5461 matches found
AMD Secure Encrypted Virtualization 安全漏洞
AMD Secure Encrypted Virtualization is a software application from AMD USA. Hardware-accelerated memory encryption to protect data in use. A security vulnerability exists in AMD Secure Encrypted Virtualization TMR that stems from a failure to verify that the SEV-ES TMR is not in MMIO space,...
AMD SEV-legacy 安全漏洞
AMD Secure Encrypted Virtualization is a software application from AMD USA. Hardware-accelerated memory encryption to protect data in use. A security vulnerability exists in the AMD SEV-legacy firmware. An attacker could exploit the vulnerability to cause a loss of integrity or confidentiality of...
AMD Client Vulnerabilities – May 2022
Bulletin ID: AMD-SB-1027 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary During security reviews in collaboration with Google, Microsoft, and Oracle, potential vulnerabilities in the AMD Secure Processor ASP, AMD System Management Un...
AMD Server Vulnerabilities - May 2022
Bulletin ID: AMD-SB-1028 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary During security reviews in collaboration with Google, Microsoft, and Oracle, potential vulnerabilities in the AMD Secure Processor ASP, AMD System Management Un...
CVE-2022-30335
Bonanza Wealth Management System BWM 7.3.2 allows SQL injection via the login form. Users who supply the application with a SQL injection payload in the User Name textbox could collect all passwords in encrypted format from the Microsoft SQL Server component...
CVE-2022-30335
Bonanza Wealth Management System BWM 7.3.2 allows SQL injection via the login form. Users who supply the application with a SQL injection payload in the User Name textbox could collect all passwords in encrypted format from the Microsoft SQL Server component...
CVE-2022-30335
Bonanza Wealth Management System BWM 7.3.2 allows SQL injection via the login form. Users who supply the application with a SQL injection payload in the User Name textbox could collect all passwords in encrypted format from the Microsoft SQL Server component...
CVE-2022-30335
CVE-2022-30335 affects Bonanza Wealth Management System (BWM) 7.3.2. The vulnerability is a SQL injection in the login form, exploitable via the User Name textbox, which could enable an attacker to collect all passwords in encrypted format from the Microsoft SQL Server component. The connected do...
CVE-2022-30335
Bonanza Wealth Management System BWM 7.3.2 allows SQL injection via the login form. Users who supply the application with a SQL injection payload in the User Name textbox could collect all passwords in encrypted format from the Microsoft SQL Server component...
Wealth Management System Bonanza Wealth Management SQL注入漏洞
Wealth Management System Bonanza Wealth Management System is a portfolio management analytics platform from Wealth Management System Ltd. A SQL injection vulnerability exists in Wealth Management System Bonanza Wealth Management System, which can be exploited by attackers to collect passwords in...
[SECURITY] Fedora 36 Update: golang-github-xordataexchange-crypt-0.0.2-11.20190412gitb2862e3.fc36
Store and retrieve encrypted configs from etcd or consul...
Design/Logic Flaw
A vulnerability in which attackers could forge HTTP requests to manipulate the charm data directory to access or delete anything on the server. This has been patched and is available in release v0.12.1. We recommend that all users running self-hosted charm instances update immediately. This...
This New Fileless Malware Hides Shellcode in Windows Event Logs
A new malicious campaign has been spotted taking advantage of Windows event logs to stash chunks of shellcode for the first time in the wild. "It allows the 'fileless' last stage trojan to be hidden from plain sight in the file system," Kaspersky researcher Denis Legezo said in a technical write-...
CVE-2022-29180 Charm vulnerable to server-side request forgery (SSRF)
A vulnerability in which attackers could forge HTTP requests to manipulate the charm data directory to access or delete anything on the server. This has been patched and is available in release v0.12.1. We recommend that all users running self-hosted charm instances update immediately. This...
PT-2022-19434 · Charm · Charm
Name of the Vulnerable Software and Affected Versions: charm versions prior to 0.12.1 Description: A vulnerability allows attackers to forge HTTP requests to manipulate the charm data directory, potentially accessing or deleting anything on the server. Encrypted user data uploaded to the Charm...
Mozilla: Incorrect security status shown after viewing an attached email
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of when viewing an email message A, which contains an attached message B, where B is encrypted or digitally signed or both, Thunderbird may show an incorrect encryption or signature status. After opening and...
Mozilla: Incorrect security status shown after viewing an attached email
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of when viewing an email message A, which contains an attached message B, where B is encrypted or digitally signed or both, Thunderbird may show an incorrect encryption or signature status. After opening and...
15.3 Million Request-Per-Second DDoS Attack
Cloudflare is reporting a large DDoS attack against an unnamed company "operating a crypto launchpad." While this isnt the largest application-layer attack weve seen, it is the largest weve seen over HTTPS. HTTPS DDoS attacks are more expensive in terms of required computational resources because...
Heroku Forces User Password Resets Following GitHub OAuth Token Theft
Salesforce-owned subsidiary Heroku on Thursday acknowledged that the theft of GitHub integration OAuth tokens further involved unauthorized access to an internal customer database. The company, in an updated notification, revealed that a compromised token was abused to breach the database and...
Fedora: Security Advisory for golang-github-xordataexchange-crypt (FEDORA-2022-5cbd6de569)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...