Control de Ciber 资源管理错误漏洞

Control de Ciber is a network control software from Ciber Control open source. A security vulnerability exists in Control de Ciber. No information about this vulnerability is available at this time, so please stay tuned to CNNVD or the vendor's announcement...

Developer Sabotages Open-Source Software Package

This is a big deal: A developer has been caught adding malicious code to a popular open-source package that wiped files on computers located in Russia and Belarus as part of a protest that has enraged many users and raised concerns about the safety of free and open source software. The applicatio...

A Developer Altered Open Source Software to Wipe Files in Russia

The author of a popular application pushed out an update containing malicious code in an effort to sabotage computers in the country...

FUXA 代码问题漏洞

FUXA is an open source web-based process visualization SCADA/HMI/Dashboard software. A security vulnerability exists in FUXA 1.1.3 that originates from obtaining sensitive information from the server's internal environment and services, which could typically lead to an attacker executing commands...

LIVE Webinar: Key Lessons Learned from Major Cyberattacks in 2021 and What to Expect in 2022

With the COVID-19 pandemic continuing to impact, and perhaps permanently changing, how we work, cybercriminals again leveraged the distraction in new waves of cyberattacks. Over the course of 2021 we saw an increase in multiple attack approaches; some old, some new. Phishing and ransomware...

Gerbv RS-274X aperture macro outline primitive out-of-bounds read vulnerability

Summary An out-of-bounds read vulnerability exists in the RS-274X aperture macro outline primitive functionality of Gerbv 2.7.0 and dev commit b5f1eacd and the forked version of Gerbv commit d7f42a9a. A specially-crafted Gerber file can lead to information disclosure. An attacker can provide a...

SentryPeer - A Distributed Peer To Peer List Of Bad Actor IP Addresses And Phone Numbers Collected Via A SIP Honeypot

A distributed list of bad actor IP addresses and phone numbers collected via a SIP Honeypot. Introduction This is basically a fraud detection tool. It lets bad actors try to make phone calls and saves the IP address they came from and number they tried to call. Those details are then used to bloc...

CVE-2022-23600 Limited ability to spoof SAML authentication with missing audience verification

fleet is an open source device management, built on osquery. Versions prior to 4.9.1 expose a limited ability to spoof SAML authentication with missing audience verification. This impacts deployments using SAML SSO in two specific cases: 1. A malicious or compromised Service Provider SP could reu...

CVE-2022-21741 Division by zero in TFLite

Tensorflow is an Open Source Machine Learning Framework. Impact An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to...

The Log4j Vulnerability Puts Pressure on the Security World

It’s not my intention to be alarmist about the Log4j vulnerability CVE-2021-44228, known as Log4Shell, but this one is pretty bad. First of all, Log4j is a ubiquitous logging library that is very widely used by millions of computers. Second, the director of the U.S. Cybersecurity & Infrastructure...

Microsoft Faces Wormable, Critical RCE Bug & 6 Zero-Days

Microsoft has addressed a total of 97 security vulnerabilities in its January 2022 Patch Tuesday update – nine of them rated critical – including six that are listed as publicly known zero-days. The fixes cover a swath of the computing giant’s portfolio, including: Microsoft Windows and Windows...

Catfish CMS 跨站请求伪造漏洞

Catfish CMS is an open source web content management system. a cross-site request forgery vulnerability exists in Catfish CMS. No detailed vulnerability details are currently available...

YetiForceCrm 跨站请求伪造漏洞

YetiForceCrm is an open source Crm system from the Polish company YetiForce. Yetiforcecrm suffers from a cross-site request forgery vulnerability, for which no detailed vulnerability details are currently available...

Gerbv RS-274X format aperture macro variables out-of-bounds write vulnerability

Summary An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev commit b5f1eacd and the forked version of Gerbv commit 71493260. A specially-crafted gerber file can lead to code execution. An attacker can provide a maliciou...

Discourse Information Disclosure Vulnerability

Discourse is an open source community discussion platform. The platform includes features such as community, email and chat rooms. Discourse suffers from an information disclosure vulnerability that stems from the fact that a maliciously crafted request may result in an intermediate proxy cache...

ALSA-2021:4256 Moderate: graphviz security update

Graphviz is open-source graph-visualization software. Graph visualization is a way of representing structural information as diagrams of abstract graphs and networks. It has important applications in networking, bioinformatics, software engineering, database and web design, machine learning, and ...

Gerbv drill format T-code tool number out-of-bounds write vulnerability

Summary An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev commit b5f1eacd, and the forked version of Gerbv commit 71493260. A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to...

Tubitak Ulakbim LiderAhenk Software 访问控制错误漏洞

Tubitak Ulakbim LiderAhenk Software is an open source software system from the Turkish National Center for Academic Networks and Knowledge Tubitak Ulakbim company. It is used for centralized management, monitoring and control of systems and users on corporate networks. A security vulnerability...

CrowdSec - An Open-Source Massively Multiplayer Firewall Able To Analyze Visitor Behavior And Provide An Adapted Response To All Kinds Of Attacks

CrowdSec is a free, modern & collaborative behavior detection engine, coupled with a global IP reputation network. It stacks on fail2ban's philosophy but is IPV6 compatible and 60x faster Go vs Python, uses Grok patterns to parse logs and YAML scenario to identify behaviors. CrowdSec is engineere...

Security at Scale in the Open-Source Supply Chain

“We’ve all heard of paying it forward, but this is ridiculous!” That’s probably what most of us think when one of our partners or vendors inadvertently leaves an open door into our shared supply-chain network; an attacker can enter at any time. Well, we probably think in slightly more...