Aggregator

A vulnerability was found in Mime_Viewer up to 2.2.3. It has been classified as problematic. This affects an unknown part in the library lib/Horde/Mime/Viewer/Ooo.php of the component OpenOffice Document Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2022-26874. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple watchOS up to 8.4.2 and classified as critical. This issue affects some unknown processing of the component libarchive. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2021-36976. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Apple macOS and classified as critical. Affected by this vulnerability is an unknown functionality of the component libarchive. The manipulation leads to memory corruption. This vulnerability is known as CVE-2021-36976. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in libmodbus 3.1.6. Affected is the function modbus_mapping_free. The manipulation leads to heap-based buffer overflow. This vulnerability is traded as CVE-2024-36843. The attack needs to be done within the local network. There is no exploit available.

How one unreasonable client got lucky during a cyber incident, despite their unreasonable response to the threat.

RSAC 2025 Conference is taking place at the Moscone Center in San Francisco. Help Net Security is on-site, and this gallery takes you inside the event. The first gallery is here. The featured vendors are: Tines, Thales, Sumo Logic, N-able, Google, ExtraHop, Cy4Data Labs, Swissbit, and Akamai.

The post Photos: RSAC 2025, part 2 appeared first on Help Net Security.

Submit #561890 / VDB-306810

Submit #561880 / VDB-306809

Submit #561888 / VDB-303269

Microsoft's David Weston describes the new feature as the most significant architectural Windows security change in a generation.

Submit #561886 / VDB-303165

Submit #561876 / VDB-306808

Submit #561872 / VDB-306341

Submit #561838 / VDB-306807

Submit #561849 / VDB-306806

Submit #561816 / VDB-306805

A vulnerability, which was classified as critical, has been found in Telestream Tektronix Medius and Sentry up to 10.7.4. This issue affects some unknown processing of the file index.php of the component Server Login Page. The manipulation of the argument page as part of Parameter leads to sql injection. The identification of this vulnerability is CVE-2020-8887. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.