Aggregator

A vulnerability described as critical has been identified in Linux Kernel up to 5.4.228/5.10.163/5.15.88/6.1.6. Affected by this vulnerability is the function pci_get_domain_bus_and_slot of the component ixgbe. The manipulation leads to improper update of reference count. This vulnerability is known as CVE-2022-48896. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

做漏洞扫描器的厂商，一般都具备安全基线检查的能力，见过很多DAST扫描工具都能做对应的检测。无非就是模版不同，具体根据不同的行业监管或等保要求而定。 在SDL中，想必绝大多数都会做DAST（主机漏洞扫描、web漏洞扫描、容器镜像漏洞扫描等），但是不一定会做安全基线配置核查。这主要是针对操作系统、数据库、中间件等PAAS层的服务，检查其历史漏洞、安全配置等情况，对于整个产品的安全性来说亦是根基。 此外在实战攻防中，已经遇到很多场景：比如通过打这些服务拿下产品。反之，做好安全基线则可以阻断攻击链，或有效提升攻击成功的难度。 -------------更多内容，请访问------------- 1、SDL 100问 SDL100问：我与SDL的故事 SAST误报太高，如何解决？ SDL需要哪些人参与？ 大家都有哪些SDL运营指标？ 业务系统是否可以带漏洞上线？ 日常的漏洞运营，也应该是SDL团队来做吗？ 关于开发安全BP，对开展SDL有哪些帮助？ SDL 83/100问：上传图片的API，除了常见web漏洞外，是否还会有风险？ 2、SDL创新实践 首发！“ 研发安全运营 ” 架构研究与实践 DevSecOps实施关键：研发安全团队 DevSecOps实施关键：研发安全流程 DevSecOps实施关键：研发安全规范 DevSecOps实施关键：研发安全工具 从安全视角，看研发安全 数字化转型下研发安全痛点 一个思考：安全测试驱动产品安全？ 3、SDL最初实践 【SDL最初实践】开篇 【SDL最初实践】安全培训 【SDL最初实践】安全需求 【SDL最初实践】安全设计 【SDL最初实践】安全开发 【SDL最初实践】安全测试 【SDL最初实践】安全审核 【SDL最初实践】安全响应 4、安全运营实践 基于实践的安全事件简述 安全事件运营SOP：钓鱼邮件 安全事件运营SOP：网络攻击 安全事件运营SOP：蜜罐告警 安全事件运营SOP：webshell事件 安全事件运营SOP：接收漏洞事件 应急能力提升：实战应急困境与突破 应急能力提升：挖矿权限维持攻击模拟

A vulnerability was found in edit-x ecommerce. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file edit_address.php. The manipulation of the argument include_dir leads to file inclusion. This vulnerability is known as CVE-2007-0190. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in JEx-Treme Einfacher Passworschutz. It has been declared as problematic. This issue affects some unknown processing of the file index.php. The manipulation of the argument msg leads to basic cross site scripting. The identification of this vulnerability is CVE-2007-2013. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability has been found in Umberto Caldera EasyMoblog 0.5.1 and classified as critical. Affected is an unknown function of the file add_comment.php of the component Libraries. The manipulation leads to sql injection. This vulnerability is traded as CVE-2007-0759. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability identified as problematic has been detected in Ecardmax.com Hot Editor 4.0. This vulnerability affects unknown code of the file richedit/keyboard.php. The manipulation of the argument first leads to path traversal. This vulnerability was named CVE-2007-1906. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability has been found in easyGB 2.1.1 and classified as problematic. This vulnerability affects unknown code of the file index.php. The manipulation of the argument DatabaseType leads to path traversal. This vulnerability was named CVE-2007-5890. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability identified as critical has been detected in Easy Banner Pro 2.8. Affected is an unknown function of the file info.php. The manipulation leads to file inclusion. This vulnerability is traded as CVE-2007-0178. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability categorized as problematic has been discovered in Linux Kernel up to 6.2.8. Affected by this vulnerability is the function nilfs_ioctl_wrap_copy in the library lib/usercopy.c of the component nilfs2. The manipulation of the argument nilfs_argv leads to uninitialized pointer. This vulnerability is known as CVE-2023-53035. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 5.4.210/5.10.136/5.15.60/5.18.17/5.19.1. This issue affects the function omapdss_find_dss_of_node of the component ARM. The manipulation leads to improper update of reference count. The identification of this vulnerability is CVE-2022-50199. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 5.10.141/5.15.65/5.19.7 and classified as problematic. Affected is the function usb_control_msg_recv of the file drivers/usb/core/urb.c of the component mceusb. The manipulation of the argument bRequestType leads to privilege escalation. This vulnerability is traded as CVE-2022-49937. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability marked as problematic has been reported in MediaWiki up to 1.34.0. This vulnerability affects unknown code of the component CSS Handler. The manipulation leads to escaping of output. This vulnerability was named CVE-2020-10960. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in HDF5 up to 1.14.6 and classified as problematic. This vulnerability affects the function H5MM_realloc of the file src/H5MM.c. The manipulation of the argument mem leads to double free. This vulnerability was named CVE-2025-2925. The attack needs to be approached locally. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.0.11. Affected by this issue is the function afe4404_read_raw/afe4404_write_raw. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2022-49032. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Support Portals Offline as Ransomware Gang Claims It Stole Data
British-based multinational telecom Colt Technology Services said a "cyber incident" is responsible for days-long disruptions to its customer portal and support services. The WarLock ransomware operation took responsibility for the hack, asserting it stole "1 million documents."

Is Your Travel Organization Safeguarding Its Precious Data? With cybersecurity increasingly becomes a topic of concern in every industry, the travel sector isn’t exempted. The pressing question is, “Are your travel data secrets truly protected?” Despite the advancements in data security technology, loopholes exist. This is where concepts like Non-Human Identities (NHIs) and secrets security […]

The post Are Your Travel Data Secrets Truly Protected? appeared first on Entro.

The post Are Your Travel Data Secrets Truly Protected? appeared first on Security Boulevard.

Are Your Machine Identities Secure in the Cloud? More and more organizations are shifting their operations to the cloud. While this move optimizes business processes and enhances productivity, it also presents new challenges. One of the top concerns is the security of Non-Human Identities (NHIs), and managing them effectively is a critical aspect of robust […]

The post How Secure Are Your Machine Identities in the Cloud? appeared first on Entro.

The post How Secure Are Your Machine Identities in the Cloud? appeared first on Security Boulevard.

Can Non-Human Identity and Data Rights Solutions Revolutionize Your Cybersecurity Protocol? Non-Human Identities (NHIs) are proving to be fundamental. When data breaches escalate both in frequency and impact, a renewed focus has shifted towards robust security measures where NHIs and Secrets Security Management take center stage. NHI management has emerged as a crucial, yet underrepresented […]

The post Empowering SOC Teams with Advanced NHIDR Solutions appeared first on Entro.

The post Empowering SOC Teams with Advanced NHIDR Solutions appeared first on Security Boulevard.

A vulnerability was found in Linux Kernel up to 6.12.36/6.15.4/6.16-rc2. It has been rated as problematic. Affected by this issue is some unknown functionality of the component AMD Display. The manipulation leads to state issue. This vulnerability is handled as CVE-2025-38360. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.12.35/6.15.4/6.16-rc2. This affects the function dce_hwseq of the component AMD Display. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2025-38361. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.