CVE-2023-49102

NZBGet 21.1 allows authenticated remote code execution because the unarchive programs 7za and unrar preserve executable file permissions. An attacker with the Control capability can execute a file by setting the value of SevenZipCommand or UnrarCmd. NOTE: This vulnerability only affects products...

CVE-2023-49102

NZBGet 21.1 allows authenticated remote code execution because the unarchive programs 7za and unrar preserve executable file permissions. An attacker with the Control capability can execute a file by setting the value of SevenZipCommand or UnrarCmd. NOTE: This vulnerability only affects products...

FREE Cybersecurity Education Courses

Navigating the nuanced realm of digital defense doesn't need to feel like a herculean task. This section aims to shed light on the intricacies of digital defense and aid you in leveraging freely available Cybersecurity Learning Programs. Deciphering Digital Defense Digital defense, also referred ...

Experts Expose Farnetwork's Ransomware-as-a-Service Business Model

Cybersecurity researchers have unmasked a prolific threat actor known as farnetwork, who has been linked to five different ransomware-as-a-service RaaS programs over the past four years in various capacities. Singapore-headquartered Group-IB, which attempted to infiltrate a private RaaS program...

[SECURITY] Fedora 39 Update: open-vm-tools-12.3.0-3.fc39

The open-vm-tools project is an open source implementation of VMware Tools. It is a suite of open source virtualization utilities and drivers to improve the functionality, user experience and administration of VMware virtual machines. This package contains only the core user-space programs and...

Low: Red Hat Security Advisory: gdb security update

An update for gdb is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE lin...

Rocky Linux 8 : libXpm (RLSA-2023:0379)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0379 advisory. - A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can le...

[SECURITY] Fedora 39 Update: nghttp2-1.55.1-4.fc39

This package contains the HTTP/2 client, server and proxy programs...

[SECURITY] Fedora 39 Update: llvm-17.0.2-1.fc39

LLVM is a compiler infrastructure designed for compile-time, link-time, runtime, and idle-time optimization of programs from arbitrary programming languages. The compiler infrastructure includes mirror sets of programming tools as well as libraries with equivalent functionality...

Amazon Linux AMI : mysql57 (ALAS-2023-1878)

The version of mysql57 installed on the remote host is prior to 5.7.43-1.20. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1878 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Client programs. Supported versions that are affected are...

[SECURITY] Fedora 37 Update: nghttp2-1.51.0-2.fc37

This package contains the HTTP/2 client, server and proxy programs...

Top insights and best practices from the new Microsoft Data Security Index report

A whopping 74 percent of organizations recently surveyed experienced at least one data security incident with their business data exposed in the previous year. That’s just one of our interesting insights from Microsoft’s new Data Security Index: Trends, insights, and strategies to secure data...

Authentication flaw

Improper Authentication vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules allows a remote unauthenticated attacker to obtain sequence programs from the product or write malicious sequence programs or improper data in the product without authentication by sending...

CVE-2023-4562 Information Disclosure, Information Tampering and Authentication Bypass Vulnerability in MELSEC-F Series main module

Improper Authentication vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules allows a remote unauthenticated attacker to obtain sequence programs from the product or write malicious sequence programs or improper data in the product without authentication by sending...

CVE-2023-4562

CVE-2023-4562 concerns Mitsubishi Electric MELSEC-F Series main modules. The vulnerability is described as an Improper Authentication flaw that may allow a remote, unauthenticated attacker to obtain sequence programs or write malicious data by sending illegitimate messages. Public details consist...

Mitsubishi Electric MELSEC-F Series 授权问题漏洞

Mitsubishi Electric MELSEC-F Series is a basic micro PLC with analog and communication function scalability for industrial control equipment from Mitsubishi Electric Mitsubishi Electric, Japan. An authentication error vulnerability exists in the Mitsubishi Electric MELSEC-F Series, which can be...

CVE-2023-39191

An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation of dynamic pointers within user-supplied eBPF programs prior to executing them. This may allow an attacker with CAPBPF privileges to escalate privileges and...

Nodesub - Command-Line Tool For Finding Subdomains In Bug Bounty Programs

Nodesub is a command-line tool for finding subdomains in bug bounty programs. It supports various subdomain enumeration techniques and provides flexible options for customization. Features Perform subdomain enumeration using CIDR notation Support input list. Perform subdomain enumeration using AS...

North Korea's Lazarus Group Suspected in $31 Million CoinEx Heist

The North Korea-affiliated Lazarus Group has stolen nearly $240 million in cryptocurrency since June 2023, marking a significant escalation of its hacks. According to multiple reports from Certik, Elliptic, and ZachXBT, the infamous hacking group is said to be suspected behind the theft of $31...

Europol lifts the lid on cybercrime tactics

The European Union Agency for Law Enforcement Cooperation Europol, has published a report that examines developments in cyberattacks, discussing new methodologies and threats observed by Europols operational analysts. The report also discusses the criminal organizations behind cyberattacks and th...