Exploit for Improper Restriction of XML External Entity Reference in Adobe Commerce

CVE-2024-34102 ★ Thanks to @th3gokul, Sanjaith3hacker, Chocapi...

PT-2024-29946 · Zoom · Zoom Sdks +3

Name of the Vulnerable Software and Affected Versions: Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers affected versions not specified Description: A buffer overflow issue may allow an authenticated user to conduct a denial of service via network access. This issue affects some Zo...

PT-2024-28685 · Zoom · Zoom Sdks +3

Name of the Vulnerable Software and Affected Versions: Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers affected versions not specified Description: The issue allows a privileged user to conduct an information disclosure via network access. This is related to sensitive information...

Fedora: Security Advisory (FEDORA-2024-4fcf85b0ff)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 39 Update: nss-3.103.0-1.fc39

Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security...

SUSE: Security Advisory (SUSE-SU-2024:2868-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-38202

Summary Microsoft was notified that an elevation of privilege vulnerability exists in Windows Update, potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security VBS. However, an...

SQL Injection Vulnerability in Saber Enterprise Development Platform of Shanghai Breadtech Co.

Ltd. is a software technology-oriented enterprise with high-end software technology consulting and microservice technology architecture design as its main business. A SQL injection vulnerability exists in the Saber Enterprise Development Platform of Shanghai Breadtech Limited, which can be...

CrowdStrike Reveals Root Cause of Global System Outages

Cybersecurity company CrowdStrike has published its root cause analysis detailing the Falcon Sensor software update crash that crippled millions of Windows devices globally. The "Channel File 291" incident, as originally highlighted in its Preliminary Post Incident Review PIR, has been traced bac...

VulnCheck KEV: CVE-2024-29895

Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server when registerargcargv option of PHP is On. In cmdrealtime.php line 119, the...

Stable Channel Update for Desktop

The Stable channel has been updated to 127.0.6533.99/.100 for Windows, Mac and 127.0.6533.99 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. Security Fixes and Rewards Note: Access to bug details and links may be kept...

Ryan Pentney reflects on 10 years of Talos and his many roles from the Sourcefire days

As the adage goes: "You dont know what you dont know." For Ryan Pentney and his team, they know what they dont know. And they wake up every morning trying to figure out how they can answer those questions about emerging threats and some of the largest state-sponsored actors in the world. Pentney ...

New Android Trojan "BlankBot" Targets Turkish Users' Financial Data

Cybersecurity researchers have discovered a new Android banking trojan called BlankBot targeting Turkish users with an aim to steal financial information. "BlankBot features a range of malicious capabilities, which include customer injections, keylogging, screen recording and it communicates with...

Wear OS Security Bulletin—August 2024Stay organized with collectionsSave and categorize content based on your preferences.

The Wear OS Security Bulletin contains details of security vulnerabilities affecting the Wear OS platform. The full Wear OS update comprises the security patch level of 2024-08-05 or later from the August 2024 Android Security Bulletin in addition to all issues in this bulletin. We encourage all...

Education in Secure Software Development

The Linux Foundation and OpenSSF released a report on the state of education in secure software development. …many developers lack the essential knowledge and skills to effectively implement secure software development. Survey findings outlined in the report show nearly one-third of all...

SUSE: Security Advisory (SUSE-SU-2024:2681-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Celebrating Excellence: Rapid7 Recognized in Newsweek's Greatest Workplaces in America 2024

In a testament to its commitment to fostering an exceptional workplace environment, Rapid7 is proud to be included in Newsweek's Greatest Workplaces in America for 2024. This recognition not only underscores Rapid7's dedication to its people, but also cements its standing among companies that...

Spring Tips: Spring Security method security with special guest Rob Winch

Hi, Spring fans! In this installment I have special guest Spring Security lead Rob Winch give us a master class in how the method security support works and some of its new features. Come for the security, stay for the incredible opportunity to look over a senior engineer's shoulders as he explai...

Exploit for CVE-2024-39700

CVE-2024-39700 Proof of Concept Repositories created using th...

Dahua Security Cameras Improper Authentication (CVE-2017-9316)

Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. The vulnerability was caused by internal Debug function. This particular function was used for problem analysis and performance tuning during product development phase. It allowed the device...