Aggregator

A vulnerability classified as problematic has been found in Cisco Desk Phone 9800, IP Phone 7800, IP Phone 8800 and Video Phone 8875. This affects an unknown part of the component Session Initiation Protocol Handler. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2024-20445. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Idera Uptime Infrastructure Monitor 7.4. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2015-2895. The attack may be initiated remotely. There is no exploit available.

《终端计算机通用安全技术规范》等3项网络安全国家标准获批发布；施耐德电气开发平台遭入侵，40GB敏感数据恐遭泄露 | 牛览 日期：2024年11月

供应链安全案例研究 | 金融行业安全开发场景的供应链安全建设 日期：2024年11月06日 阅：95

A vulnerability was found in Linux Kernel up to 6.1.58/6.5.7 and classified as critical. Affected by this issue is the function pctrl->gpio_bank of the component wpcm450. The manipulation leads to out-of-bounds write. This vulnerability is handled as CVE-2023-52512. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Google Android. Affected is the function plugin_extern_func. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2024-27235. The attack needs to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Linux Kernel up to 5.4.123/5.10.41/5.12.8 and classified as critical. Affected by this issue is some unknown functionality of the component ad7124. The manipulation leads to buffer overflow. This vulnerability is handled as CVE-2021-47172. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.6.17/6.7.5. This issue affects the function stmmac_xmit. The manipulation leads to deserialization. The identification of this vulnerability is CVE-2024-26690. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Canonical Pebble up to 1.10.1. It has been classified as problematic. This affects an unknown part of the component Read-File API. The manipulation leads to permission issues. This vulnerability is uniquely identified as CVE-2024-3250. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

Building positive relationships, sharing knowledge effectively, and making security "cool" are some of the most worthwhile security pursuits.

The post Security Culture: The Best Tool Money Can’t Buy appeared first on Security Boulevard.

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

内有福利，再送40个账号注册码或300论坛币，吾爱破解论坛开放注册时间：2024年11月11日 12：00 -- 14：00 和 20：00 -- 22：00，赶紧上好闹钟顺便告诉小伙伴吧。

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 4.8.13. This affects the function sock_setsockopt of the file net/core/sock.c. The manipulation of the argument sk_sndbuf/sk_rcvbuf leads to memory corruption. This vulnerability is uniquely identified as CVE-2016-9793. An attack has to be approached locally. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A new report by the former SafeBreach researcher Alon Leviev is raising alarms about the risks posed by downgrade attacks on Microsoft Windows. In a blog post, Leviev, who now works for Microsoft, explained that his latest bypass could allow a malicious actor to load unsigned kernel drivers on a fully patched Windows system. Those could then be used to disable security features, deploy and disguise malicious code and processes, and so on. 

The post Downgrade attacks open patched systems to malware appeared first on Security Boulevard.

A Threat Actor Has Allegedly Leaked Data of Saudi Journalists Association

A vulnerability was found in Cisco Unified Communications Manager IM and Presence Service. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2024-20457. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in MonoCMS up to 20240528. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /monofiles/opensaved.php of the component Posts Page. The manipulation of the argument filtcategory/filtstatus leads to cross site scripting. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is known as CVE-2024-10928. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in MonoCMS up to 20240528. It has been classified as problematic. Affected is an unknown function of the file /monofiles/account.php of the component Account Information Page. The manipulation of the argument userid leads to cross site scripting. This vulnerability is traded as CVE-2024-10927. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

“De grootste overwinning van de EOD is de explosie die nooit plaatsvond. Met iedere onschadelijke bom geven jullie ons een wereld die weer een beetje veiliger is.” Het waren de woorden van Commandant der Strijdkrachten generaal Onno Eichelsheim. Hij richtte ze tot de aanwezigen bij het 80-jarig jubileum van de Explosieven Opruimingsdienst Defensie (EOD) in Soesterberg.

A Threat Actor is Allegedly Selling the Data of Erth