113 matches found
kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route
This record is a duplicate of CVE-2023-4206, CVE-2023-4207, and CVE-2023-4208. Do not use this CVE record: CVE-2023-4128...
PT-2023-5618 · F5 · Big-Ip Apm
Name of the Vulnerable Software and Affected Versions: BIG-IP APM clients affected versions not specified Description: The issue is related to BIG-IP Access Policy Manager Clients APM Clients sending data in plain text, which can be exploited by a remote attacker to control the DNS server and...
How to Set Up a Threat Hunting and Threat Intelligence Program
Threat hunting is an essential component of your cybersecurity strategy. Whether you're getting started or in an advanced state, this article will help you ramp up your threat intelligence program. What is Threat Hunting? The cybersecurity industry is shifting from a reactive to a proactive...
Lack of Visibility: The Challenge of Protecting Websites from Third-Party Scripts
Third-party apps such as Google Analytics, Meta Pixel, HotJar, and JQuery have become critical tools for businesses to optimize their website performance and services for a global audience. However, as their importance has grown, so has the threat of cyber incidents involving unmanaged third-part...
CVE-2023-0461
creationtimestamp| type| source ---|---|--- 2023-02-28 18:27:48+00:00| seen| https://t.me/cibsecurity/59107 2023-11-12 18:00:26+00:00| seen| https://t.me/arpsyndicate/124 2024-01-08 10:32:17+00:00| published-proof-of-concept| https://t.me/WARLOCKDARKARMYOFFICIALS/3815 2024-01-08 20:40:06+00:00|...
Oracle Linux 9 : php (ELSA-2023-0965)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-0965 advisory. 8.0.27-1 - rebase to 8.0.27 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus ha...
CLSA-2022-1655822512 Fixed 6 CVEs in kernel
net: qrtr: fix another OOB Read in qrtrendpointpost CVE-2021-3743 - vt: keyboard: avoid signed integer overflow in kascii CVE-2020-13974 - pNFS/flexfiles: fix incorrect size check in decodenfsfh CVE-2021-4157 - esp: Fix possible buffer overflow in ESP transformation CVE-2022-27666 - sock: remove...
New Mobile Network Vulnerabilities Affect All Cellular Generations Since 2G
Researchers have disclosed security vulnerabilities in handover, a fundamental mechanism that undergirds modern cellular networks, which could be exploited by adversaries to launch denial-of-service DoS and man-in-the-middle MitM attacks using low-cost equipment. The "vulnerabilities in the...
Log4Shell Makes Its Appearance in Hacker Chatter: 4 Observations
It's been a long few days as organizations' security teams have worked to map, quantify, and mitigate the immense risk presented by the Log4Shell vulnerability within Log4j. As can be imagined, cybercriminals are working overtime as well, as they seek out ways to exploit this vulnerability. Need...
5 Fundamental But Effective IoT Device Security Controls
As the pandemic continues to fuel the shift to remote work, numerous manufacturers have capitalized on this movement to create a multitude of handy internet of things IoT devices. While these devices may make our home and work lives more convenient, they greatly expand the attack surface for...
SUSE-SU-2021:14640-1 Security update for java-1_7_0-ibm
This update for java-170-ibm fixes the following issues: - Update to Java 7.0 Service Refresh 10 Fix Pack 80 bsc1182186, bsc1181239, CVE-2020-27221, CVE-2020-14803 CVE-2020-27221: Potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8...
CVE-2021-1279
Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service DoS attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory...
Where maritime cyber checklists fail
The coming IMO cyber security regulations are a step in the right direction towards vessel security, but the impracticality of assessing the cyber security of a ship, together with a huge skills shortage, leads classification societies towards checklist based assessments. Having seen some of thes...
How to Increase Your Security Posture with Fewer Resources
With the number of COVID-19 cases increasing, another round of attacks is looming over schools and universities as they move into holiday break and prepare for the spring semester. According to a recent article the Wall Street Journal, there have been “nearly three dozen ransomware attacks agains...
Vulnerabilities fixed in FreeBSD
The developers of FreeBSD have fixed several vulnerabilities fixed in several network modules used by FreeBSD. used. A malicious party on the local network could potentially exploit the vulnerabilities potentially exploit them to cause a denial-of-service cause or execute arbitrary code with the...
Mitigating vulnerabilities in endpoint network stacks
The skyrocketing demand for tools that enable real-time collaboration, remote desktops for accessing company information, and other services that enable remote work underlines the tremendous importance of building and shipping secure products and services. While this is magnified as organizations...
The DoD Isn't Fixing Its Security Problems
It has produced several reports outlining what's wrong and what needs to be fixed. It's not fixing them: GAO looked at three DoD-designed initiatives to see whether the Pentagon is following through on its own goals. In a majority of cases, DoD has not completed the cybersecurity training and...
Pentest Tools Framework - A Database Of Exploits, Scanners And Tools For Penetration Testing
Pentest Tools Framework is a database of exploits, Scanners and tools for penetration testing. Pentest is a powerful framework includes a lot of tools for beginners. You can explore kernel vulnerabilities, network vulnerabilities. NEWS Modules PTF UPDATE PTF OPtions...
Denial Of Service (DoS)
The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. An integer overflow flaw was found in the way the Linux kernel's netfilter connection tracking implementation loaded extensions. An attacker on a local network could potentially send a sequence of specially...
Active Scans Target Vulnerable Cisco Routers for Remote Code-Execution
UPDATE Malicious scanning activity targeting Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN routers is underway, with a swell of opportunistic probes looking for vulnerable devices ramping up since Friday. According to Bad Packets Report’s honeypot data, cyberattackers are targeting a...