Aggregator

A vulnerability was found in Tenda AC15 15.03.05.19. It has been declared as critical. This vulnerability affects the function formSetQosBand of the file /goform/SetNetControlList. The manipulation leads to stack-based buffer overflow. This vulnerability was named CVE-2022-40860. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability classified as critical has been found in Tenda AC15 and AC18 15.03.05.19. Affected is the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation leads to stack-based buffer overflow. This vulnerability is traded as CVE-2022-40862. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability classified as critical was found in Tenda AC15 and AC18 15.03.05.19. Affected by this vulnerability is the function setSmartPowerManagement of the file /goform/PowerSaveSet. The manipulation leads to stack-based buffer overflow. This vulnerability is known as CVE-2022-40864. Access to the local network is required for this attack. There is no exploit available. During the analysis of our data team we suspected a duplicate CVE assignment as CVE-2024-30613.

A vulnerability was found in UI Desktop up to 0.55.1.2 on Windows. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2022-35257. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Dovecot up to 1.2.10. It has been classified as problematic. This affects an unknown part. The manipulation leads to improper resource management. This vulnerability is uniquely identified as CVE-2010-0745. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in ProFTPD up to 1.3.2. It has been classified as problematic. Affected is the function pr_data_xfer. The manipulation leads to improper resource management. This vulnerability is traded as CVE-2008-7265. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Samba up to 3.2.6. Affected by this vulnerability is an unknown functionality of the component Filesystem. The manipulation leads to improper input validation. This vulnerability is known as CVE-2009-0022. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in NTP up to 4.2.4p4. Affected by this issue is the function EVP_VerifyFinal. The manipulation leads to improper authentication. This vulnerability is handled as CVE-2009-0021. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel 2.6.28. It has been classified as problematic. Affected is the function vmx_set_msr. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2009-1242. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is an unknown function. The manipulation leads to race condition. This vulnerability is traded as CVE-2009-1961. Local access is required to approach this attack. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Apple CUPS 2008.0. This affects an unknown part. The manipulation leads to link following. This vulnerability is uniquely identified as CVE-2009-0032. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Todd Miller sudo 1.6.9 P17/1.6.9 P18/1.6.9 P19. It has been rated as critical. Affected by this issue is some unknown functionality of the file parse.c of the component Authorization. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2009-0034. An attack has to be approached locally. There is no exploit available.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Samsung MagicINFO 9 Server vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Samsung MagicINFO 9 Server vulnerability, tracked as CVE-2025-4632 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is an improper limitation of a pathname […]

Coca-Cola and its bottling partner CCEP targeted in separate cyber incidents, with the Everest ransomware gang and the Gehenna hacking group claiming data breaches involving sensitive employee and CRM data.

说起安全SDK，算是研发安全团队想要冲击的一块高地，恰好我们团队在前两年也做了一些尝试，但结果不尽如人意。 事后我也分析了一下失败的原因，主要还是在“自然状态下，研发有自己的开发习惯，不信任、不想用其他（安全）人员提供的组件“。最初是作为CBB嵌入公司主流开发框架，同时从漏洞修复方面引导产品线使用，此外我们做了内部的技术分享、视频推广，当一切就绪后，却只有产线试用、没有在生产环境应用。 至此我又做了一些思考，如果要做起来、只能等待东风：公司做整体的技术架构管控或重构，然后趁机深度融入架构师或基础组件团队，要有研发团队托底，安全人员并不一定要写代码、输出设计思路和安全能力测试就行。 更多内容，可以访问： 1、SDL 100问 SDL100问：我与SDL的故事 SAST误报太高，如何解决？ SDL需要哪些人参与？ 软件安全领域有哪些成熟度模型？ 如何在隔离环境中修复大量的Java漏洞？ 如何处理扫描出的三方组件开源协议风险？ SDL 63/100问：SDL如何做成平台化以及价值？ 2、SDL创新实践 首发！“ 研发安全运营 ” 架构研究与实践 DevSecOps实施关键：研发安全团队 DevSecOps实施关键：研发安全流程 DevSecOps实施关键：研发安全规范 从安全视角，看研发安全 数字化转型下的研发安全痛点 一个思考：安全测试驱动产品安全？ 3、SDL最初实践 【SDL最初实践】开篇 【SDL最初实践】安全培训 【SDL最初实践】安全需求 【SDL最初实践】安全设计 【SDL最初实践】安全开发 【SDL最初实践】安全测试 【SDL最初实践】安全审核 【SDL最初实践】安全响应 4、软件供应链安全 软件供应商面临的攻防实战风险 软件供应商实战对抗十大安全举措 软件供应商攻防常规战之SDL 软件供应链投毒事件应急响应 浅谈企业级供应链投毒应急安全能力建设 5、安全运营实践 基于实践的安全事件简述 安全事件运营SOP：钓鱼邮件 安全事件运营SOP：网络攻击 安全事件运营SOP：蜜罐告警 安全事件运营SOP：webshell事件 安全事件运营SOP：接收漏洞事件 应急能力提升：实战应急困境与突破 应急能力提升：挖矿权限维持攻击模拟 应急能力提升：内网横向移动攻击模拟 应急能力提升：实战应急响应经验

A vulnerability classified as problematic was found in TablePress Plugin up to 3.1.2 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-5096. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in TP-Link Tapo App. Affected is an unknown function of the component Notification Handler. The manipulation leads to improper privilege management. This vulnerability is traded as CVE-2025-4975. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Ocuco Innovation SETTINGSVATIGATOR.EXE 2.10.24.51. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to Local Privilege Escalation. The identification of this vulnerability is CVE-2024-40462. Local access is required to approach this attack. There is no exploit available.

A vulnerability was found in Ocuco Innovation STOCKORDERENTRY.EXE 2.10.24.51. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to Local Privilege Escalation. This vulnerability was named CVE-2024-40461. An attack has to be approached locally. There is no exploit available.