Aggregator

CVE-2024-45036 | Shopify tophat up to 1.9.x ~/.tophatrc TOPHAT_APP_TOKEN access control (GHSA-p7xh-6hjr-mmg6)

VulDB Recent Entries
5 months 1 week ago
A vulnerability has been found in Shopify tophat up to 1.9.x and classified as critical. Affected by this vulnerability is an unknown functionality of the file ~/.tophatrc. The manipulation of the argument TOPHAT_APP_TOKEN leads to improper access controls. This vulnerability is known as CVE-2024-45036. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-43798 | jpillora chisel up to 1.9.x Environment Variable AUTH inconsistency between implementation and documented design (GHSA-38jh-8h67-m7mj)

VulDB Recent Entries
5 months 1 week ago
A vulnerability, which was classified as problematic, was found in jpillora chisel up to 1.9.x. Affected is an unknown function of the component Environment Variable Handler. The manipulation of the argument AUTH leads to inconsistency between implementation and documented design. This vulnerability is traded as CVE-2024-43798. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

ZDI-CAN-25269: PDF-XChange

ZDI: Upcoming Advisories
5 months 1 week ago
A CVSS score 3.3 AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N severity vulnerability discovered by 'Mat Powell of Trend Micro Zero Day Initiative' was reported to the affected vendor on: 2024-08-27, 21 days ago. The vendor is given until 2024-12-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

ZDI-CAN-25267: Foxit

ZDI: Upcoming Advisories
5 months 1 week ago
A CVSS score 3.3 AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N severity vulnerability discovered by 'Mat Powell of Trend Micro Zero Day Initiative' was reported to the affected vendor on: 2024-08-27, 30 days ago. The vendor is given until 2024-12-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

ZDI-CAN-25265: Logsign

ZDI: Upcoming Advisories
5 months 1 week ago
A CVSS score 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N severity vulnerability discovered by 'Abdessamad Lahlali and Smile Thanapattheerakul of Trend Micro ' was reported to the affected vendor on: 2024-08-27, 30 days ago. The vendor is given until 2024-12-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

ZDI-CAN-25268: PDF-XChange

ZDI: Upcoming Advisories
5 months 1 week ago
A CVSS score 3.3 AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N severity vulnerability discovered by 'Mat Powell of Trend Micro Zero Day Initiative' was reported to the affected vendor on: 2024-08-27, 21 days ago. The vendor is given until 2024-12-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

高级端点安全防护方案发展的12个关键特性

不安全
5 months 1 week ago
从移动设备、PC、服务器再到云上的容器,各种类型的端点设备应用日益复杂,同时也成了黑客们重点关注的攻击目标。对于企业的安全团队来说,有效管理并保护端点应用安全是一项充满挑战的工作。为了应对不断变化的端

Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation

The Hackers News
5 months 1 week ago
Google has revealed that a security flaw that was patched as part of a software update rolled out last week to its Chrome browser has come under active exploitation in the wild. Tracked as CVE-2024-7965, the vulnerability has been described as an inappropriate implementation bug in the V8 JavaScript and WebAssembly engine. "Inappropriate implementation in V8 in Google Chrome prior to
The Hacker News

Managed ad