malware analysis for the BBC
This is a version of our report referenced in the Helping a mobile malware fraud victim blog post, with all sensitive information removed. Summary One malicious application was identified on the device, and evidence identified during the examination strong suggests though this cannot be confirmed...
CVE-2023-6660
When a program running on an affected system appends data to a file via an NFS client mount, the bug can cause the NFS client to fail to copy in the data to be written but proceed as though the copy operation had succeeded. This means that the data to be written is instead replaced with whatever...
Design/Logic Flaw
When a program running on an affected system appends data to a file via an NFS client mount, the bug can cause the NFS client to fail to copy in the data to be written but proceed as though the copy operation had succeeded. This means that the data to be written is instead replaced with whatever...
CVE-2023-6660 NFS client data corruption and kernel memory disclosure
When a program running on an affected system appends data to a file via an NFS client mount, the bug can cause the NFS client to fail to copy in the data to be written but proceed as though the copy operation had succeeded. This means that the data to be written is instead replaced with whatever...
A week in security (December 4 – December 10)
Last week on Malwarebytes Labs: Meta’s Purple Llama wants to test safety risks in AI models US government is snooping on people via phone push notifications, says senator Android phones can be taken over remotely – update when you can How IT teams can conduct a vulnerability assessment for...
Authorization
IBM CICS TX Advanced 10.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the...
Defeating Little Brother requires a new outlook on privacy: Lock and Code S04E23
This week on the Lock and Code podcast… A worrying trend is cropping up amongst Americans, particularly within Generation Z—theyre spying on each other more. Whether reading someones DMs, rifling through a partners text messages, or even rummaging through the bags and belongings of someone else,...
Cisco NX-OS Software Internet Group Management Protocol Snooping Remote Code Execution and Denial of Service (CVE-2018-0292)
A vulnerability in the Internet Group Management Protocol IGMP Snooping feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to reload, resulting in...
CVE-2023-33847
IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a sit...
Authorization
IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a sit...
Amazon fined $31 million over privacy breaches, including snooping on kids
By Habiba Rashid The case involves Amazon's settlement with the FTC over security and privacy violations committed by its subsidiaries, Ring and Alexa. This is a post from HackRead.com Read the original post: Amazon fined $31 million over privacy breaches, including snooping on kids...
K16845: MySQL vulnerability CVE-2015-3152
Security Advisory Description An unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.7.2 and earlier allows an attacker to downgrade MySQL SSL/TLS connections, snoop database queries and results, or directly manipulate database contents. CVE-2015-3152 Impact Although the...
SUSE CVE-2004-0634
The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows remote attackers to cause a denial of service process crash via a handle without a policy name, which causes a null dereference...
A Destabilizing Hack-and-Leak Operation Hits Moldova
Plus: Google’s location snooping ends in a $391 million settlement, Russian code sneaks into US government apps, and the World Cup apps set off alarms...