Fedora 38 : python-dns (2024-bbd76d7c63)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-bbd76d7c63 advisory. Fix for CVE-2023-29483 rhbz2274685 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

CVE-2024-28957

Generation of predictable identifiers issue exists in Cente middleware TCP/IP Network Series. If this vulnerability is exploited, a remote unauthenticated attacker may interfere communications by predicting some packet header IDs of the device...

PT-2024-22643 · Unknown · Cente Middleware Tcp/Ip Network Series

Name of the Vulnerable Software and Affected Versions: Cente middleware TCP/IP Network Series affected versions not specified Description: A generation of predictable identifiers issue exists in the Cente middleware TCP/IP Network Series. If this issue is exploited, a remote unauthenticated...

SUSE CVE-2023-29483

eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in whic...

DEBIAN-CVE-2023-29483

eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in whic...

XZ Utils SSHd Backdoor

On March 29th, 2024, security researcher Andres Freund discovered a backdoor in XZ Utils versions 5.6.0 and 5.6.1. Under certain conditions, this backdoor may allow remote access to the targeted system. This disclosure was posted to the Openwall mailing list. The security researcher mentions that...

Exploit for Embedded Malicious Code in Tukaani Xz

CVE-2024-3094-info - CVE-2024-3094 PoC Exploration https://gi...

BIT-MEDIAWIKI-2021-31553

An issue was discovered in the CheckUser extension for MediaWiki through 1.35.2. MediaWiki usernames with trailing whitespace could be stored in the culog database table such that denial of service occurred for certain CheckUser extension pages and functionality. For example, the attacker could...

Cyberattack on Democracy: Escalating Cyber Threats Immediately Ahead of Taiwan’s 2024 Presidential Election

Cyberattack on Democracy: Escalating Cyber Threats Immediately Ahead of Taiwan’s 2024 Presidential Election By Anne An · February 13, 2024 Preface Cybersecurity has become an integral part of election security. Nation-state actors and other politically motivated groups are likely to try to...

Samly access control vulnerability

In the Samly package before 1.4.0 for Elixir, Samly.State.Store.getassertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry...

Deepfake Election Interference in Slovakia

Well designed and well timed deepfake or two Slovakian politicians discussing how to rig the election: Šimečka and Denník N immediately denounced the audio as fake. The fact-checking department of news agency AFP said the audio showed signs of being manipulated using AI. But the recording was...

Political Disinformation and AI

Elections around the world are facing an evolving threat from foreign actors, one that involves artificial intelligence. Countries trying to influence each others elections entered a new era in 2016, when the Russians launched a series of social media disinformation campaigns targeting the US...

How Cyberattacks Are Transforming Warfare

There is a new battlefield. It is global and challenging to defend. What began with a high-profile incident back in 2007, when Estonia was hit by hackers targeting its government and commercial sector, has evolved into cyber warfare that is being waged constantly worldwide. Today, cyberattacks ha...

DEBIAN-CVE-2023-3823

In PHP versions 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling...

prev emergency security council still has cancellor role in SecurityCouncilMgmtActivationAction

Lines of code Vulnerability details Description In the GovernanceChainSCMgmtActivationAction.perform function. This function is responsible for activating the new emergency security council and revoking the roles of the previous emergency security council. The bug occurs in the following line of...

CVE-2023-3749

A local user could edit the VideoEdge configuration file and interfere with VideoEdge operation...

CVE-2023-3749

A local user could edit the VideoEdge configuration file and interfere with VideoEdge operation...

CVE-2023-3749 VideoEdge config

A local user could edit the VideoEdge configuration file and interfere with VideoEdge operation...

CVE-2023-3749

Vulnerability summary (CVE-2023-3749): In Sensormatic Electronics/Johnson Controls VideoEdge, versions prior to 6.1.1 allow a local user to edit the VideoEdge configuration file, enabling interference with VideoEdge operation due to a flaw described as accepting extraneous untrusted data with tru...

Sensormatic Electronics VideoEdge

1. EXECUTIVE SUMMARY ​CVSS v3 7.1 ​ATTENTION: Low attack complexity ​Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls Inc. ​Equipment: VideoEdge ​Vulnerability: Acceptance of Extraneous Untrusted Data with Trusted Data 2. RISK EVALUATION ​Successful exploitation of this...