Aggregator

A vulnerability classified as problematic has been found in kokoroe_members card 13.6.1. This affects an unknown part of the component Message Handler. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2023-39045. The attack needs to be initiated within the local network. There is no exploit available.

Google has revealed that its transition to memory-safe languages such as Rust as part of its secure-by-design approach has led to the percentage of memory-safe vulnerabilities discovered in Android dropping from 76% to 24% over a period of six years. The tech giant said focusing on Safe Coding for new features not only reduces the overall security risk of a codebase, but also makes the switch

The percentage of Android vulnerabilities caused by memory safety issues has dropped from 76% in 2019 to only 24% in 2024, representing a massive decrease of over 68% in five years. [...]

While these threats remain a valid concern, US government agencies have doubled down on their assurances to the American public that election infrastructure is secure.

Безопасность приложений выходит на новый уровень.

A vulnerability classified as problematic has been found in Cisco IOS XE on Catalyst 9000. Affected is an unknown function. The manipulation leads to integer overflow. This vulnerability is traded as CVE-2024-20434. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Cisco IOS and IOS XE. It has been rated as problematic. This issue affects some unknown processing of the component Web UI. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2024-20414. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Cisco IOS XE. It has been declared as problematic. This vulnerability affects unknown code of the component Web UI. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2024-20437. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Cisco IOS 15.2(8)E2/15.2(8)E3/15.2(8)E4/15.2(8)E5. It has been classified as critical. This affects an unknown part of the component Access Control List Handler. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2024-20465. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Cisco IOS XE 17.11.99SW/17.12.1/17.12.1a and classified as critical. Affected by this issue is some unknown functionality of the component IPv4 Fragmentation Handler. The manipulation leads to improper resource management. This vulnerability is handled as CVE-2024-20467. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Cisco IOS XE and classified as critical. Affected by this vulnerability is an unknown functionality of the component HTTP Server Telephony Service. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2024-20436. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Cisco IOS XE. Affected is an unknown function of the component SD-Access Fabric Edge Node Handler. The manipulation leads to operator precedence logic error. This vulnerability is traded as CVE-2024-20480. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Cisco IOS XE 17.13.1/17.13.1a. This issue affects some unknown processing of the component Protocol Independent Multicast Handler. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2024-20464. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Cisco IOS and IOS XE. This vulnerability affects unknown code of the component Resource Reservation Protocol. The manipulation leads to stack-based buffer overflow. This vulnerability was named CVE-2024-20433. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Cisco IOS XE. This affects an unknown part of the component ACL. The manipulation leads to incorrect authorization. This vulnerability is uniquely identified as CVE-2024-20510. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

The advanced Python-based PysSilon malware can steal data, record keystrokes, and execute remote commands. The attackers behind it are promising to leak details of deleted X posts related to accused rapper and music producer Sean Combs.

A vulnerability was found in Cisco Catalyst SD-WAN Manager. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Web-based Management Interface. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-20475. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Cisco SD-WAN vEdge Cloud and SD-WAN vEdge Router. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component UDP Packet Handler. The manipulation leads to out-of-bounds write. This vulnerability is known as CVE-2024-20496. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Cisco Digital Network Architecture Center. It has been classified as critical. Affected is an unknown function of the component SSH Host Key Handler. The manipulation leads to use of hard-coded cryptographic key . This vulnerability is traded as CVE-2024-20350. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Cisco UTD SNORT IPS Engine Software and classified as critical. This issue affects some unknown processing of the component HTTP Handler. The manipulation leads to heap-based buffer overflow. The identification of this vulnerability is CVE-2024-20508. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.