771 matches found
USN-7592-1: Linux kernel vulnerabilities
Michael Randrianantenaina discovered that the Bluetooth driver in the Linux Kernel contained an improper access control vulnerability. A nearby attacker could use this to connect a rougue device and possibly execute arbitrary code. CVE-2024-8805 It was discovered that the CIFS network file system...
The vulnerability of the software for configuring and setting up Universal Relay (UR) devices from GE Vernova Enervista UR Setup lies in the authentication procedures’ deficiencies, which allow attackers to influence the integrity of the protected information.
The vulnerability of the software for configuring and setting up devices of the Universal Relay UR series from GE Vernova Enervista UR Setup is related to deficiencies in the authentication process. Exploiting this vulnerability could allow attackers to compromise the integrity of the protected...
The vulnerability of the IBM Verify Identity Access Digital Credentials access control system lies in the shortcomings of its error reporting mechanism, allowing attackers to gain unauthorized access to protected information.
The vulnerability of the IBM Verify Identity Access Digital Credentials access control system is related to deficiencies in the error reporting mechanism. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
Open Source, Open Threats? Investigating Security Challenges in Open-Source Software
Open-source software OSS has become increasingly more popular across different domains. However, this rapid development and widespread adoption come with a security cost. The growing complexity and openness of OSS ecosystems have led to increased exposure to vulnerabilities and attack surfaces...
The vulnerability of the Task Scheduler in Windows operating systems allows a malicious individual to escalate their privileges.
The vulnerability of the Task Scheduler in Windows operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of the Local Security Authority (LSA) service on Windows operating systems allows a perpetrator to trigger a service failure.
The vulnerability of the Local Security Authority LSA service on Windows operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to cause a service failure...
No CWE? No Excuse. Why Classification Gaps Are a Hacker’s Dream
Running short on time but still want to stay in the know? Well, we’ve got you covered! We’ve condensed all the key takeaways into a handy audio summary. Our AI-driven podcasts are fit for on the go. Click right here to hear it all on CAASM & CDMB Inefficiencies! In cybersecurity, we obsess over...
The vulnerability of the Update Handler component in Mozilla Firefox, Mozilla Firefox ESR, and the Mozilla Thunderbird email client allows a hacker to escalate their privileges.
The vulnerability of the Update Handler component in Mozilla Firefox, Mozilla Firefox ESR, and the email client Mozilla Thunderbird is related to access control deficiencies. Exploiting this vulnerability can allow an attacker to enhance their privileges remotely...
Vulnerabilities of operating systems visionOS, iOS, iPadOS, tvOS, and macOS, related to deficiencies in authentication mechanisms, allow attackers to circumvent existing security restrictions.
The vulnerability of the visionOS operating system is related to deficiencies in the authentication mechanism. Exploiting this vulnerability allows an attacker to circumvent existing security restrictions...
USN-7550-5: Linux kernel (NVIDIA) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - Sun RPC protocol; CVE-2024-56608, CVE-2024-56551, CVE-2024-53168...
The vulnerability of the ViewState mechanism of the ConnectWise ScreenConnect remote access software allows a perpetrator to execute arbitrary code.
The vulnerability of the ViewState mechanism of the ConnectWise ScreenConnect remote access software lies in the deficiencies of the authentication process. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a specially crafted ViewState request...
Devolutions Server 访问控制错误漏洞
Devolutions Server is an application from Devolutions Canada Inc. which provides a full-featured shared account and password management solution. An Access Control Error vulnerability exists in Devolutions Server version 2025.1.7.0 and prior versions, which stems from improper access control for...
CVE-2023-41928
The device is observed to accept deprecated TLS protocols, increasing the risk of cryptographic weaknesses...
CVE-2023-41927
The server supports at least one cipher suite which is on the NCSC-NL list of cipher suites to be phased out, increasing the risk of cryptographic weaknesses...
CVE-2021-27501
Philips Vue PACS versions 12.2.x.x and prior does not follow certain coding rules for development, which can lead to resultant weaknesses or increase the severity of the associated vulnerabilities...
CVE-2021-37059
There is a Weaknesses Introduced During Design...
CVE-2020-27020
Password generator feature in Kaspersky Password Manager was not completely cryptographically strong and potentially allowed an attacker to predict generated passwords in some cases. An attacker would need to know some additional information for example, time of password generation...
CVE-2019-8113
Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1 uses cryptographically weak random number generator to brute-force the confirmation code for customer registration...
VMware ESXi和VMware vCenter Server 安全漏洞
VMware ESXi and VMware vCenter Server are both products of VMware, Inc.VMware ESXi is a server virtualization platform that can be installed directly on physical servers.VMware vCenter Server is a suite of server and virtualization management software. The software provides a centralized platform...
Side Channel Analysis in Homomorphic Encryption
Homomorphic encryption provides many opportunities for privacy-aware processing, including with methods related to machine learning. Many of our existing cryptographic methods have been shown in the past to be susceptible to side channel attacks. With these, the implementation of the cryptographi...