Aggregator

A vulnerability described as problematic has been identified in Google Chrome. This vulnerability affects unknown code of the component HTTPS Handler. Such manipulation leads to information disclosure (HEIST). This vulnerability is uniquely identified as CVE-2016-7152. The attack can be launched remotely. No exploit exists. This vulnerability is historically impactful due to its background and the reception it garnered. It is suggested to apply the recommended workaround.

A vulnerability classified as problematic has been found in Microsoft Internet Explorer. This issue affects some unknown processing of the component HTTPS Handler. Performing manipulation results in information disclosure (HEIST). This vulnerability was named CVE-2016-7152. The attack may be initiated remotely. There is no available exploit. This vulnerability is historically significant due to its background and the way it was received. The suggested workaround should be applied.

A vulnerability, which was classified as critical, was found in Ruby. The impacted element is the function Psych::Emitter of the component Tags Array Length Handler. Executing manipulation can lead to heap-based buffer overflow. This vulnerability is tracked as CVE-2016-2338. The attack can be launched remotely. No exploit exists.

A vulnerability was found in Moodle up to 3.5.16/3.8.7/3.9.4/3.10.1. It has been declared as problematic. Affected by this issue is some unknown functionality of the component Verification Handler. The manipulation results in incorrect authorization. This vulnerability is reported as CVE-2021-20282. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability was found in Samba up to 4.13.15. It has been rated as critical. Affected by this issue is some unknown functionality of the component SMB1/NFS. This manipulation causes improper access controls. This vulnerability is registered as CVE-2021-43566. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in Moodle up to 3.5.16/3.8.7/3.9.4/3.10.1. It has been rated as critical. This affects an unknown part of the component Web Service. This manipulation causes incorrect authorization. This vulnerability appears as CVE-2021-20283. The attacker needs to be present on the local network. There is no available exploit. Upgrading the affected component is advised.

A vulnerability categorized as problematic has been discovered in libpng 1.6.37. This vulnerability affects the function png_malloc_warn/png_create_info_struct. The manipulation results in missing release of resource. This vulnerability is identified as CVE-2019-17371. The attack can be executed remotely. There is not any exploit available.

A critical security vulnerability has been discovered in Progress OpenEdge, a platform for developing and deploying business applications. The flaw, identified as CVE-2025-7388, allows for remote code execution (RCE) and affects multiple versions of the software, potentially enabling attackers to execute arbitrary commands with elevated system privileges. The vulnerability resides in the AdminServer component of […]

The post Progress OpenEdge AdminServer Vulnerability Let Attackers Execute Remote Code appeared first on Cyber Security News.

Indian cybersecurity researchers claimed Kazakhstan's state-owned oil company had been hacked by a Russian-speaking operation. It was all just a pentest, though, the company said.

Компания запретила доступ к ИИ компаниям из авторитарных стран

via the comic artistry and dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Cesium’ appeared first on Security Boulevard.

A severe vulnerability in Windows Defender’s update process allows attackers with administrator privileges to disable the security service and manipulate its core files. The technique, which leverages a flaw in how Defender selects its execution folder, can be carried out using tools already available on the Windows operating system. The vulnerability was detailed by Zero […]

The post Windows Defender Vulnerability Allows Service Hijacking and Disablement via Symbolic Link Attack appeared first on Cyber Security News.

As some observers predicted, Democratic commissioners are racking up lower court victories, but the highest court in the country appears skeptical.

The post Supreme Court blocks FTC commissioner Slaughter’s reinstatement appeared first on CyberScoop.

In a supply chain attack, attackers injected malware into NPM packages with over 2.6 billion weekly downloads after compromising a maintainer's account in a phishing attack. [...]

Aikido Security flagged the largest npm attack ever recorded, with 18 packages like chalk, debug, and ansi-styles hacked…

A vulnerability labeled as problematic has been found in ViewVC up to 1.1.27/1.2.0. This impacts an unknown function of the component CVS show_subdir_lastmod. Executing manipulation can lead to basic cross site scripting. This vulnerability is tracked as CVE-2020-5283. The attack can be launched remotely. No exploit exists. The affected component should be upgraded.

A vulnerability classified as critical was found in Moodle 3.5.0/3.5.1/3.5.2/3.5.3. Affected by this issue is some unknown functionality. Executing manipulation can lead to server-side request forgery. The identification of this vulnerability is CVE-2019-6970. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability categorized as critical has been discovered in libming 0.4.8. The affected element is the function writePNG of the file util/dbl2png.c. The manipulation results in out-of-bounds read. This vulnerability is known as CVE-2019-3572. It is possible to launch the attack remotely. No exploit is available.

A vulnerability was found in Helm up to 3.5.1. It has been classified as problematic. Affected by this issue is some unknown functionality. Performing manipulation of the argument Version results in injection. This vulnerability is known as CVE-2021-21303. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.