Aggregator

CVE-2021-47190 | Linux Kernel up to 5.4.161/5.10.81/5.15.4 bpf perf_env__insert_btf memory leak (Nessus ID 239742)

Vuldb Updates
1 month 3 weeks ago
A vulnerability was found in Linux Kernel up to 5.4.161/5.10.81/5.15.4. It has been rated as critical. Affected by this issue is the function perf_env__insert_btf of the component bpf. The manipulation leads to memory leak. This vulnerability is handled as CVE-2021-47190. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2021-47508 | Linux Kernel up to 5.15.7 Direct IO Write brtfs_qgroup_reserve_data allocation of resources (ca06c5cb1b6d/da5e817d9d75 / Nessus ID 239742)

Vuldb Updates
1 month 3 weeks ago
A vulnerability was found in Linux Kernel up to 5.15.7. It has been classified as problematic. Affected is the function brtfs_qgroup_reserve_data of the component Direct IO Write Handler. The manipulation leads to allocation of resources. This vulnerability is traded as CVE-2021-47508. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2021-47499 | Linux Kernel up to 5.15.7 accel iio_triggered_buffer_setup memory leak (Nessus ID 239742)

Vuldb Updates
1 month 3 weeks ago
A vulnerability was found in Linux Kernel up to 5.15.7. It has been rated as critical. This issue affects the function iio_triggered_buffer_setup of the component accel. The manipulation leads to memory leak. The identification of this vulnerability is CVE-2021-47499. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2022-3111 | Linux Kernel up to 5.16-rc6 wm8350_power.c free_charger_irq null pointer dereference (Nessus ID 239742)

Vuldb Updates
1 month 3 weeks ago
A vulnerability was found in Linux Kernel up to 5.16-rc6. It has been rated as problematic. This issue affects the function free_charger_irq of the file drivers/power/supply/wm8350_power.c. The manipulation leads to null pointer dereference. The identification of this vulnerability is CVE-2022-3111. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2021-47572 | Linux Kernel up to 5.4.162/5.10.82/5.15.5 nexthop nh_create_ipv6 null pointer dereference (Nessus ID 239742)

Vuldb Updates
1 month 3 weeks ago
A vulnerability was found in Linux Kernel up to 5.4.162/5.10.82/5.15.5. It has been declared as critical. Affected by this vulnerability is the function nh_create_ipv6 of the component nexthop. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2021-47572. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2021-47547 | Linux Kernel up to 5.15.6 tulip out-of-bounds (Nessus ID 239742)

Vuldb Updates
1 month 3 weeks ago
A vulnerability was found in Linux Kernel up to 5.15.6 and classified as problematic. This issue affects some unknown processing of the component tulip. The manipulation leads to out-of-bounds read. The identification of this vulnerability is CVE-2021-47547. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2022-48688 | Linux Kernel up to 4.19.257/5.4.212/5.10.142/5.15.67/5.19.8 i40e_client_subtask null pointer dereference (Nessus ID 239742)

Vuldb Updates
1 month 3 weeks ago
A vulnerability classified as critical was found in Linux Kernel up to 4.19.257/5.4.212/5.10.142/5.15.67/5.19.8. This vulnerability affects the function i40e_client_subtask. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2022-48688. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-5121 | GitLab Community Edition/Enterprise Edition up to 17.11.3/18.0.1 authorization (Issue 545429 / Nessus ID 240212)

Vuldb Updates
1 month 3 weeks ago
A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 17.11.3/18.0.1. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to missing authorization. The identification of this vulnerability is CVE-2025-5121. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-2443 | GitLab Enterprise Edition up to 17.9.6/17.10.4/17.11.0 Content Security Policy cross site scripting (Issue 525363 / Nessus ID 240213)

Vuldb Updates
1 month 3 weeks ago
A vulnerability has been found in GitLab Enterprise Edition up to 17.9.6/17.10.4/17.11.0 and classified as problematic. This vulnerability affects unknown code of the component Content Security Policy Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-2443. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

peeko: Browser-based XSS C2 for stealthy internal network exploration via infected browser

Penetration Testing Tools - Metepreter.org
1 month 3 weeks ago

peeko is a browser-based XSS-powered C2 (Command and Control) tool that leverages the victim’s browser as a stealthy proxy inside internal networks. Through an injected XSS payload, peeko establishes a WebSocket connection to a central...

The post peeko: Browser-based XSS C2 for stealthy internal network exploration via infected browser appeared first on Penetration Testing Tools.

ddos

Lynx

Dark Feed IO
1 month 3 weeks ago

You must login to view this content

cohenido

Court Ditches HIPAA Reproductive Health Info Privacy Rule

DataBreachToday.com
1 month 3 weeks ago
Ruling: HHS Has No Authority to Distinguish Different Types of PHI for Restrictions
A Texas federal court has vacated 2024 changes to the HIPAA Privacy Rule made by the Biden administration to shield reproductive healthcare information from law enforcement. The court's ruling could potentially make it easier for state investigators to obtain information about abortions and gender treatments.

Aflac: 'Cybercrime Campaign' Is Targeting Insurance Industry

DataBreachToday.com
1 month 3 weeks ago
Experts Suspect Scattered Spider Is Behind Rash of Recent Insurer Breaches
Aflac is the latest insurance company dealing with a cyberattack. The company is investigating a cyber incident that did not involve ransomware encryption of its IT systems, but did potentially compromise data. Experts suspect Scattered Spider is behind the recent rash of insurance incidents.

AdaCore Merges With CodeSecure for Unified Developer Tools

DataBreachToday.com
1 month 3 weeks ago
Merger Strengthens AdaCore’s Reach in C and C++ Static Testing for Embedded Systems
The merger between New York-based AdaCore and Washington D.C.-area CodeSecure fills a strategic gap in static analysis for C and C++ programming, giving embedded software developers a more complete suite of security and safety verification tools in high-stakes industries.

ISMG Editors: Anubis Ransomware's Puzzling New Tactic

DataBreachToday.com
1 month 3 weeks ago
Also: CISA's Leadership Crisis; Why AI's Confident Errors Demand Urgent Oversight
In this week's update, four editors with ISMG discussed Anubis ransomware's puzzling shift to data wiping malware, the leadership vacuum and budget uncertainty at CISA and growing concerns about how artificial intelligence tools are making confident mistakes that demand human oversight.

Managed ad