CVE-2020-11234

When sending a socket event message to a user application, invalid information will be passed if socket is freed by other thread resulting in a Use After Free condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consum...

Brocade ASCG Vulnerability Disclosures

Brocade Security Advisories posted on May 19, 2026 CVE addressed in ASCG 3.4.0a CVE-2024-24785, CVE-2025-61729, CVE-2025-65637 Security updated provided in Brocade ASCG 3.4.0b for container-tools PSIRT Risk: Medium https://support.broadcom.com/external/content/SecurityAdvisories/0/37500...

Iranian and Russian Entities Sanctioned for Election Interference Using AI and Cyber Tactics

The U.S. Treasury Department's Office of Foreign Assets Control OFAC on Tuesday leveled sanctions against two entities in Iran and Russia for their attempts to interfere with the November 2024 presidential election. The federal agency said the entities – a subordinate organization of Iran's Islam...

firefox: thunderbird: Select list elements could be shown over another site

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks...

Romania Cancels Presidential Election Results After Alleged Russian Meddling on TikTok

In a historic decision, Romania's constitutional court has annulled the result of the first round of voting in the presidential election amid allegations of Russian interference. As a result, the second round vote, which was scheduled for December 8, 2024, will no longer take place. Călin...

CVE-2024-52921

In Bitcoin Core before 25.0, a peer can affect the download state of other peers by sending a mutated block...

Russia Is Going All Out on Election Day Interference

Along with other foreign influence operations—including from Iran—Kremlin-backed campaigns to stoke division and fear have gone into overdrive...

Why your vote can’t be “hacked,” with Cait Conley of CISA (Lock and Code S05E23)

This week on the Lock and Code podcast … The US presidential election is upon the American public, and with it come fears of "election interference." But "election interference" is a broad term. It can mean the now-regular and expected foreign disinformation campaigns that are launched to sow...

EulerOS Virtualization 2.12.0 : python-dns (EulerOS-SA-2024-2776)

According to the versions of the python-dns package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by...

CVE-2024-9971 NewType FlowMaster BPM Plus - SQL Injection

The specific query functionality in the FlowMaster BPM Plus from NewType does not properly restrict user input, allowing remote attackers with regular privileges to inject SQL commands to read, modify, or delete database contents...

U.S. Charges Three Iranian Nationals for Election Interference and Cybercrimes

U.S. federal prosecutors on Friday unsealed criminal charges against three Iranian nationals who are allegedly employed with the Islamic Revolutionary Guard Corps IRGC for their targeting of current and former officials to steal sensitive data. The Department of Justice DoJ accused Masoud Jalili,...

What the arrest of Telegram’s CEO means, with Eva Galperin (Lock and Code S05E19)

This week on the Lock and Code podcast… On August 24, at an airport just outside of Paris, a man named Pavel Durov was detained for questioning by French investigators. Just days later, the same man was charged in crimes related to the distribution of child pornography and illicit transactions,...

SUSE-SU-2024:2605-1 Security update for python-dnspython

This update for python-dnspython fixes the following issues: - CVE-2023-29483: Fixed an issue that allowed remote attackers to interfere with DNS name resolution bsc1222693...

Australian Defence Force Private and Husband Charged with Espionage for Russia

Two Russian-born Australian citizens have been arrested and charged in the country for spying on behalf of Russia as part of a "complex" law enforcement operation codenamed BURGAZADA. This includes a 40-year-old woman, an Australian Defence Force ADF Army Private, and her husband, a 62-year-old...

CVE-2024-37352 Cross-site scripting vulnerability in the Absolute Secure Access administrative console prior to 13.06

There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06 that allows attackers with system administrator permissions to interfere with other system administrators’ use of the management UI when the second administrator accesses the...

CVE-2024-37348

There is a cross-site scripting vulnerability in the management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with another system administrator’s use of the management UI when the second administrator later edits the same...

CVE-2024-37344 Cross-site scripting vulnerability in the Absolute Secure Access administrative console prior to 13.06

There is a cross-site scripting vulnerability in the Policy management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with another system administrator’s use of the policy management UI when the administrators are editing the sam...

PT-2024-27496 · Absolute · Absolute Secure Access

Name of the Vulnerable Software and Affected Versions: Absolute Secure Access versions prior to 13.06 Description: The issue is a cross-site scripting vulnerability in the management UI of Absolute Secure Access. This vulnerability allows attackers with system administrator permissions to interfe...

PT-2024-27492 · Absolute · Absolute Secure Access

Name of the Vulnerable Software and Affected Versions: Absolute Secure Access versions prior to 13.06 Description: The issue is a cross-site scripting vulnerability in the management UI of Absolute Secure Access. Attackers with system administrator permissions can interfere with other system...

RUSTSEC-2024-0353 Refs and paths with reserved Windows device names access the devices

Summary On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the production of arbitrary message that...