The vulnerability of AMD’s microprogramming software lies in the lack of protection for service data, which allows attackers to access the memory contents of other users’ processes.

The vulnerability of AMD’s microprogrammed software lies in the lack of protection for system data. Exploiting this vulnerability can allow attackers to access the memory contents of other users’ processes...

Siemens Solid Edge Out-of-Bounds Read Vulnerability (CNVD-2023-62033)

Solid Edge is a portfolio of software tools that address a variety of product development processes: 3D design, simulation, manufacturing and design management. Siemens Solid Edge suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to execute code in the context ...

How to Leverage the AWS Cost Optimization Pillar

Explore the Cost Optimization pillar of the AWS Well-Architected Framework and gain best practices for designing processes that make it possible to go to market and optimize costs early on...

CVE-2023-32364

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.5. A sandboxed process may be able to circumvent sandbox restrictions...

PT-2023-24727 · Apache · Apache Inlong

Name of the Vulnerable Software and Affected Versions: Apache InLong versions 1.4.0 through 1.7.0 Description: The issue allows an attacker to use general users to delete and update processes that should only be operable by admins. Recommendations: For versions 1.4.0 through 1.7.0, upgrade to...

Apache InLong 安全漏洞

Apache InLong is the U.S. Apache Apache Foundation's one-stop massive data integration framework. It provides automated, secure, and reliable data transfer capabilities. Apache Software Foundation A security vulnerability exists in Apache InLong versions 1.4.0 through 1.7.0, which stems from a...

The vulnerability of AMD’s microprogramming software for CPUs based on the Zen2 microarchitecture allows a hacker to access the contents of registers during other processes executed on the same CPU core.

The vulnerability of AMD’s microprogrammed software for CPUs based on the Zen2 microarchitecture is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to monitor the contents of registers during other processes executed by the same CPU core...

GHSA-5652-92R9-3FX9 Decidim Cross-site Scripting vulnerability in the processes filter

Impact The processes filter feature is susceptible to Cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of...

CVE-2023-34089 Decidim Cross-site Scripting vulnerability in the processes filter

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The processes filter feature is susceptible to Cross-site scripting. This allows a remote attacker to execute JavaScript code ...

DEBIAN-CVE-2023-1672

A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host...

PT-2023-24662 · Decidim · Decidim

Name of the Vulnerable Software and Affected Versions: Decidim versions prior to 0.26.7 Decidim versions prior to 0.27.3 Description: The processes filter feature in Decidim is susceptible to Cross-site scripting, allowing a remote attacker to execute JavaScript code in the context of a currently...

Hardcoded credentials

SmartBPM.NET has a vulnerability of using hard-coded authentication key. An unauthenticated remote attacker can exploit this vulnerability to access system with regular user privilege to read application data, and execute submission and approval processes...

CVE-2023-37287

SmartBPM.NET has a vulnerability of using hard-coded authentication key. An unauthenticated remote attacker can exploit this vulnerability to access system with regular user privilege to read application data, and execute submission and approval processes...

Fedora 38 : tang (2023-3e84bba241)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-3e84bba241 advisory. Fixes CVE-2023-1672 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not teste...

AI as Sensemaking for Public Comments

Its become fashionable to think of artificial intelligence as an inherently dehumanizing technology, a ruthless force of automation that has unleashed legions of virtual skilled laborers in faceless form. But what if AI turns out to be the one tool able to identify what makes your ideas special,...

SUSE CVE-2023-27706

Bitwarden Windows desktop application versions prior to v2023.4.0 store biometric keys in Windows Credential Manager, accessible to other local unprivileged processes...

CVE-2023-27706

Bitwarden Windows desktop application versions prior to v2023.4.0 store biometric keys in Windows Credential Manager, accessible to other local unprivileged processes...

CVE-2023-27706

Bitwarden Windows desktop application versions prior to v2023.4.0 store biometric keys in Windows Credential Manager, accessible to other local unprivileged processes...

CVE-2023-27706

Bitwarden Windows desktop application versions prior to v2023.4.0 store biometric keys in Windows Credential Manager, accessible to other local unprivileged processes...

A Framework for Enhanced Security: Continuous Threat Exposure Management (CTEM)

If you're a cybersecurity professional, you're likely familiar with the sea of acronyms our industry is obsessed with. From CNAPP, to CWPP, to CIEM and all of the myriad others, there seems to be a new initialism born each day. In this article, we'll look at another trending acronym – CTEM, which...