CVE-2024-47265

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in encrypted share umount functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users to write specific files via unspecified vector...

[SECURITY] Fedora 40 Update: krb5-1.21.3-3.fc40

Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of sending passwords over the network in unencrypted form...

CVE-2024-47265

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in encrypted share umount functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users to write specific files via unspecified vector...

CVE-2024-47265

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in encrypted share umount functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users to write specific files via unspecified vector...

Apple ordered to grant access to users’ encrypted data

Last week, an article in the Washington Post revealed the UK had secretly ordered Apple to provide blanket access to protected cloud backups around the world. Since then, privacy focused groups have uttered their objections. The UK government has demanded to be able to access encrypted data store...

SystemBC RAT Now Targets Linux, Spreading Ransomware and Infostealers

SystemBC RAT now targets Linux, enabling ransomware gangs like Ryuk & Conti to spread, evade detection, and maintain encrypted C2 traffic for stealthy cyberattacks...

An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords.

...

Astra Linux – Vulnerability in Thunderbird

Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird versions earlier than 128.4.3 and Thunderbird version 132.0.1...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Handle protected guests properly in completehypercallexit Use is64bithypercall instead of is64bitmode to detect a 64-bit hypercall when completing said hypercall. For guests with protected state, e.g., SEV-ES and SEV-SN...

AMD Server Processor 安全漏洞

AMD Server Processor is a processor product for the server market from UltraMicro Semiconductor AMD that is primarily used in data centers, cloud computing, and high-performance computing. A security vulnerability exists in AMD Server Processor that stems from the improper handling of invalid...

SolarWinds Web Help Desk 安全漏洞

SolarWinds Web Help Desk is a suite of help desk and asset management software from US-based SolarWinds. The software supports centralized knowledge base, IT asset management, project and task management, and other features. A security vulnerability exists in SolarWinds Web Help Desk versions pri...

AMD Server Processor Vulnerabilities – February 2025

AMD ID: AMD-SB-3009 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary Potential vulnerabilities in the AMD Secure Processor ASP, AMD Secure Encrypted Virtualization SEV, AMD Secure Encrypted Virtualization – Secure Nested Paging SEV-SN...

Improper Validation of Specified Quantity in Input

Overview io.netty:netty-handler is a library that provides an asynchronous event-driven network application framework and tools for rapid development of maintainable high performance and high scalability protocol servers and clients. In other words, Netty is a NIO client server framework which...

UK Secret Order Demands That Apple Give Access to Users’ Encrypted Data

Plus: Benjamin Netanyahu gives Donald Trump a golden pager, Hewlett Packard Enterprise blames Russian government hackers for a breach, and more...

[SECURITY] Fedora 41 Update: rust-sevctl-0.6.0-4.fc41

Administrative utility for AMD SEV...

The vulnerability of the JetBrains YouTrack project and task management software interface allows a hacker to obtain the user’s encrypted credentials.

The vulnerability of the JetBrains YouTrack project and task management software interface relates to the disclosure of information through registration files. Exploiting this vulnerability can allow attackers to obtain encrypted user credentials...

Keycloak on Quarkus CLI option for encrypted JGroups ignored

The env option KCCACHEEMBEDDEDMTLSENABLED does not work and the jgroups replication configuration is always used in plain. This option worked before in 24 and 22. More info in public issue https://github.com/keycloak/keycloak/issues/34644...

CVE-2022-31122

Wire is an encrypted communication and collaboration platform. Versions prior to 2022-07-12/Chart 4.19.0 are subject to Token Recipient Confusion. If an attacker has certain details of SAML IdP metadata, and configures their own SAML on the same backend, the attacker can delete all SAML...

CVE-2019-19282

A vulnerability has been identified in OpenPCS 7 V8.1 All versions, OpenPCS 7 V8.2 All versions, OpenPCS 7 V9.0 All versions V9.0 Upd3, SIMATIC BATCH V8.1 All versions, SIMATIC BATCH V8.2 All versions V8.2 Upd12, SIMATIC BATCH V9.0 All versions V9.0 SP1 Upd5, SIMATIC NET PC Software V14 All...

CVE-2024-7763

In WhatsUp Gold versions released before 2024.0.0, an Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials...