information disclosure – Page 3 – Experimental News Clipping Site

Alerts: Supply Chain Compromise of Third-Party GitHub Action, CVE-2025-30066

Mar 18, 2025

—

by

Source URL: https://www.cisa.gov/news-events/alerts/2025/03/18/supply-chain-compromise-third-party-github-action-cve-2025-30066 Source: Alerts Title: Supply Chain Compromise of Third-Party GitHub Action, CVE-2025-30066 Feedly Summary: A popular third-party GitHub Action, tj-actions/changed-files (tracked as CVE-2025-30066), was compromised. This GitHub Action is designed to detect which files have changed in a pull request or commit. The supply chain compromise allows for information disclosure of secrets including,…

Bulletins: Vulnerability Summary for the Week of March 10, 2025

Mar 17, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.cisa.gov/news-events/bulletins/sb25-076 Source: Bulletins Title: Vulnerability Summary for the Week of March 10, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1E–1E Client Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged…

Alerts: CISA Adds Six Known Exploited Vulnerabilities to Catalog

Mar 12, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.cisa.gov/news-events/alerts/2025/03/11/cisa-adds-six-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Six Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-24983 Microsoft Windows Win32k Use-After-Free Vulnerability CVE-2025-24984 Microsoft Windows NTFS Information Disclosure Vulnerability CVE-2025-24985 Microsoft Windows Fast FAT File System Driver Integer…

Cisco Talos Blog: Microsoft Patch Tuesday for March 2025 — Snort rules and prominent vulnerabilities

Mar 11, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://blog.talosintelligence.com/march-patch-tuesday-release/ Source: Cisco Talos Blog Title: Microsoft Patch Tuesday for March 2025 — Snort rules and prominent vulnerabilities Feedly Summary: Microsoft has released its monthly security update for March of 2025 which includes 57 vulnerabilities affecting a range of products, including 6 that Microsoft marked as “critical”. AI Summary and Description: Yes Summary:…

The Register: VMware patches guest-to-hypervisor escape flaws already under attack

Mar 4, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/03/04/vmware_plugs_three_hypervisorhijack_holes/ Source: The Register Title: VMware patches guest-to-hypervisor escape flaws already under attack Feedly Summary: The heap overflow in the memory unsafe code by Miss Creant Broadcom today pushed out patches for three VMware hypervisor-hijacking bugs, including one rated critical, that have already been found and exploited by criminals.… AI Summary and Description:…

Alerts: CISA Adds Four Known Exploited Vulnerabilities to Catalog

Mar 4, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.cisa.gov/news-events/alerts/2025/03/04/cisa-adds-four-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Four Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-50302 Linux Kernel Use of Uninitialized Resource Vulnerability CVE-2025-22225 VMware ESXi Arbitrary Write Vulnerability CVE-2025-22224 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability CVE-2025-22226 VMware ESXi,…

Bulletins: Vulnerability Summary for the Week of February 17, 2025

Feb 24, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.cisa.gov/news-events/bulletins/sb25-055 Source: Bulletins Title: Vulnerability Summary for the Week of February 17, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info a1post–A1POST.BG Shipping for Woo Cross-Site Request Forgery (CSRF) vulnerability in a1post A1POST.BG Shipping for Woo allows Privilege Escalation. This issue affects A1POST.BG Shipping for Woo: from n/a…

Unit 42: Multiple Vulnerabilities Discovered in NVIDIA CUDA Toolkit

Feb 19, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://unit42.paloaltonetworks.com/nvidia-cuda-toolkit-vulnerabilities/ Source: Unit 42 Title: Multiple Vulnerabilities Discovered in NVIDIA CUDA Toolkit Feedly Summary: Unit 42 researchers detail nine vulnerabilities discovered in NVIDIA’s CUDA-based toolkit. The affected utilities help analyze cubin (binary) files. The post Multiple Vulnerabilities Discovered in NVIDIA CUDA Toolkit appeared first on Unit 42. AI Summary and Description: Yes **Summary:**…

Cisco Talos Blog: ClearML and Nvidia vulns

Feb 14, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://blog.talosintelligence.com/clearml-and-nvidia-vulns/ Source: Cisco Talos Blog Title: ClearML and Nvidia vulns Feedly Summary: Cisco Talos’ Vulnerability Discovery & Research team recently disclosed two vulnerabilities in ClearML and four vulnerabilities in Nvidia. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy. For Snort…

Bulletins: Vulnerability Summary for the Week of February 3, 2025

Feb 10, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.cisa.gov/news-events/bulletins/sb25-041 Source: Bulletins Title: Vulnerability Summary for the Week of February 3, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info .TUBE gTLD–.TUBE Video Curator Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in .TUBE gTLD .TUBE Video Curator allows Reflected XSS. This issue affects…

Tag: information disclosure