The vulnerability of the DevTools suite for web development in Microsoft Edge and Google Chrome browsers allows a hacker to execute arbitrary code.

The vulnerability of the DevTools suite for web development in Microsoft Edge and Google Chrome is related to insufficient testing of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created HTML page from a remote location...

Fedora 40 : thunderbird (2024-d1ba38d9a6)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-d1ba38d9a6 advisory. Update to 128.4.0 https://www.thunderbird.net/en-US/thunderbird/128.4.0esr/releasenotes/...

Qualys Web Application Scanning (WAS) Recognized as a Leader in 2024 GigaOm Radar Report for Application Security Testing (AST)

In the ever-evolving cybersecurity landscape, securing web applications and APIs is no longer an option—it’s a necessity. As organizations face increasingly complex threats, ensuring the integrity of these digital assets has become paramount. However, it’s easy to feel overwhelmed by the sheer...

CVE-2024-50110

In the Linux kernel, the following vulnerability has been resolved: xfrm: fix one more kernel-infoleak in algo dumping During fuzz testing, the following issue was discovered: BUG: KMSAN: kernel-infoleak in copytoiter+0x598/0x2a30 copytoiter+0x598/0x2a30 skbdatagramiter+0x168/0x1060...

UBUNTU-CVE-2024-50110

In the Linux kernel, the following vulnerability has been resolved: xfrm: fix one more kernel-infoleak in algo dumping During fuzz testing, the following issue was discovered: BUG: KMSAN: kernel-infoleak in copytoiter+0x598/0x2a30 copytoiter+0x598/0x2a30 skbdatagramiter+0x168/0x1060...

Malicious code in @isfe-common/testing-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b0513243009fb3882d731746421fa3effe8a4a86c8cef4d5d6053c63059a4b0e The OpenSSF Package Analysis project identified '@isfe-common/testing-utils' @ 9.5.9 npm as malicious. It is considered malicious because: - The...

MAL-2024-10380 Malicious code in @isfe-common/testing-constants (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4203c75b7ee03f443c2944645689ffff3aefae76e13ac2f7be00545b63c27664 The OpenSSF Package Analysis project identified '@isfe-common/testing-constants' @ 9.2.9 npm as malicious. It is considered malicious because: -...

What goes into testing a ship?

TL;DR Testing a ship involves identifying and mitigating cybersecurity risks using the "Identify, Prevent, Detect, Respond, Recover" framework. Guidelines include MSC.42898, BIMCO, IACS UR E26/E27, and ISO standards. New builds and existing vessels require proper documentation and network securit...

FreeBSD : chromium -- multiple security fixes (e17384ef-c5e8-4b5d-bb62-c13405e7f1f7)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the e17384ef-c5e8-4b5d-bb62-c13405e7f1f7 advisory. Chrome Releases reports: This update includes 2 security fixes: Tenable has extracted the...

CVE-2024-9191

The CVE concerns Okta Verify on Windows where the Device Access feature exposes the OktaDeviceAccessPipe, enabling a compromised device user to retrieve passwords for Desktop MFA passwordless logins. Affected component: Okta Verify agent for Windows with Okta Device Access passwordless feature en...

CVE-2024-9191

The Okta Device Access features, provided by the Okta Verify agent for Windows, provides access to the OktaDeviceAccessPipe, which enables attackers in a compromised device to retrieve passwords associated with Desktop MFA passwordless logins. The vulnerability was discovered via routine...

Linux Reboot

A very small shellcode for rebooting the system using the reboot syscall. This payload is sometimes helpful for testing purposes. Requires CAPSYSBOOT privileges. Module Options msf use payload/linux/riscv64le/reboot msf payloadreboot show actions ...actions... msf payloadreboot set ACTION msf...

Linux Reboot

A very small shellcode for rebooting the system using the reboot syscall. This payload is sometimes helpful for testing purposes. Requires CAPSYSBOOT privileges. Module Options msf use payload/linux/riscv32le/reboot msf payloadreboot show actions ...actions... msf payloadreboot set ACTION msf...

The vulnerability of the .NET software platform and Microsoft Visual Studio, a development environment for software, stems from insufficient testing of input data. This allows attackers to exploit their privileges.

The vulnerability of the .NET software platform and the Microsoft Visual Studio development environment exists due to insufficient testing of input data. Exploiting this vulnerability can allow attackers to enhance their privileges...

Amazon Linux 2 : qt5-qtimageformats (ALAS-2024-2671)

The version of qt5-qtimageformats installed on the remote host is prior to 5.15.3-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2671 advisory. An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x...

Exploit for Missing Authentication for Critical Function in Cyberpanel

CVE-2024-51567 Exploit Script CVE-2024-51567 is a Python...

Malicious code in se-testing (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9e11b3bd482ee29c7e5305f2a87308450f78a4558928beeb567e2d7f45d3f963 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-10266 Malicious code in se-testing (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9e11b3bd482ee29c7e5305f2a87308450f78a4558928beeb567e2d7f45d3f963 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : pip vulnerability (USN-7084-2)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7084-2 advisory. USN-7084-1 fixed vulnerability in urllib3. This update provides the corresponding update for the urllib3...

Slackware Linux 15.0 / current xorg-server Vulnerability (SSA:2024-304-04)

The version of xorg-server installed on the remote host is prior to 1.20.14 / 21.1.14 / 21.1.4 / 24.1.4. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-304-04 advisory. New xorg-server packages are available for Slackware 15.0 and -current to fix security issues...