Yan&Co Security Vulnerabilities

CEO of Data Privacy Company Onerep.com Founded Dozens of People-Search Firms

The data privacy company Onerep.com bills itself as a Virginia-based service for helping people remove their personal information from almost 200 people-search websites. However, an investigation into the history of onerep.com finds this company is operating out of Belarus and Cyprus, and that its....

JVN#54451757: Multiple vulnerabilities in SKYSEA Client View

SKYSEA Client View provided by Sky Co.,LTD. is an Enterprise IT Asset Management Tool. SKYSEA Client View contains multiple vulnerabilities listed below. Improper access control in the specific folder (CWE-284) - CVE-2024-21805 Version| Vector| Score ---|---|--- CVSS v3|...

CVE-2016-8769

Huawei UTPS earlier than UTPS-V200R003B015D16SPC00C983 has an unquoted service path vulnerability which can lead to the truncation of UTPS service query paths. An attacker may put an executable file in the search path of the affected service and obtain elevated privileges after the executable file....

Wyze cameras show the wrong feeds to customers. Again.

Last September, we wrote an article about how Wyze home cameras temporarily showed other people’s security feeds. As far as home cameras go, we said this is absolutely up there at the top of the “things you don’t want to happen” list. Turning your customers into Peeping Tom against their will and.....

Command Execution Vulnerability in Green Alliance WAF of Beijing Shenzhou Green Alliance Technology Co. Ltd (CNVD-2024-07088)

Beijing Shenzhou Green Alliance Technology Co., Ltd. is an enterprise mainly engaged in science and technology promotion and application services. Ltd. Green Alliance WAF has a command execution vulnerability that can be exploited by attackers to execute arbitrary...

How Public AI Can Strengthen Democracy

With the world's focus turning to misinformation, manipulation, and outright propaganda ahead of the 2024 U.S. presidential election, we know that democracy has an AI problem. But we're learning that AI has a democracy problem, too. Both challenges must be addressed for the sake of democratic...

Code injection

An issue in Q co ltd mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access...

SQL Injection Vulnerability in Data Leakage Protection (DLP) System of Beijing Yisetong Technology Development Co., Ltd (CNVD-2024-05880)

Data Leakage Protection (DLP) system is aimed at serving enterprises and institutions for data asset grooming and data security protection. Data Leakage Protection (DLP) system of Beijing Yisetong Technology Development Co., Ltd. has a SQL injection vulnerability, which can be exploited by...

Massive utility scam campaign spreads via online ads

For many households, energy costs represent a significant part of their overall budget. And when customers want to discuss their bills or look for ways to save money, scammers are just a phone call away. Enter the utility scam, where crooks pretend to be your utility company so they can threaten...

CVE-2023-7014

The Author Box, Guest Author and Co-Authors for Your Posts – Molongui plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.7.4 via the 'ma_debu' parameter. This makes it possible for unauthenticated attackers to extract sensitive data...

Malicious input can provoke XSS when preserving comments

Impact There is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the preserveComments directive must be enabled in your policy file. As a result, certain crafty inputs can result in elements in....

Author Box, Guest Author and Co-Authors for Your Posts – Molongui < 4.7.5 - Information Exposure via ma_debug

Description The plugin is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.7.4 via the 'ma_debu' parameter. This makes it possible for unauthenticated attackers to extract sensitive data including post author emails and names if...

JVN#35928117: Protection mechanism failure in RevoWorks

RevoWorks SCVX and RevoWorks Browser provided by J's Communication Co., Ltd. enable users to execute web browsers in the sandboxed environment isolated from the client's local environment. In the products, file exchange between the sandboxed environment and local environment is prohibited in...

A Cyber Insurance Backstop

In the first week of January, the pharmaceutical giant Merck quietly settled its years-long lawsuit over whether or not its property and casualty insurers would cover a $700 million claim filed after the devastating NotPetya cyberattack in 2017. The malware ultimately infected more than 40,000 of.....

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2019-2264)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for openssl1.1.0f (EulerOS-SA-2019-2254)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2020-1274)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for openssl110h (EulerOS-SA-2019-2218)

The remote host is missing an update for the Huawei...

File Upload Vulnerability in Yonghong BI of Beijing Yonghong Business Intelligence Technology Co.

Beijing Yonghong Business Intelligence Technology Co., Ltd. is committed to providing global enterprises with big data technology products and services, relying on independent intellectual property rights of the one-stop big data platform to form a perfect product and service system, with...

CVE-2023-30559

The firmware update package for the wireless card is not properly signed and can be...

Stable Channel Update for ChromeOS / ChromeOS Flex

The Stable channel is being updated to OS version: 15699.58.0 Browser version: 121.0.6167.159 for most ChromeOS devices. If you find new issues, please let us know one of the following ways File a bug Visit our ChromeOS communities General: Chromebook Help Community Beta Specific: ChromeOS Beta...

Command Injection Vulnerability in DIR-822+ V1.0.2 of AUO Electronic Equipment (Shanghai) Co.

DIR-822 is a wireless router from D-Link, a Chinese company. A command injection vulnerability exists in the AUO Electronic Devices (Shanghai) Co. DIR-822+ version V1.0.2, which stems from the SetStaticRouteSettings function failing to correctly filter constructor command special characters,...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2019-2216)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for compat-openssl10 (EulerOS-SA-2019-2098)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for openssl110f (EulerOS-SA-2019-2430)

The remote host is missing an update for the Huawei...

CVE-2023-0839

Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ProMIS Process Co. InSCADA allows Account Footprinting.This issue affects inSCADA: before...

CVE-2023-0839

Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ProMIS Process Co. InSCADA allows Account Footprinting.This issue affects inSCADA: before...

Huawei EulerOS: Security Advisory for compat-openssl10 (EulerOS-SA-2020-1061)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2020-1221)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2019-2464)

The remote host is missing an update for the Huawei...

openSUSE Security Update : the Linux Kernel (openSUSE-2020-801)

The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2020-1063)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2019-2097)

The remote host is missing an update for the Huawei...

SUSE SLED15 / SLES15 Security Update : ucode-intel (SUSE-SU-2020:3373-1)

This update for ucode-intel fixes the following issues : Updated Intel CPU Microcode to 20201110 official release. CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) (bsc#1170446) CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594) CVE-2020-8696:...

SUSE SLES12 Security Update : ucode-intel (SUSE-SU-2020:3457-1)

This update for ucode-intel fixes the following issues : Updated Intel CPU Microcode to 20201110 official release. CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) INTEL-SA-00389 (bsc#1170446) CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594) ...

SUSE SLED15 / SLES15 Security Update : ucode-intel (SUSE-SU-2020:3372-1)

This update for ucode-intel fixes the following issues : Updated Intel CPU Microcode to 20201110 official release. CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) (bsc#1170446) CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594) CVE-2020-8696:...

SUSE SLES12 Security Update : ucode-intel (SUSE-SU-2020:3514-1)

This update for ucode-intel fixes the following issues : Updated Intel CPU Microcode to 20201118 official release. (bsc#1178971) Removed TGL/06-8c-01/80 due to functional issues with some OEM platforms. CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) INTEL-SA-00389...

Huawei EulerOS: Security Advisory for nettle (EulerOS-SA-2016-1061)

The remote host is missing an update for the Huawei...

Debian: Security Advisory (DLA-1932-1)

The remote host is missing an update for the...

CVE-2023-40653

In FW-PackageManager, there is a possible missing permission check. This could lead to local escalation of privilege with System execution privileges...

Command Execution Vulnerability in Electronic Document Security Management System of Beijing Yisaitong Technology Development Co., Ltd (CNVD-2024-0601836)

Beijing Yisaitong Science and Technology Development Limited Liability Company is a company whose business scope includes general items: technical services, technology development, technology consulting, technology exchanges, technology transfer and so on. There is a command execution...

Ex-Google Engineer Arrested for Stealing AI Technology Secrets for China

The U.S. Department of Justice (DoJ) announced the indictment of a 38-year-old Chinese national and a California resident for allegedly stealing proprietary information from Google while covertly working for two China-based tech companies. Linwei Ding (aka Leon Ding), a former Google engineer who.....

SUSE: Security Advisory (SUSE-SU-2021:1929-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2020:3373-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2021:1932-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2020:3457-1)

The remote host is missing an update for...

talent500.co Cross Site Scripting vulnerability OBB-3757667

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

SUSE: Security Advisory (SUSE-SU-2021:1933-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2020:14546-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2020:3372-1)

The remote host is missing an update for...