Tag: arbitrary code execution
-
Bulletins: Vulnerability Summary for the Week of February 3, 2025
Source URL: https://www.cisa.gov/news-events/bulletins/sb25-041 Source: Bulletins Title: Vulnerability Summary for the Week of February 3, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info .TUBE gTLD–.TUBE Video Curator Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in .TUBE gTLD .TUBE Video Curator allows Reflected XSS. This issue affects…
-
Hacker News: Library Sandboxing for Verona
Source URL: https://github.com/microsoft/verona-sandbox Source: Hacker News Title: Library Sandboxing for Verona Feedly Summary: Comments AI Summary and Description: Yes Summary: The text describes a process-based sandboxing mechanism designed for the Verona programming language, emphasizing security features that aim to maintain safe execution of untrusted libraries. This innovative approach to sandboxing can significantly enhance security in…
-
Hacker News: Google Fixes Android Kernel Zero-Day Exploited in Attacks
Source URL: https://thedefendopsdiaries.com/google-fixes-android-kernel-zero-day-exploited-in-attacks/ Source: Hacker News Title: Google Fixes Android Kernel Zero-Day Exploited in Attacks Feedly Summary: Comments AI Summary and Description: Yes Summary: CVE-2024-53104 has emerged as a significant zero-day vulnerability within the Linux kernel, particularly impacting the USB Video Class driver, and presents severe risks to Android devices. The exploration of this flaw…
-
Cloud Blog: CVE-2023-6080: A Case Study on Third-Party Installer Abuse
Source URL: https://cloud.google.com/blog/topics/threat-intelligence/cve-2023-6080-third-party-installer-abuse/ Source: Cloud Blog Title: CVE-2023-6080: A Case Study on Third-Party Installer Abuse Feedly Summary: Written By: Jacob Paullus, Daniel McNamara, Jake Rawlins, Steven Karschnia Executive Summary Mandiant exploited flaws in the Microsoft Software Installer (MSI) repair action of Lakeside Software’s SysTrack installer to obtain arbitrary code execution. An attacker with low-privilege access…
-
Bulletins: Vulnerability Summary for the Week of January 27, 2025
Source URL: https://www.cisa.gov/news-events/bulletins/sb25-034 Source: Bulletins Title: Vulnerability Summary for the Week of January 27, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 0xPolygonZero–plonky2 Plonky2 is a SNARK implementation based on techniques from PLONK and FRI. Lookup tables, whose length is not divisible by 26 = floor(num_routed_wires / 3) always…
-
Cisco Talos Blog: Whatsup Gold, Observium and Offis vulnerabilities
Source URL: https://blog.talosintelligence.com/whatsup-gold-observium-offis-vulnerabilities/ Source: Cisco Talos Blog Title: Whatsup Gold, Observium and Offis vulnerabilities Feedly Summary: Cisco Talos’ Vulnerability Research team recently disclosed three vulnerabilities in Observium, three vulnerabilities in Offis, and four vulnerabilities in Whatsup Gold. These vulnerabilities exist in Observium, a network observation and monitoring system; Offis DCMTK, a collection of libraries and applications…
-
Bulletins: Vulnerability Summary for the Week of December 16, 2024
Source URL: https://www.cisa.gov/news-events/bulletins/sb24-358 Source: Bulletins Title: Vulnerability Summary for the Week of December 16, 2024 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1000 Projects–Attendance Tracking Management System A vulnerability has been found in 1000 Projects Attendance Tracking Management System 1.0 and classified as critical. Affected by this vulnerability is…
-
Bulletins: Vulnerability Summary for the Week of January 20, 2025
Source URL: https://www.cisa.gov/news-events/bulletins/sb25-026 Source: Bulletins Title: Vulnerability Summary for the Week of January 20, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info aEnrich Technology–a+HRD The a+HRD from aEnrich Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database…
-
Bulletins: Vulnerability Summary for the Week of December 2, 2024
Source URL: https://www.cisa.gov/news-events/bulletins/sb24-344 Source: Bulletins Title: Vulnerability Summary for the Week of December 2, 2024 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description8 Published CVSS Score Source Info SailPoint Technologies–IdentityIQ IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2…
-
The Register: Oracle emits 603 patches, names one it wants you to worry about soon
Source URL: https://www.theregister.com/2025/01/23/oracle_patch_linux/ Source: The Register Title: Oracle emits 603 patches, names one it wants you to worry about soon Feedly Summary: Old flaws that keep causing trouble haunt Big Red Oracle has delivered its regular quarterly collection of patches: 603 in total, 318 for its own products, and another 285 for Linux code it…