Out With the Old, In With the New: Securely Disposing of Smart Devices

So, what did you get for Christmas this year? Hopefully you received some cool smart technology, or maybe you just upgraded your smart camera or voice assistant to a newer model or version. If you upgraded to a new model or version, what is your plan for the old device? Is it still working or is ...

CVE-2024-49765 Bypass of Discourse Connect using other login paths if enabled in Discourse

Discourse is an open source platform for community discussion. Sites that are using discourse connect but still have local logins enabled could allow attackers to bypass discourse connect to create accounts and login. This problem is patched in the latest version of Discourse. Users unable to...

Firmware Security: Identifying Risks to Implement Best Cybersecurity Practices

Find out the key security risks of firmware security: Identify threats, and learn best practices and protection methods…...

AZL-54327 CVE-2024-45337 affecting package cf-cli for versions less than 8.7.3-4

Applications and libraries which misuse connection.serverAuthenticate via callback field ServerConfig.PublicKeyCallback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is...

Description of the security update for Access 2016: December 10, 2024 (KB5002641)

Description of the security update for Access 2016: December 10, 2024 KB5002641 Summary This security update resolves a Microsoft Access remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2024-49142. Note: To apply th...

Description of the security update for Office 2016: December 10, 2024 (KB5002661)

Description of the security update for Office 2016: December 10, 2024 KB5002661 Summary This security update resolves a Microsoft Office remote code execution vulnerability and Microsoft Office elevation of privilege vulnerability. To learn more about the vulnerabilities, see the following securi...

Description of the security update for Excel 2016: December 10, 2024 (KB5002660)

Description of the security update for Excel 2016: December 10, 2024 KB5002660 Summary This security update resolves a Microsoft Excel remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2024-49069. Note: To apply this...

Description of the security update for Office 2016: December 10, 2024 (KB4475587)

Description of the security update for Office 2016: December 10, 2024 KB4475587 Summary This security update resolves a Microsoft Office elevation of privilege vulnerability. To learn more about the vulnerability, see the following security advisories: Microsoft Common Vulnerabilities and Exposur...

Description of the security update for Office 2016: December 10, 2024 (KB2920716)

Description of the security update for Office 2016: December 10, 2024 KB2920716 Summary This security update resolves a Microsoft Office elevation of privilege vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2024-43600. Note: To apply...

CVE-2024-38829 Spring LDAP sensitive data exposure for case-sensitive comparisons

A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase and...

CVE-2024-38829

A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase and...

CVE-2024-42456

A vulnerability in Veeam Backup & Replication platform allows a low-privileged user with a specific role to exploit a method that updates critical configuration settings, such as modifying the trusted client certificate used for authentication on a specific port. This can result in unauthorized...

CVE-2024-42456

A vulnerability in Veeam Backup & Replication platform allows a low-privileged user with a specific role to exploit a method that updates critical configuration settings, such as modifying the trusted client certificate used for authentication on a specific port. This can result in unauthorized...

CVE-2024-42456

CVE-2024-42456 affects Veeam Backup & Replication . A low-privileged user with a specific role can exploit a method with insufficient permission checks to modify critical configuration settings (e.g., trusted client certificate on a port), potentially allowing calls to privileged methods and init...

CVE-2024-42456

A vulnerability in Veeam Backup & Replication platform allows a low-privileged user with a specific role to exploit a method that updates critical configuration settings, such as modifying the trusted client certificate used for authentication on a specific port. This can result in unauthorized...

CVE-2024-38827

The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially result in authorization rules not working properly...

CVE-2024-38827

The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially result in authorization rules not working properly...

The vulnerabilities of the String.toLowerCase() and String.toUpperCase() methods in the Java framework allow for security breaches in industrial applications, as they are exploited by attackers to bypass authentication processes.

The vulnerability of the String.toLowerCase and String.toUpperCase methods in the Java framework, which is used for securing industrial applications with Spring Security, is related to improper authentication. Exploiting this vulnerability can allow an attacker to bypass the authentication proces...

CVE-2024-7915

The application Sensei Mac Cleaner contains a local privilege escalation vulnerability, allowing an attacker to perform multiple operations as the root user. These operations include arbitrary file deletion and writing, loading and unloading daemons, manipulating file permissions, and loading...

hsqldb: Untrusted input may lead to RCE attack

A flaw was found in the HSQLDB package. This flaw allows untrusted inputs to execute remote code due to any static method of any Java class in the classpath, resulting in code execution by default...