CVE-2022-23091

CVE-2022-23091 relates to FreeBSD: memory sharing in the virtual memory system mishandled, allowing an unprivileged local process to keep a page mapping after it is freed and read private data from other processes or the kernel. The advisory (FreeBSD-SA-22:11.vm) and VuXML entry describe the issu...

CVE-2023-39425

Improper access control in some IntelR DSA software before version 23.4.33 may allow an authenticated user to potentially enable escalation of privilege via local access...

SAP Master Data Governance 安全漏洞

SAP Master Data Governance is a suite of data management tools from SAP Germany for maintaining, validating, and distributing master data. An authorization issue vulnerability exists in SAP Master Data Governance for Material Data, which stems from a failure to perform the required authorization...

CVE-2024-0596

The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the editorhtml function in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with...

CVE-2024-24830

OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A vulnerability has been identified in the "/api/orgid/users" endpoint. This vulnerability allows any authenticated regular user 'member' to add new users with...

Design/Logic Flaw

OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A vulnerability has been identified in the "/api/orgid/users" endpoint. This vulnerability allows any authenticated regular user 'member' to add new users with...

CVE-2024-24830 OpenObserve Privilege Escalation Vulnerability in Users API

OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A vulnerability has been identified in the "/api/orgid/users" endpoint. This vulnerability allows any authenticated regular user 'member' to add new users with...

CVE-2024-24830

CVE-2024-24830 affects OpenObserve. The vulnerability lies in the "/api/{org_id}/users" endpoint, where the payload allows an authenticated regular user (member) to create new users with elevated privileges, including the root role. The root cause is that the user creation process does not valida...

Arbitrary File Read Vulnerability in Data Leakage Protection (DLP) System of Beijing Yisetong Technology Development Co.

Data Leakage Protection DLP system is aimed at serving enterprises and institutions for data asset grooming and data security protection. Data Leakage Protection DLP system of Beijing Yisetong Technology Development Co., Ltd. has an arbitrary file reading vulnerability, which can be exploited by...

EventPrime < 3.4.0 - Improper Input Validation via save_event_booking

Description The EventPrime plugin for WordPress is vulnerable to unauthorized modification of data due to improper input validation in the 'saveeventbooking' function in versions up to, and including, 3.3.9. This makes it possible for unauthenticated attackers to modify the price and other...

CFPB’s Proposed Data Rules

In October, the Consumer Financial Protection Bureau CFPB proposed a set of rules that if implemented would transform how financial institutions handle personal data about their customers. The rules put control of that data back in the hands of ordinary Americans, while at the same time undermini...

Approaching Complex Data Security for Small Businesses

By Waqas Small businesses are faced with unique challenges in terms of data security. You don’t have the vast resources… This is a post from HackRead.com Read the original post: Approaching Complex Data Security for Small Businesses...

CVE-2023-40550

An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase...

PT-2024-1423

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.28 Description The issue is related to an integer overflow in the raid5 cache count function of the Linux kernel's RAID driver. This can potentially allow an attacker to impact the confidentiality, integrity,...

Data Security: Leveraging AI for Enhanced Threat Detection and Prevention

By Uzair Amir In today’s ever-evolving cyberspace, organizations face an ever-increasing number of cyber threats. Malicious actors are constantly seeking to… This is a post from HackRead.com Read the original post: Data Security: Leveraging AI for Enhanced Threat Detection and Prevention...

CVE-2024-23203

CVE-2024-23203 affects Apple Shortcuts on macOS Sonoma 14.3, iOS 17.3, and iPadOS 17.3. A shortcut may access sensitive data via certain actions without prompting the user. Root cause: insufficient permissions checks; fixed by additional permissions checks. Remediation: update to macOS Sonoma 14....

Microsoft at Legalweek: Secure data and gain efficiencies with Microsoft Purview eDiscovery enhanced by generative AI

The legal profession is known for being cautious or hesitant to adopt new technologies. However, when it comes to AI, it seems like legal professionals are ready to be on the leading edge of AI implementation. A Thomson Reuters survey of legal professionals found that 82% agree that AI can be...

Are You Ready for PCI DSS 4.0?

The Payment Card Industry Data Security Standard PCI DSS is the global benchmark for ensuring companies that handle credit card information maintain a secure environment. It provides a framework to help organizations protect sensitive cardholder data from theft and secure payment card systems. In...

Mastering AI Risks: Navigating the NIST AI RMF Core with Coalfire

This article delves into mastering AI risks through the application of the NIST AI Risk Management Framework RMF Core. It emphasizes the importance of understanding and mitigating the multifaceted risks associated with AI, from ethical dilemmas to data security, and introduces Coalfires tailored...

CVE-2023-45234

EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or...