Aggregator

CVE-2023-32210 | Mozilla Firefox up to 112 Object Ordering access control (Bug 1776755 / Nessus ID 250188)

Vuldb Updates
4 weeks ago
A vulnerability, which was classified as critical, has been found in Mozilla Firefox up to 112. This vulnerability affects unknown code of the component Object Ordering Handler. The manipulation leads to improper access controls. This vulnerability was named CVE-2023-32210. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2020-6796 | Mozilla Firefox Crash Reporting out-of-bounds write (USN-4278-2 / Nessus ID 250191)

Vuldb Updates
4 weeks ago
A vulnerability was found in Mozilla Firefox. It has been classified as critical. This vulnerability affects unknown code of the component Crash Reporting. The manipulation leads to out-of-bounds write. This vulnerability was named CVE-2020-6796. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2022-50041 | Linux Kernel prior 5.19.4 ice ice_vf_lib.c state issue (Nessus ID 250192 / WID-SEC-2025-1350)

Vuldb Updates
4 weeks ago
A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 1bb8253b1dd44cf004e12c333acc6f25ee286cf3/5.19.3. This vulnerability affects unknown code in the library drivers/net/ethernet/intel/ice/ice_vf_lib.c of the component ice. The manipulation leads to state issue. This vulnerability was named CVE-2022-50041. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2021-46947 | Linux Kernel up to 5.12.2 sfc num_possible_cpus null pointer dereference (ebeac958b690/99ba0ea616aa / Nessus ID 250194)

Vuldb Updates
4 weeks ago
A vulnerability classified as critical was found in Linux Kernel up to 5.12.2. This affects the function num_possible_cpus of the component sfc. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2021-46947. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Security Affairs newsletter Round 537 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs
4 weeks ago
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Man-in-the-Prompt: The invisible attack threatening ChatGPT and other AI systems EncryptHub abuses Brave Support in new […]
Pierluigi Paganini

INC

Dark Feed IO
4 weeks ago

You must login to view this content

cohenido

Beyond good ol’ Run key, Part 150

不安全
4 weeks ago
文章介绍了Windows Server 2022和2025中的servercoreshell.exe程序及其功能。该程序访问多个注册表项以执行初始化任务,并允许通过修改注册表或批处理文件来自定义启动行为。然而,配置不当可能导致程序无限循环启动。此外,该程序与Windows的Shell Launcher功能相关联,用于替换默认shell以实现定制化用户界面。

Java 反序列化:Apache Commons Collections CC2 利用链深度解析

先知技术社区
4 weeks ago
commons-collections 4.0Apache Commons Collections 4.0 是官方针对旧版(commons-collections)的结构性缺陷和 API 设计问题推出的独立进化版本。它常常被作为一个新的包,且与旧版commons-collections的命名空间并不冲突,可以共存在同一个项目中。环境搭建jdk 8u71commons-collections-4.0

Why Signalgate Matters

Security Boulevard
4 weeks ago

I found this in my files. I no doubt intended to publish it months ago and forgot to finish it and press the button. Senior government officials traditionally restrict defense-related conversations to special locations to prevent eavesdropping. The most secret conversations occur in places like the White House Situation Room or protected command centers in […]

The post Why Signalgate Matters appeared first on Security Boulevard.

Rick

Weekly Update 465

Troy Hunt
4 weeks ago

How much tech stuff do I have sitting there in progress, literally just within arm's reach? I kick off this week's video going through it, and it's kinda nuts. Doing runeos and house build doesn't help, but it means there's

Troy Hunt

Managed ad