Aggregator

A vulnerability was found in LogicalDOC Community and Enterprise and classified as critical. This issue affects some unknown processing of the component Document History. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2024-54446. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in LogicalDOC Community and Enterprise up to 9.0 and classified as critical. This vulnerability affects unknown code of the component Saved Search Handler. The manipulation leads to sql injection. This vulnerability was named CVE-2024-54447. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in LogicalDOC Community and Enterprise up to 9.0. This affects an unknown part of the component Login. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2024-54445. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in LogicalDOC Community and Enterprise up to 9.0. Affected by this issue is some unknown functionality of the component Automation Scripting. The manipulation leads to code injection. This vulnerability is handled as CVE-2024-54448. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in DavidOsipov PostQuantum-Feldman-VSS up to 0.7.6b0. Affected by this vulnerability is the function secure_redundant_execution of the file feldman_vss.py. The manipulation leads to use of a cryptographic primitive with a risky implementation. This vulnerability is known as CVE-2025-29779. It is possible to launch the attack on the physical device. There is no exploit available.

A vulnerability classified as critical has been found in LogicalDOC Community and Enterprise up to 9.0. Affected is an unknown function of the component API. The manipulation leads to relative path traversal. This vulnerability is traded as CVE-2024-54449. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in DavidOsipov PostQuantum-Feldman-VSS up to 0.7.6b0. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to information exposure through discrepancy. The identification of this vulnerability is CVE-2025-29780. Attacking locally is a requirement. There is no exploit available.

Law enforcement discovered admin credentials on the suspect's computer for an online repository hosted on the Dark Web that stored source code for multiple versions of the LockBit builder.

A vulnerability, which was classified as problematic, was found in GPAC 0.7.1. This affects the function GetESD of the file isomedia/track.c. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2019-12481. An attack has to be approached locally. There is no exploit available.

A vulnerability has been found in GPAC 0.7.1 and classified as problematic. This vulnerability affects the function gf_isom_get_original_format_type of the file isomedia/drm_sample.c. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2019-12482. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in GPAC 0.7.1 and classified as critical. This issue affects the function ReadGF_IPMPX_RemoveToolNotificationListener of the file odf/ipmpx_code.c. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2019-12483. Attacking locally is a requirement. There is no exploit available.

A vulnerability was found in WP Font Awesome up to 1.7.8 on WordPress and classified as problematic. Affected by this issue is some unknown functionality of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2023-0271. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in AMD Ryzen 5000 Series Desktop Processor with Radeon Graphics, Ryzen 7000 Series Desktop Processor, Ryzen 4000 Series Mobile Processors with Radeon Graphics, Ryzen 5000 Series Mobile Processors with Radeon Graphics, Ryzen 4000 Series Desktop Processors with Radeon Graphics, Ryzen 6000 Series Processors with Radeon Graphics, Ryzen 7040 Series Mobile Processors with Radeon Graphics, Ryzen 5000 Series Processors with Radeon Graphics, Ryzen 7045 Series Mobile Processors, Ryzen 7020 Series Processors with Radeon Graphics, Ryzen Embedded V2000, Ryzen Embedded V3000, Ryzen 7035 Series Mobile Processors with Radeon Graphics and Ryzen 3000 Series Processors with Radeon Graphics. Affected is an unknown function of the component SPI Protection. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2023-20579. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability was found in Google Android 13. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Device Policy Handler. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2024-0029. The attack needs to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Linux Kernel up to 5.10.34/5.11.18/5.12.1. It has been rated as critical. This issue affects the function ul_callback of the component qrtr. The manipulation leads to use after free. The identification of this vulnerability is CVE-2021-46973. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

The Internet of Things (IoT), also referred to as Cyber-Physical Systems (CPS) has exploded across all types of enterprises, promising greater efficiency, automation, and data-driven insights.  From smart sensors monitoring factory floors to AI-powered cameras securing premises, these devices are transforming how businesses operate. However, this surge in connectivity, coupled with the increasing power of […]

The post The Silent Infiltration:  How Powerful CPS Devices Are Amplifying Cyber Risks for Businesses appeared first on Viakoo, Inc.

The post The Silent Infiltration:  How Powerful CPS Devices Are Amplifying Cyber Risks for Businesses appeared first on Security Boulevard.

Author/Presenter: Chris Morgan

Our thanks to Bsides Exeter, and the Presenters/Authors for publishing their timely Bsides Exeter Conference content. All brought to you via the organizations YouTube channel.

Permalink

The post BSides Exeter 2024 – Blue Track – DFIR – Tracking TTP Changes Of SocGhoulish appeared first on Security Boulevard.

Microsoft says it partially mitigated a week-long Exchange Online outage causing delays or failures when sending or receiving email messages. [...]

Открытие, которое может изменить всю теорию гармонического анализа.

Government cybersecurity and information security frameworks are a constant work in progress. Many different frameworks draw their requirements from the National Institute of Standards and Technology, and one of the most important documents for cybersecurity is NIST Special Publication 800-171: Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. One of the key pillars of […]

The post NIST SP 800-171 Rev 2 vs Rev 3: What’s The Difference? appeared first on Security Boulevard.