CentralSquare CryWolf - Path Traversal

A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf False Alarm Management through 2024-08-09 allows unauthenticated attackers to read files outside of the working web directory via the rpt parameter, leading to the disclosure of sensitive information. id: CVE-2024-45241 info:...

Hyperparameter Tuning-Based Optimized Performance Analysis of Machine Learning Algorithms for Network Intrusion Detection

Network Intrusion Detection Systems NIDS are essential for securing networks by identifying and mitigating unauthorized activities indicative of cyberattacks. As cyber threats grow increasingly sophisticated, NIDS must evolve to detect both emerging threats and deviations from normal behavior. Th...

EUVD-2019-4936

Malware in sbrugna...

EUVD-2022-50996

Malicious code in bioql PyPI...

CovertAuth: Joint Covert Communication and Authentication in MmWave Systems

Beam alignment BA is a crucial process in millimeter-wave mmWave communications, enabling precise directional transmission and efficient link establishment. However, due to characteristics like omnidirectional exposure and the broadcast nature of the BA phase, it is particularly vulnerable to...

Simultaneously Exposing and Jamming Covert Communications Via Disco Reconfigurable Intelligent Surfaces

Covert communications provide a stronger privacy protection than cryptography and physical-layer security PLS. However, previous works on covert communications have implicitly assumed the validity of channel reciprocity, i.e., wireless channels remain constant or approximately constant during the...

CVE-2024-53097

In the Linux kernel, the following vulnerability has been resolved: mm: krealloc: Fix MTE false alarm in dokrealloc This patch addresses an issue introduced by commit 1a83a716ec233 "mm: krealloc: consider spare memory for GFPZERO" which causes MTE Memory Tagging Extension to falsely report a...

CVE-2024-53097 mm: krealloc: Fix MTE false alarm in __do_krealloc

In the Linux kernel, the following vulnerability has been resolved: mm: krealloc: Fix MTE false alarm in dokrealloc This patch addresses an issue introduced by commit 1a83a716ec233 "mm: krealloc: consider spare memory for GFPZERO" which causes MTE Memory Tagging Extension to falsely report a...

CVE-2024-53097

CVE-2024-53097 affects the Linux kernel mm/krealloc path. Connected sources confirm a patch for mm: krealloc: Fix MTE false alarm in __do_krealloc, addressing a false KASAN/MTE slab-out-of-bounds error triggered when zeroing spare memory in __do_krealloc. Root cause: memory tagging mismatch due t...

CVE-2024-53097

In the Linux kernel, the following vulnerability has been resolved: mm: krealloc: Fix MTE false alarm in dokrealloc This patch addresses an issue introduced by commit 1a83a716ec233 "mm: krealloc: consider spare memory for GFPZERO" which causes MTE Memory Tagging Extension to falsely report a...

CVE-2024-45241

CVE-2024-45241 affects CentralSquare CryWolf (False Alarm Management); the vulnerability is a path traversal in GeneralDocs.aspx that allows unauthenticated attackers to read files outside the working web directory via the rpt parameter, leading to sensitive disclosures. The connected Nuclei temp...

CVE-2024-45241

A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf False Alarm Management through 2024-08-09 allows unauthenticated attackers to read files outside of the working web directory via the rpt parameter, leading to the disclosure of sensitive information...

PT-2024-31499 · Centralsquare · Centralsquare Crywolf

Name of the Vulnerable Software and Affected Versions: CentralSquare CryWolf False Alarm Management versions prior to 2024-08-09 Description: A traversal vulnerability in GeneralDocs.aspx allows unauthenticated attackers to read files outside of the working web directory via the rpt parameter,...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a false alarm in the USB usbfs...

A week in security (December 11 – December 17)

Last week on Malwarebytes Labs: PikaBot distributed via malicious search ads Chrome starts the countdown to the end of tracking cookies Apple to introduce new feature that makes life harder for iPhone thieves Recently-patched Apache Struts vulnerability used in worldwide attacks ALPHV ransomware...

“Amazon got hacked” messages are a false alarm

Amazon customers have been seeing a message on social media that has caused some alarm. Most of the posts look like one of these depending on the social media platform: “PSA!! Amazon got hacked. For USA based people, check your Amazon account. Hackers added HUB lockers as your default delivery...

CVE-2022-48296

The SystemUI has a vulnerability in permission management. Successful exploitation of this vulnerability may cause users to receive broadcasts from malicious apps, conveying false alarm information about external storage devices...

Design/Logic Flaw

The SystemUI has a vulnerability in permission management. Successful exploitation of this vulnerability may cause users to receive broadcasts from malicious apps, conveying false alarm information about external storage devices...

CVE-2022-48296

The SystemUI has a vulnerability in permission management. Successful exploitation of this vulnerability may cause users to receive broadcasts from malicious apps, conveying false alarm information about external storage devices...

Krisp: Log4j CVE-2021–44228

The researcher's canary token got DNS interaction, which raised a false sense of log4shell vulnerability. $hostName would be exfiltrated if any of the processing servers were vulnerable, but as seen in the video submitted by the researcher just a plain DNS resolving was made...