108 matches found
CVE-2024-26765
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Disable IRQ before initfn for nonboot CPUs Disable IRQ before initfn for nonboot CPUs when hotplug, in order to silence such warnings and also avoid potential errors due to unexpected interrupts: WARNING: CPU: 1 PID: 0...
CVE-2023-29051
CVE-2023-29051 affects Open-Xchange App Suite. User-defined OXMF templates could access a limited part of the internal Java API, with an ineffective default switch to disable template usage. This could allow unauthorized users to discover and modify application state, including objects tied to ot...
PT-2023-31140
Name of the Vulnerable Software and Affected Versions Hotel Management version 1.0 Description The issue concerns multiple authenticated Reflected Cross-Site Scripting vulnerabilities. Specifically, the children parameter of the "reservation.php" resource is copied into the HTML document as plain...
Design/Logic Flaw
Requests to cache an image could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be...
CVE-2023-26452
Requests to cache an image and return its metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL...
CVE-2023-42456
Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to...
PT-2023-26107 · Geeklog · Geeklog
Name of the Vulnerable Software and Affected Versions: Geeklog version 2.2.2 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Rule and Route parameters of "/admin/router.php" API endpoint. This enables the execution of...
PT-2023-6250 · Yifan · Yifan Yf325
Name of the Vulnerable Software and Affected Versions: Yifan YF325 version 1.0 20221108 Description: The issue is related to two heap-based buffer overflow vulnerabilities in the httpd manage post functionality. A specially crafted network request can lead to a heap buffer overflow, allowing an...
PT-2025-25909 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.17.0-rc2-syzkaller-00316-g0457e5153e0e Description: A vulnerability in the Linux kernel has been resolved, related to the udmabuf device. If the DMA mask is not set explicitly, a warning occurs when userspace...
PT-2022-17632 · Tcl · Tcl Linkhub Mesh Wi-Fi
Name of the Vulnerable Software and Affected Versions: TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14 Description: A stack-based buffer overflow vulnerability exists in the confsrv ucloud set node location functionality. This issue can be triggered by a specially-crafted network packet, leading to a...
Ransomware protection with Malwarebytes EDR: Your FAQs, answered!
We get a few questions about ransomware protection and how our Endpoint Detection and Response software can protect you from ransomware. In this post, our security experts answer some of your most frequently asked questions about ransomware and how our EDR can help—let’s get started. Q: When...
Ransomware protection with Malwarebytes EDR: Your FAQs, answered!
We get a few questions about ransomware protection and how our Endpoint Detection and Response software can protect you from ransomware. In this post, our security experts answer some of your most frequently asked questions about ransomware and how our EDR can help--lets get started. Q: When...
Simplifying the fight against ransomware: An expert explains
Fighting against ransomware can be difficult—especially if your organization has limited IT resources to begin with. But Adam Kujawa, security evangelist and director of Malwarebytes Labs, has a few tips for overburdened IT folks looking to simplify their fight against ransomware. In this post,...
PT-2022-3891 · Robustel · Robustel R1510
Name of the Vulnerable Software and Affected Versions: Robustel R1510 version 3.3.0 Description: The issue is related to command injection vulnerabilities in the web server's ajax endpoints functionalities. A specially-crafted network packet can lead to arbitrary command execution. The /ajax/set...
CVE-2022-30190 (Follina) vulnerability in MSDT: description and counteraction
At the end of May, researchers from the naosec team reported a new zero-day vulnerability in Microsoft Support Diagnostic Tool MSDT that can be exploited using Microsoft Office documents. It allowed attackers to remotely execute code on Windows systems, while the victim could not even open the...
PT-2022-18880 · Sap · Sap Netweaver Abap Server +1
Name of the Vulnerable Software and Affected Versions: SAP NetWeaver ABAP Server and ABAP Platform versions 740, 750, 787 Description: The issue allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked t...
Spring4Shell (CVE-2022-22965): details and mitigations
Last week researchers found the critical vulnerability CVE-2022-22965 in Spring – the open source Java framework. Using the vulnerability, an attacker can execute arbitrary code on a remote web server, which makes CVE-2022-22965 a critical threat, given the Spring frameworks popularity. By analog...
Trellix Global Defenders: Analysis and Protections for BlackByte Ransomware
Trellix Global Defenders: Analysis and Protections for BlackByte Ransomware By Taylor Mullins · February 28, 2022 BlackByte Ransomware has been in the news of late due to a successful attack against a National Football League NFL Franchise and a Joint Cybersecurity Advisory by the Federal Bureau ...
All Vulnerabilities for records.tceq.texas.gov Patched via Open Bug Bounty
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| records.tceq.texas.gov ---|--- Open Bug...
PT-2022-12055 · Reolink · Reolink Rlc-410W
Name of the Vulnerable Software and Affected Versions: reolink RLC-410W version 3.0.0.136 20121102 Description: A denial of service issue exists in the cgiserver.cgi JSON command parser functionality. This can be triggered by a specially-crafted HTTP request, leading to a reboot. The SetRec param...