Aggregator

CVE-2024-44204 is one of two new Apple iOS security vulnerabilities that showcase an unexpected coming together of privacy snafus and accessibility features.

A vulnerability, which was classified as critical, has been found in Strapi 4.24.4. This issue affects some unknown processing of the file /strapi.io/_next/image of the component GET Request Handler. The manipulation leads to server-side request forgery. The identification of this vulnerability is CVE-2024-37818. The attack can only be done within the local network. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Hughes Network Systems WL3000 Fusion Software. Affected by this issue is some unknown functionality. The manipulation leads to insufficiently protected credentials. This vulnerability is handled as CVE-2024-39278. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in goTenna Pro Series up to 1.6.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Message Handler. The manipulation leads to improper restriction of communication channel to intended endpoints. This vulnerability is known as CVE-2024-47125. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in goTenna Pro Series up to 1.6.1. It has been declared as problematic. This vulnerability affects unknown code of the component Broadcast Key Name Handler. The manipulation leads to insertion of sensitive information into sent data. This vulnerability was named CVE-2024-47128. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in goTenna Pro Series up to 1.6.1. It has been rated as problematic. This issue affects some unknown processing of the component Length Handler. The manipulation leads to observable response discrepancy. The identification of this vulnerability is CVE-2024-47129. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in goTenna Pro Series up to 1.6.1. Affected is an unknown function of the component Local Public Key Handler. The manipulation leads to missing authentication. This vulnerability is traded as CVE-2024-47130. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.10.4. Affected is an unknown function of the component btrfs. The manipulation leads to allocation of resources. This vulnerability is traded as CVE-2024-44963. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A growing number of organizations are taking longer to get back on their feet after an attack, and they're paying high price tags to do so — up to $2M or more.

A vulnerability, which was classified as very critical, has been found in Adobe Flash Player. This issue affects some unknown processing. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2016-4244. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in magzter Sunday Indian Oriya 3.0.1 and classified as critical. Affected by this issue is some unknown functionality of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is handled as CVE-2014-7388. The attack can only be initiated within the local network. There is no exploit available.

The successful disruption of notorious Russian hacker group Star Blizzard's operations arrives one month out from the US presidential election — one of the APT's prime targets.

Het militaire toestel dat vandaag in Libanon Nederlanders heeft opgehaald, is vanavond geland op Vliegbasis Eindhoven. De Airbus A330 kwam iets voor 21.00 uur aan.

Authors/Presenters:Vibhaalakshmi Sivaraman, Pantea Karimi, Vedantha Venkatapathy, Mehrdad Khani, Sadjad Fouladi, Mohammad Alizadeh, Frédo Durand, Vivienne Sze

Our sincere thanks to USENIX, and the Presenters & Authors for publishing their superb 21st USENIX Symposium on Networked Systems Design and Implementation (NSDI '24) content, placing the organizations enduring commitment to Open Access front and center. Originating from the conference’s events situated at the Hyatt Regency Santa Clara; and via the organizations YouTube channel.

Permalink

The post USENIX NSDI ’24 – Gemino: Practical and Robust Neural Compression for Video Conferencing appeared first on Security Boulevard.

“If you cannot count it, you cannot manage it.” – Every CISO and CIO ever Asset deduplication is a crucial challenge in exposure management (and CAASM). In today’s complex IT environments, effective management of vulnerabilities and other findings relies on accurate asset inventories to understand and mitigate potential risks. Assets from different data sources must …

Read More

The post Why is asset deduplication a hard problem? appeared first on Security Boulevard.

​Russian law enforcement detained almost 100 suspects linked to the Cryptex cryptocurrency exchange, the UAPS anonymous payment service, and 33 other online services and platforms used to make illegal payments and sell stolen credentials. [...]

A vulnerability, which was classified as critical, was found in itsourcecode Sports Management System 1.0. Affected is the function delete_category of the file sports_scheduling/player.php. The manipulation of the argument id leads to sql injection. This vulnerability is traded as CVE-2024-46078. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in itsourcecode Online Tours and Travels Management System 1.0. This issue affects some unknown processing of the file travellers.php. The manipulation of the argument val-username/val-email/val-suggestions/val-digits/state_name leads to cross site scripting. The identification of this vulnerability is CVE-2024-46077. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in Esri Portal for ArcGIS up to 10.8.1/10.9.1/11.1/11.2. This vulnerability affects unknown code of the component File Handler. The manipulation leads to file inclusion. This vulnerability was named CVE-2024-38040. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in OpenStack Ironic up to 21.4.3/23.0.2/24.1.2/26.0.x. This affects the function image_source of the component URL Handler. The manipulation leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2024-47211. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.