EUVD-2017-17109

Malware in sbrugna...

Important: kernel6.12

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: PCI/ASPM: Fix link state exit during switch upstream function removal CVE-2024-58093 In the Linux kernel, the following vulnerability has been resolved: net/mlx5: HWS, change error flow on matcher disconnect...

Video series discussing the major threat actor trends from 2023

In this video series, Talos Director of Threat Intelligence and Interdiction Matt Olney and Head of Outreach Nick Biasini share their insights on the most significant cybersecurity threats from the past year. From attacks on network infrastructure to the latest APT activities, as well as an updat...

Microsoft patches 12 critical vulnerabilities, nine of which are in Layer 2 Tunneling Protocol

Microsoft disclosed 104 vulnerabilities in its extensive range of software and services, the most in a single Patch Tuesday since July. What is most notable is that this batch of vulnerabilities includes 12 that are considered "critical," nine of which are remote code execution vulnerabilities in...

How to enable ACL logging for extended ACLs

This article is a guidance on how enable ACL logging for Extended ACLSimple ACL does not have this function...

[SECURITY] [DLA 3389-1] lldpd security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3389-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb April 10, 2023 https://wiki.debian.org/LTS -...

High-Severity Flaws in Juniper Junos OS Affect Enterprise Networking Devices

Multiple high-severity security flaws have been disclosed as affecting Juniper Networks devices, some of which could be exploited to achieve code execution. Chief among them is a remote pre-authenticated PHP archive file deserialization vulnerability CVE-2022-22241, CVSS score: 8.1 in the J-Web...

Hackers Attempt to Exploit New SolarWinds Serv-U Bug in Log4Shell Attacks

Microsoft on Wednesday disclosed details of a new security vulnerability in SolarWinds Serv-U software that it said was being weaponized by threat actors to propagate attacks leveraging the Log4j flaws to compromise targets. Tracked as CVE-2021-35247 CVSS score: 5.3, the issue is an "input...

Buffalo和Arcadyan多款路由器认证绕过RCE等多个漏洞

Tenable has discovered multiple vulnerabilities in routers manufactured by Arcadyan. During the disclosure process for the issues discovered in the Buffalo routers, Tenable discovered that CVE-2021-20090 affected many more devices, as the root cause of the vulnerability exists in the underlying...

Siemens RUGGEDCOM RM1224 缓冲区错误漏洞

SCALANCE SC-600 devices SC622-2C, SC632-2C, SC636-2C, SC642-2C, SC646-2C are used to protect trusted industrial networks from untrusted networks. SCALANCE M-800/S615 industrial routers are used for secure remote access to plants via mobilenetworks such as GPRS or UMTS for secure remote access to...

CVE-2020-25858

The QCMAPWebCLIENT binary in the Qualcomm QCMAP software suite prior to versions released in October 2020 does not validate the return value of a strstr or strchr call in the Tokenizer function. An attacker who invokes the web interface with a crafted URL can crash the process, causing denial of...

CVE-2020-25859

The QCMAPCLI utility in the Qualcomm QCMAP software suite prior to versions released in October 2020 uses a system call without validating the input, while handling a SetGatewayUrl request. A local attacker with shell access can pass shell metacharacters and run arbitrary commands. If QCMAPCLI ca...

Design/Logic Flaw

The QCMAPCLI utility in the Qualcomm QCMAP software suite prior to versions released in October 2020 uses a system call without validating the input, while handling a SetGatewayUrl request. A local attacker with shell access can pass shell metacharacters and run arbitrary commands. If QCMAPCLI ca...

Design/Logic Flaw

The QCMAPWebCLIENT binary in the Qualcomm QCMAP software suite prior to versions released in October 2020 does not validate the return value of a strstr or strchr call in the Tokenizer function. An attacker who invokes the web interface with a crafted URL can crash the process, causing denial of...

CVE-2020-25859

CVE-2020-25859 concerns the QCMAP_CLI utility in Qualcomm QCMAP, where handling SetGatewayUrl() can invoke system() without input validation. This allows a local attacker with shell access to pass shell metacharacters and execute arbitrary commands. If QCMAP_CLI runs with sudo or setuid, privileg...

CVE-2020-25859

The QCMAPCLI utility in the Qualcomm QCMAP software suite prior to versions released in October 2020 uses a system call without validating the input, while handling a SetGatewayUrl request. A local attacker with shell access can pass shell metacharacters and run arbitrary commands. If QCMAPCLI ca...

CVE-2020-25858

The QCMAPWebCLIENT binary in the Qualcomm QCMAP software suite prior to versions released in October 2020 does not validate the return value of a strstr or strchr call in the Tokenizer function. An attacker who invokes the web interface with a crafted URL can crash the process, causing denial of...

CVE-2020-25858

CVE-2020-25858 affects the Qualcomm QCMAP Web UI. The issue lies in the QCMAP_Web_CLIENT binary where the Tokenizer() function does not validate the return values of strstr() or strchr(). This can let an attacker supply a crafted URL via the web interface that crashes the process, resulting in a ...

Critical RCE Flaw Affects F5 BIG-IP Application Security Servers

Cybersecurity researchers today issued a security advisory warning enterprises and governments across the globe to immediately patch a highly-critical remote code execution vulnerability affecting F5's BIG-IP networking devices running application security servers. The vulnerability, assigned...

11 security tips to help stay safe in the COVID-19 era

The COVID-19 pandemic has changed our daily routines, the ways we work, and our reliance on technology. Many of us are now working remotely, students are attending classes virtually, and we’re relying more on social media and social networks to stay connected as we define what our new normal look...