EUVD-2013-7087

Malware in sbrugna...

Improper Authorization in Select Permissions

Due to the order in which permissions were processed, some statements, filters and computations could lead to leaking field values or record contents to users without the required permissions. This behavior could be triggered in different scenarios: - When performing a SELECT operation on a table...

kernel: Fix of 7 CVEs

KVM: nSVM: avoid picking up unsupported bits from L2 in intctl CVE-2021-3653 CVE-2021-3653 - xen/netfront: fix leaking data in shared pages CVE-2022-33740 - xfs: fix up non-directory creation in SGID directories CVE-2021-4037 - netsched: clsroute: remove from list when handle is 0 CVE-2022-2588 -...

kernel: Fix of 7 CVEs

KVM: nSVM: avoid picking up unsupported bits from L2 in intctl CVE-2021-3653 CVE-2021-3653 - xen/netfront: fix leaking data in shared pages CVE-2022-33740 - xfs: fix up non-directory creation in SGID directories CVE-2021-4037 - netsched: clsroute: remove from list when handle is 0 CVE-2022-2588 -...

CVE-2021-34121

An Out of Bounds flaw was discovered in htmodoc 1.9.12 in function parsetree in toc.cxx, this possibly leads to memory layout information leaking in the data. This might be used in a chain of vulnerability in order to reach code execution...

CVE-2023-0459

A vulnerability was found in copyfromuser in 64-bit versions of the Linux kernel. This flaw allows a local attacker to bypass the "accessok" sanity check and pass a kernel pointer to copyfromuser, resulting in kernel data leaking. Mitigation Mitigation for this issue is either not available or th...

CVE-2022-0462

Inappropriate implementation in Scroll in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

CVE-2021-38022

Inappropriate implementation in WebAuthentication in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

Last week cybercriminals deployed ransomware to 1,500 organizations, including many that provide IT security and technical support to other companies. The attackers exploited a vulnerability in software from Kaseya, a Miami-based company whose products help system administrators manage large...

VideoBytes: Is it goodbye forever to Maze ransomware?

Hello Folks! In this Videobyte we’re talking about Maze ransomware and whether or not its shutting down, and what that means for the cybercrime world. The notorious Maze ransomware group, known for its corporate targeting and data leaking extortion schemes is, apparently, shutting down operations...

Weblate: Information Disclosure on demo.weblate.org

Description The demo instance, located on https://demo.weblate.org is leaking user's IP-adresses in the Activity log. F185728 Impact The authenticated user can disclose valid IP adresses of other users through Activity log. The feature works as it should so no changes should be made on the GitHub...

DLA-342-1 openafs - security update

Bulletin has no description...

Charter Communications Fixes Data Leaking Vulnerability

Internet-cable-television provider Charter Communications recently fixed an issue with its website that was inadvertently leaking the information of tens of thousands of customers. Customers’ payment details, modem serial numbers, device names, account numbers, home addresses, were being spilled...

FTC: P2P Networks Rife With Leaked ID Data

The Federal Trade Commission today finally voiced concern about the long-known problem of data leaking into criminal hands via LimeWire, BearShare, Kazaa and dozens of other peer-to-peer p2p file sharing networks. The FTC put nearly 100 companies and agencies on notice that their employees appear...