Yan&Co Security Vulnerabilities

CVE-2022-38675

In gpu driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in...

CVE-2022-42769

In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan...

CVE-2022-42761

In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan...

CVE-2022-42762

In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan...

CVE-2022-42755

In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan...

Command Execution Vulnerability in Black Shield Network Security Audit System of Fujian Strait Information Technology Co. Ltd (CNVD-2023-81307)

Fujian Strait Information Technology Co., Ltd. is one of the earliest companies in China specializing in independent research and development of network security, product sales and security services. A command execution vulnerability exists in the BlackShield Network Security Audit System of...

CVE-2022-44427

In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan...

CVE-2022-44431

In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan...

CVE-2022-42782

In wlan driver, there is a possible missing permission check, This could lead to local information...

CVE-2022-42781

In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan...

CVE-2022-42779

In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan...

CVE-2022-42773

In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan...

CVE-2022-42763

In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan...

CVE-2022-44429

In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan...

CVE-2022-44430

In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan...

CVE-2022-44421

In wlan driver, there is a possible missing permission check. This could lead to local In wlan driver, information...

CVE-2022-44426

In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan...

CVE-2022-42772

In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan...

CVE-2022-42767

In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan...

CVE-2022-42764

In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan...

CVE-2022-42760

In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan...

CVE-2022-42757

In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan...

CVE-2022-39133

In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan...

Who’s Behind the SWAT USA Reshipping Service?

Last week, KrebsOnSecurity broke the news that one of the largest cybercrime services for laundering stolen merchandise was hacked recently, exposing its internal operations, finances and organizational structure. In today's Part II, we'll examine clues about the real-life identity of "Fearlless,"....

CVE-2022-42765

In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan...

openSUSE: Security Advisory for java-1_8_0-openjdk (openSUSE-SU-2016:0270-1)

The remote host is missing an update for...

Russian Hackers Linked to 'Largest Ever Cyber Attack' on Danish Critical Infrastructure

Russian threat actors have been possibly linked to what's been described as the "largest cyber attack against Danish critical infrastructure," in which 22 companies associated with the operation of the country's energy sector were targeted in May 2023. "22 simultaneous, successful cyberattacks...

Alert: OracleIV DDoS Botnet Targets Public Docker Engine APIs to Hijack Containers

Publicly-accessible Docker Engine API instances are being targeted by threat actors as part of a campaign designed to co-opt the machines into a distributed denial-of-service (DDoS) botnet dubbed OracleIV. "Attackers are exploiting this misconfiguration to deliver a malicious Docker container,...

[SECURITY] Fedora 37 Update: libvpx-1.12.0-4.fc37

libvpx provides the VP8/VP9 SDK, which allows you to integrate your applicati ons with the VP8 and VP9 video codecs, high quality, royalty free, open source co decs deployed on millions of computers and devices...

[SECURITY] Fedora 38 Update: mvfst-2023.10.16.00-1.fc38

mvfst (Pronounced move fast) is a client and server implementation of IETF QU IC protocol in C++ by Facebook. QUIC is a UDP based reliable, multiplexed transp ort protocol that will become an internet standard. The goal of mvfst is to build a performant implementation of the QUIC transport...

[SECURITY] Fedora 37 Update: mvfst-2023.10.16.00-1.fc37

mvfst (Pronounced move fast) is a client and server implementation of IETF QU IC protocol in C++ by Facebook. QUIC is a UDP based reliable, multiplexed transp ort protocol that will become an internet standard. The goal of mvfst is to build a performant implementation of the QUIC transport...

openSUSE: Security Advisory for kernel (openSUSE-SU-2018:2118-1)

The remote host is missing an update for...

Weak Password Vulnerability in Marcum Database Auditing System of Shenzhen Marcum Technology Co.

Marcum Database Security Audit System mainly realizes visualized monitoring, analysis and summarization of users' access to database operation behaviors, providing users with electronic evidence for tracing back the root cause of accidents, and at the same time, providing efficient querying of...

Microsoft shares threat intelligence at CYBERWARCON 2023

At the CYBERWARCON 2023 conference, Microsoft and LinkedIn analysts are presenting several sessions detailing analysis across multiple sets of threat actors and related activity. This blog is intended to summarize the content of the research covered in these presentations and demonstrates...

Microsoft shares threat intelligence at CYBERWARCON 2023

At the CYBERWARCON 2023 conference, Microsoft and LinkedIn analysts are presenting several sessions detailing analysis across multiple sets of threat actors and related activity. This blog is intended to summarize the content of the research covered in these presentations and demonstrates...

Chinese Hackers Launch Covert Espionage Attacks on 24 Cambodian Organizations

Cybersecurity researchers have discovered what they say is malicious cyber activity orchestrated by two prominent Chinese nation-state hacking groups targeting 24 Cambodian government organizations. "This activity is believed to be part of a long-term espionage campaign," Palo Alto Networks Unit...

JVN#29195731: EC-CUBE 3 series and 4 series vulnerable to arbitrary code execution

EC-CUBE 3 series and 4 series provided by EC-CUBE CO.,LTD. contain an arbitrary code execution vulnerability (CWE-94) due to improper settings of the product's template engine "Twig". ## Impact Arbitrary code may be executed on the server where the product is running by a user with an...

LiveNVR of Anhui Green Persimmon Information Technology Co.

LiveNVR is a streaming media server software solution. Anhui Green Persimmon Information Technology Co., Ltd LiveNVR has an information leakage vulnerability that can be exploited by attackers to obtain sensitive...

Unauthorized Access Vulnerability in LiveQing of Anhui Green Persimmon Information Technology Co.

LiveQing Aoki video streaming service solution. An unauthorized access vulnerability exists in LiveQing of Anhui Green Persimmon Information Technology Co. Ltd, which can be exploited by attackers to obtain sensitive...

Unauthorized Access Vulnerability in LiveSMS of Anhui Green Persimmon Information Technology Co.

Anhui Green Persimmon Information Technology Co., Ltd. is a company whose business scope includes: computer software and hardware development and sales, technical services, technical consulting, technology transfer; web page design; Internet information services and so on. There is an unauthorized....

Unauthorized Access Vulnerability in LiveNVS of Anhui Green Persimmon Information Technology Co.

LiveNVS is a solution dedicated to centralized management of LiveNVRs.... Anhui Green Persimmon Information Technology Co. LiveNVS has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive...

Starting your journey to become quantum-safe

There’s no doubt we are living through a time of rapid technological change. Advances in ubiquitous computing and ambient intelligence transform nearly every aspect of work and life. As the world moves forward with new advancements and distributed technologies, so too does the need to understand...

Starting your journey to become quantum-safe

There’s no doubt we are living through a time of rapid technological change. Advances in ubiquitous computing and ambient intelligence transform nearly every aspect of work and life. As the world moves forward with new advancements and distributed technologies, so too does the need to understand...

CVE-2023-30563

A malicious file could be uploaded into a System Manager User Import Function resulting in a hijacked...

CVE-2023-30565

An insecure connection between Systems Manager and CQI Reporter application could expose infusion data to an...

CVE-2023-30564

Alaris Systems Manager does not perform input validation during the Device Import...

Logic flaw vulnerability in LiveGBS of Anhui Green Persimmon Information Technology Co., Ltd (CNVD-2023-78383)

LiveGBS is a national standard (GB28181) streaming media service software , can provide to provide user management and Web visualization page management , open source front-end page source code ; to provide device status management , you can real-time view of whether the device is offline and...

Logic flaw vulnerability in LiveGBS of Anhui Green Persimmon Information Technology Co., Ltd (CNVD-2023-78381)

LiveGBS is a national standard (GB28181) streaming media service software , can provide to provide user management and Web visualization page management , open source front-end page source code ; to provide device status management , you can real-time view of whether the device is offline and...

Anhui Green Persimmon Information Technology Co., Ltd. has a logic flaw vulnerability in LiveQing (CNVD-2023-78411)

LiveQing Aoki video streaming service solution. Anhui Green Persimmon Information Technology Co., Ltd LiveQing has a logic flaw vulnerability that can be exploited by attackers to add arbitrary...

[SECURITY] [DLA 3624-1] zookeeper security update

Debian LTS Advisory DLA-3624-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb October 20, 2023 https://wiki.debian.org/LTS Package : zookeeper Version : 3.4.13-2+deb10u1 CVE ID ...