Aggregator

A vulnerability was found in Linux Kernel up to 5.4.257/5.10.197/5.15.134/6.1.56/6.5.6. It has been classified as critical. This affects the function siw_cm_work_handler of the component RDMA. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2023-52513. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.5.7 and classified as problematic. Affected by this vulnerability is the function of_clk_add_provider of the component ca8210. The manipulation leads to use after free. This vulnerability is known as CVE-2023-52510. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

Microsoft has lifted a compatibility block preventing Windows 11 24H2 upgrades after fixing a bug causing USB connection issues to some scanners. [...]

Chinese EagleMsgSpy Spyware Found Exploiting Mobile Devices Since 2017

Top 10 Web Design Security Best Practices to Follow in 2025

White House cyber office needs a clearer identity, says report aimed at Trump, Congress

deviceTRUST, Strong Network Acquisitions Improve Zero Trust, Developer Protections
Citrix enhances its security for hybrid work by acquiring deviceTRUST and Strong Network. Purchasing these European startups boosts protection for VDI, DaaS and cloud development, empowering organizations to enforce zero trust principles and reduce risks across their hybrid environments.

Report: Financial Orgs Shift to Multi-Cloud to Address Cyberthreats and Regulation
Financial institutions are increasingly adopting multi-cloud strategies to mitigate rising cyber risks and comply with complex regulations, according to a new report. Although the move enhances flexibility and disaster recovery, challenges remain, from implementation costs to a growing skills gap.

Druva CTO Stephen Manley on AI's Role in Modern Data Security
Historically, IT and security teams have operated in silos, creating gaps in knowledge and response. Gen AI bridges this gap through natural language interfaces, enabling better communication and understanding between departments, said Druva CTO Stephen Manley.

Publicly Traded Firm Discloses 'Material' Incident to US Federal Regulators
Fried dough lovers beware: doughnut juggernaut Krispy Kreme told U.S. federal regulators Wednesday it will have ongoing operational difficulties due to a cybersecurity incident. Shops are open and consumers can place orders in person. Online ordering in some parts of the United States is down.

Researchers Uncover Espionage Tactics of China-Based APT Groups in Southeast Asia

A vulnerability was found in Oracle Communications Evolved Communications Application Server 7.1. It has been rated as very critical. This issue affects some unknown processing of the component SDP/SCF/URD. The manipulation leads to improper input validation. The identification of this vulnerability is CVE-2019-16943. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in FasterXML jackson-databind up to 2.9.10. This vulnerability affects unknown code of the component JSON Endpoint. The manipulation leads to improper input validation. This vulnerability was named CVE-2019-16943. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as very critical was found in Oracle JD Edwards EnterpriseOne Orchestrator 9.2. Affected by this vulnerability is an unknown functionality of the component E1 IOT Orchestrator Security. The manipulation leads to improper input validation. This vulnerability is known as CVE-2019-16943. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as very critical, was found in Oracle JD Edwards EnterpriseOne Tools 9.2. This affects an unknown part of the component Monitoring/Diagnostics SEC. The manipulation leads to improper input validation. This vulnerability is uniquely identified as CVE-2019-16943. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as very critical, was found in Oracle Communications Calendar Server 8.0.0.2.0/8.0.0.3.0. Affected is an unknown function of the component Administration. The manipulation leads to improper input validation. This vulnerability is traded as CVE-2019-16943. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as very critical, has been found in Oracle Hospitality Guest Access 4.2.0/4.2.1. Affected by this issue is some unknown functionality of the component Base. The manipulation leads to improper input validation. This vulnerability is handled as CVE-2020-1938. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as very critical, was found in Oracle MySQL Enterprise Monitor up to 4.0.12/8.0.20. Affected is an unknown function of the component General. The manipulation leads to improper input validation. This vulnerability is traded as CVE-2020-1938. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as very critical, was found in Oracle Siebel UI Framework up to 20.5. This affects an unknown part of the component EAI/SWSE. The manipulation leads to improper input validation. This vulnerability is uniquely identified as CVE-2020-1938. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle Agile PLM 9.3.3/9.3.5/9.3.6. It has been rated as very critical. Affected by this issue is some unknown functionality of the component Folders/Files / Attachments. The manipulation leads to improper input validation. This vulnerability is handled as CVE-2020-1938. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.