Aggregator

A vulnerability classified as critical was found in Oracle Java SE and GraalVM Enterprise Edition. This vulnerability affects unknown code of the component JavaFX WebKitGTK. The manipulation leads to improper check for unusual conditions. This vulnerability was named CVE-2023-41993. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Redmond reboot redux: “Something has gone seriously wrong.” You can say that again, Microsoft.

The post Patch Tuesday not Done ’til LINUX Won’t Run? appeared first on Security Boulevard.

Australia’s data protection watchdog has decided to stop its investigation into US facial recognition company Clearview AI

Submit #395541 / VDB-275428

A vulnerability classified as critical has been found in LiteSpeed Cache Plugin up to 6.3.0.1 on WordPress. This affects an unknown part. The manipulation leads to incorrect privilege assignment. This vulnerability is uniquely identified as CVE-2024-28000. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in OpenText Privileged Access Manager up to 3.7.0.0. It has been rated as critical. Affected by this issue is some unknown functionality of the component PAM Server. The manipulation leads to os command injection. This vulnerability is handled as CVE-2020-11847. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in OpenText Self Service Password Reset up to 4.4.0.5/4.5.0.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2020-11850. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in OpenText Privileged Access Manager up to 3.7.0.0. It has been classified as critical. Affected is an unknown function of the component Token Handler. The manipulation leads to improper privilege management. This vulnerability is traded as CVE-2020-11846. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A critical vulnerability affecting multiple versions of GitHub Enterprise Server could be exploited to bypass authentication and enable an attacker to gain administrator privileges on the machine. [...]

E-cology10远程代码执行漏洞

It might still sound far-fetched to say AI can develop critical thinking skills and help us make decisions in the cybersecurity industry. But we're not far off.

Oregon Zoo revealed that an unauthorized actor potentially obtained payment card information used in transactions over six months

Вебинар Positive Technologies состоится 22 августа в 14:00 (мск).

全国20+省市的共同选择！

ISC带队！数十家网安中坚力量共绘上海安全大脑建设蓝图

陷进去可以，别“陷”进去

看上去是一篇论文推荐，实质上是环法自行车观赛指南（以及流量密码）

自称 ZeroSevenGroup 的组织在黑客论坛声称入侵了丰田在美国的一家子公司，它免费分享了其窃取的 240 GB 数据，内容包括联系人、财务、客户、计划、员工、照片、数据库、网络基础设施、电子邮件等。该组织称使用开源工具 ADRecon 提取了包括凭证在内的网络基础设施信息。丰田随后证实其网络遭黑客入侵，但没有披露入侵是何时发生以及如何发生的细节。

By Opal WrightAmong the cryptographic missteps we see at Trail of Bits, “let’s b