Lucene search
+L

71 matches found

CVE
CVE
added 2024/02/29 3:52 p.m.6750 views

CVE-2023-52498

CVE-2023-52498 : Linux kernel sleep deadlock in system-wide PM code in low-memory conditions. root cause: system-wide resume core code could deadlock because async_schedule_dev() sometimes runs the argument synchronously and may contend for a mutex; this could cause ordering issues in resume call...

5.5CVSS6.3AI score0.00238EPSS
Exploits0References7Affected Software1
Schneier on Security
Schneier on Security
added 2023/12/01 12:3 p.m.9 views

AI Decides to Engage in Insider Trading

A stock-trading AI a simulated experiment engaged in insider trading, even though it "knew" it was wrong. The agent is put under pressure in three ways. First, it receives a email from its "manager" that the company is not doing well and needs better performance in the next quarter. Second, the...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/11/13 12:0 a.m.6 views

Missing deadline checks

Lines of code Vulnerability details Consider addings implementation to handle the expiration of the transaction for additional security. To implement a transaction expiration mechanism in the emergencyWithdraw add a timestamp check to ensure that the transaction is executed only within a certain...

6.9AI score
Exploits0
OSV
OSV
added 2023/08/01 3:15 p.m.6 views

CVE-2023-4048

An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. This vulnerability affects Firefox 116, Firefox ESR 102.14, and Firefox ESR 115.1...

7.5CVSS8.8AI score
Exploits0References8
The Hacker News
The Hacker News
added 2023/06/07 11:19 a.m.37 views

Winning the Mind Game: The Role of the Ransomware Negotiator

Get exclusive insights from a real ransomware negotiator who shares authentic stories from network hostage situations and how he managed them. The Ransomware Industry Ransomware is an industry. As such, it has its own business logic: organizations pay money, in crypto-currency, in order to regain...

6.6AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/05 12:0 a.m.368 views

Advance Charity Management 1.0 Insecure Settings

Title: Advance Charity Management-1.0 - TLS cookie without secure flag set-PHPSESSID NEVER EXPIRATION-current session-Hijacking Author: nu11secur1ty Date: 06.04.2023 Vendor: https://www.sourcecodester.com/users/aown-shah Software:...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/04/19 12:0 a.m.10 views

Equity.sol : restructureCapTable is not using correct index in array

Lines of code Vulnerability details Impact When array of addresses are passed to restructure in the emergency situation, contract would revert due to accessing the first index always. Not able to restructure in single call during emergency. Proof of Concept function restructureCapTableaddress...

6.8AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/03/28 12:0 a.m.8 views

Microsoft Edge’s vulnerability, related to synchronization errors when using a shared resource, allows attackers to escalate their privileges.

The vulnerability of Microsoft Edge is related to synchronization errors when using a shared resource “Race Situation”. Exploiting this vulnerability can allow an attacker to gain increased privileges...

6.1CVSS6.1AI score0.00624EPSS
Exploits0References3Affected Software1
Malwarebytes
Malwarebytes
added 2023/02/07 4:0 a.m.22 views

Florida hospital takes entire IT systems offline after 'ransomware attack'

Tallahassee Memorial Healthcare TMH, a major hospital system in northern Florida, has reportedly been experiencing an "IT security issue" since Thursday evening, which impacted some of its IT systems. When TMH learned of the issue, it took its entire IT systems offline as a precaution and contact...

7.3AI score
Exploits0
Code423n4
Code423n4
added 2022/09/19 12:0 a.m.12 views

Ambiguous situation exists for calling triggerDepeg and triggerEndEpoch functions when block.timestamp is set to epochEnd

Lines of code Vulnerability details Impact As shown by the following isDisaster modifier, which is used by the triggerDepeg function below, and the triggerEndEpoch function below, when block.timestamp is set to epochEnd, both of the triggerDepeg and triggerEndEpoch functions are allowed to be...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:18 p.m.6 views

Malicious code in winston-pg-native (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c5ce4395f11e08aabe826bbeccb1004202503971e7d29e5d42730ce51f7f44b3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Rapid7 Blog
Rapid7 Blog
added 2022/06/17 7:0 a.m.14 views

4 Strategies to Help Your Cybersecurity Budget Work Harder

The digital economy is being disrupted by data. An estimated 79 zettabytes of data was created and consumed in 2021— a staggering amount that is reshaping how we do business. But as the volume and value of data increases, so does the motivation for hackers to steal it. As such, cybersecurity is a...

Exploits0
The Hacker News
The Hacker News
added 2022/04/27 12:24 p.m.23 views

Chinese Hackers Targeting Russian Military Personnel with Updated PlugX Malware

A China-linked government-sponsored threat actor observed striking European diplomatic entities in March may have been targeting Russian government officials with an updated version of a remote access trojan called PlugX. Secureworks attributed the attempted intrusions to a threat actor it tracks...

0.5AI score
Exploits0
Talos Blog
Talos Blog
added 2022/03/17 11:0 a.m.20 views

Threat Source newsletter (March 17, 2022) — Channelling productive worry to help Ukraine

By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. Cisco Talos continues to be heads-down working on the current Ukraine situation. This is incredibly difficult for everyone across the globe, especially for those directly affected. But that doesn’t mean those of... Th...

1.5AI score
Exploits0
ICS
ICS
added 2021/12/23 12:0 p.m.70 views

Mitigating Log4Shell and Other Log4j-Related Vulnerabilities

Summary The Cybersecurity and Infrastructure Security Agency CISA, the Federal Bureau of Investigation FBI, National Security Agency NSA, Australian Cyber Security Centre ACSC, Canadian Centre for Cyber Security CCCS, the Computer Emergency Response Team New Zealand CERT NZ, the New Zealand...

10CVSS10AI score0.99999EPSS
Exploits359References88
ThreatPost
ThreatPost
added 2021/08/31 8:35 p.m.80 views

Fortress Home Security Open to Remote Disarmament

A pair of vulnerabilities in the Fortress S03 WiFi Home Security System could allow cyberattackers to remotely disarm the system, leaving homes open to unlawful entry. The Fortress platform is a consumer-grade home security system that allows users to mix and match various sensors, IP cameras and...

7.8AI score
Exploits0References3
Talos Blog
Talos Blog
added 2021/07/09 6:55 a.m.55 views

Talos Takes Ep. #60: Everything you need to know about the Kaseya situation

By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. In this special "XL edition" of Talos Takes, we're bringing you the audio version of our live stream this week... This is...

2.7AI score
Exploits0
ThreatPost
ThreatPost
added 2021/06/17 4:47 p.m.195 views

CVS Health Records for 1.1 Billion Customers Exposed

More than 1 billion records for CVS Health customers were left in the database of a third-party, unnamed vendor – exposed, unprotected, online. Researchers said the data points revealed could be strung together to create an extremely personal snapshot of someones’s medical situation. The glitch i...

7AI score
Exploits0References8
Imperva Blog
Imperva Blog
added 2021/05/04 11:41 a.m.56 views

Why Software Supply Chain Attacks Are Inevitable and What You Must Do to Protect Your Applications

Most organizations have limited visibility over their software supply chain and little control of up to 95% of the software code they utilize. With multiple code sources from multiple software vendors, the number of known and unknown vulnerabilities quickly grows beyond the capabilities of intern...

0.6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2021/04/16 12:0 a.m.57 views

Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-4915-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4915-1 advisory. It was discovered that the overlayfs implementation in the Linux kernel did not properly validate the application of file system capabilities with respec...

8.8CVSS8.1AI score0.43988EPSS
Exploits28References3
Rows per page
Query Builder