8752 matches found
Debian dla-3178 : ffmpeg - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3178 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3178-1 [email protected] https://www.debian.org/lts/security/...
CVE-2022-39382 NODE_ENV in Keystone defaults to development with esbuild
Keystone is a headless CMS for Node.js — built with GraphQL and React.@keystone-6/[email protected] || 3.0.1 users that use NODEENV to trigger security-sensitive functionality in their production builds are vulnerable to NODEENV being inlined to "development" for user code, irrespective of what your...
PT-2022-6321 · Silicon +1 · Gecko Sdk +1
Name of the Vulnerable Software and Affected Versions: Micrium uC-HTTP version 3.01.01 Silicon Labs Gecko SDK affected versions not specified Description: The issue is related to a heap-based buffer overflow in the HTTP server functionality. This can be exploited by sending a specially crafted HT...
[SECURITY] Fedora 35 Update: php-8.0.25-1.fc35
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
Exploit for Out-of-bounds Write in Microsoft
CVE-2021-1732 CVE-2021-1732 Microsoft Windows 10 本地提权漏 研究及Po...
Denial of Service Vulnerability in Configuration King (CNVD-2022-83556)
Configuration King is an industrial automation configuration software produced by Beijing Asian Control Technology Development Co. A denial of service vulnerability exists in Configuration King, which can be exploited by an attacker to cause a process crash...
Denial of Service Vulnerability in Configuration King (CNVD-2022-78794)
Configuration King is an industrial automation configuration software produced by Beijing Asian Control Technology Development Co. A denial of service vulnerability exists in Configuration King, which can be exploited by an attacker to cause a process crash...
SUSE: Security Advisory (SUSE-SU-2022:3791-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ProtectMyTooling - Multi-Packer Wrapper Letting Us Daisy-Chain Various Packers, Obfuscators And Other Red Team Oriented Weaponry
Script that wraps around multitude of packers, protectors, obfuscators, shellcode loaders, encoders, generators to produce complex protected Red Team implants. Your perfect companion in Malware Development CI/CD pipeline, helping watermark your artifacts, collect IOCs, backdoor and more...
Logical flaws in the electronic document security management system of Beijing Yisaitong Technology Development Co.
Electronic Document Security Management System is an electronic document security encryption software. There is a logic flaw vulnerability in the Electronic Document Security Management System of Beijing Yisetong Technology Development Co., Ltd. that can be exploited by attackers to obtain...
SUSE: Security Advisory (SUSE-SU-2022:3718-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2022:3728-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2022:3707-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
XSS Vulnerability in Faculty Integration System of Hunan Qiangzhi Technology Development Co.
Hunan Qiangzhi Technology Development Co., Ltd. is an education informatization service provider. An XSS vulnerability exists in the Teaching Services Integration System of Hunan Qiangzhi Technology Development Co. Ltd, which can be exploited by attackers to obtain sensitive information such as...
Infographic: How CNAPP Consolidate Cybersecurity Tools
A cloud-native application protection platform CNAPP consolidates your security tools, helping development, DevOps, cloud, and security teams sort each piece and see the big picture...
SUSE: Security Advisory (SUSE-SU-2022:3672-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OldGremlin Ransomware Targeted Over a Dozen Russian Entities in Multi-Million Scheme
A Russian-speaking ransomware group dubbed OldGremlin has been attributed to 16 malicious campaigns aimed at entities operating in the transcontinental Eurasian nation over the course of two and a half years. "The group's victims include companies in sectors such as logistics, industry, insurance...
Moderate: Red Hat Security Advisory: java-11-openjdk security and bug fix update
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Social Engineering dos and don’ts
Another day, another success at sneaking into a building and pretending to be staff. I do so love drinking other peoples expensive office coffee. No fruit bowls though. Close, but no banana. It got me thinking, again, about what makes for good social engineering SE, and what advice would I give m...
Solve the Cloud-Native App Security Puzzle with CNAPP
Explore the value of integrating cloud-native application protection into security and development...