Lucene search
K

141 matches found

schneier
schneier
added 2022/07/20 3:32 p.m.12 views

Russia Creates Malware False-Flag App

The Russian hacking group Turla released an Android app that seems to aid Ukrainian hackers in their attacks against Russian networks. Its actually malware, and provides information back to the Russians: The hackers pretended to be a "community of free people around the world who are fighting...

1.5AI score
Exploits0
cnnvd
cnnvd
added 2022/03/25 12:0 a.m.4 views

zlib 缓冲区错误漏洞

zlib is a general-purpose data compression library by Mark Adler, an individual developer in the United States. A buffer error vulnerability exists in zlib version 1.2.11, which stems from a possible memory corruption during compression if the input has many far matches...

7.5CVSS7.3AI score0.52063EPSS
Exploits1References129
schneier
schneier
added 2022/03/04 10:4 p.m.12 views

Friday Squid Blogging: Far Side Cartoon

Squid, of course. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.8AI score
Exploits0
redhat
redhat
added 2022/01/27 2:11 p.m.6 views

OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Keytool. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

5.3CVSS6.9AI score0.05241EPSS
Exploits0References4
schneier
schneier
added 2021/12/10 10:5 p.m.16 views

Friday Squid Blogging: The Far Side Squid Comic

The Far Side is always good for a squid reference. Heres a recent one. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1.1AI score
Exploits0
cnvd
cnvd
added 2021/11/04 12:0 a.m.20 views

WordPress Far Future Expiry Header plugin cross-site request forgery vulnerability

WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers.The WordPress Far Future Expiry Header plugin is vulnerable to cross-site request forgery, which stems from the lack of a vali...

4.3CVSS1.7AI score0.00453EPSS
Exploits2References1
osv
osv
added 2021/11/01 9:15 a.m.3 views

CVE-2021-24799

The Far Future Expiry Header WordPress plugin before 1.5 does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

4.3CVSS5.8AI score0.00453EPSS
Exploits2References1
nvd
nvd
added 2021/11/01 9:15 a.m.26 views

CVE-2021-24799

The Far Future Expiry Header WordPress plugin before 1.5 does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

4.3CVSS0.00453EPSS
Exploits2References1
prion
prion
added 2021/11/01 9:15 a.m.13 views

Cross site request forgery (csrf)

The Far Future Expiry Header WordPress plugin before 1.5 does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

4.3CVSS4.5AI score0.00453EPSS
Exploits2References1Affected Software1
cvelist
cvelist
added 2021/11/01 8:46 a.m.26 views

CVE-2021-24799 Far Future Expiry Header < 1.5 - Plugin's Settings Update via CSRF

The Far Future Expiry Header WordPress plugin before 1.5 does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

4.9AI score0.00453EPSS
Exploits2References1
cve
cve
added 2021/11/01 8:46 a.m.47 views

CVE-2021-24799

The CVE-2021-24799 entry concerns the WordPress plugin Far Future Expiry Header (versions

4.3CVSS4.4AI score0.00453EPSS
Exploits2References1Affected Software1
redhat
redhat
added 2021/10/20 1:49 p.m.6 views

OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Keytool. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

5.3CVSS6.9AI score0.05241EPSS
Exploits0References4
redhat
redhat
added 2021/10/20 1:47 p.m.11 views

OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Keytool. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

5.3CVSS6.9AI score0.05241EPSS
Exploits0References4
redhat
redhat
added 2021/10/20 1:36 p.m.5 views

OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Keytool. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

5.3CVSS6.9AI score0.05241EPSS
Exploits0References4
redhat
redhat
added 2021/10/20 1:12 p.m.3 views

OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Keytool. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

5.3CVSS6.9AI score0.05241EPSS
Exploits0References4
wordfence
wordfence
added 2021/10/12 1:0 p.m.17 views

Wordfence Helps Enable Education in Uganda

I want to share something very exciting and truly wonderful with you all today. Wordfence just completed a project where we partnered with Far Away Friends, a Denver-based non-profit working in partnership with local leaders in Uganda, to bring light and electricity to a school campus in a remote...

6.6AI score
Exploits0
patchstack
patchstack
added 2021/10/04 12:0 a.m.20 views

WordPress Far Future Expiry Header plugin <= 1.4 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by apple502j in WordPress Far Future Expiry Header plugin versions = 1.4. Solution Update the WordPress Far Future Expiry Header plugin to the latest available version...

4.3CVSS2.2AI score0.00453EPSS
Exploits2References3Affected Software1
hackread
hackread
added 2021/09/15 3:24 p.m.23 views

Anonymous steals ‘decade’s worth of data’ from far-right web host Epik

By Waqas Anonymous claims the data contains information about Epik domains, clients, and even backend information of the company’s clients to the public. This is a post from HackRead.com Read the original post: Anonymous steals decade’s worth of data from far-right web host Epik...

0.5AI score
Exploits0
wired
wired
added 2021/08/12 5:24 p.m.25 views

How the Far Right Exploded on Steam and Discord

New research found that several of the major gaming platforms are hosting extremist activity, from racist livestreams to open support for neo-Nazis...

0.5AI score
Exploits0
schneier
schneier
added 2021/05/14 9:6 p.m.40 views

Friday Squid Blogging: Far Side Squid Comic

A classic. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

1AI score
Exploits0
Rows per page
Query Builder