Aggregator

CVE-2024-26618 | Linux Kernel up to 6.6.14/6.7.2 sme sme_alloc allocation of resources (569156e4fa34/814af6b4e600/dc7eb8755797 / Nessus ID 210815)

5 months 2 weeks ago

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.6.14/6.7.2. This affects the function sme_alloc of the component sme. The manipulation leads to allocation of resources. This vulnerability is uniquely identified as CVE-2024-26618. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2024-26612 | Linux Kernel up to 6.1.75/6.6.14/6.7.2/6.8-rc1 fscache fscache_put_cache null pointer dereference (Nessus ID 210815)

Vuldb Updates

5 months 2 weeks ago

A vulnerability has been found in Linux Kernel up to 6.1.75/6.6.14/6.7.2/6.8-rc1 and classified as critical. Affected by this vulnerability is the function fscache_put_cache of the component fscache. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2024-26612. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2023-52595 | Linux Kernel up to 6.7.3 rt2x00 ieee80211_restart_hw deadlock (Nessus ID 210815)

Vuldb Updates

5 months 2 weeks ago

A vulnerability classified as problematic was found in Linux Kernel up to 6.7.3. This vulnerability affects the function ieee80211_restart_hw of the component rt2x00. The manipulation leads to deadlock. This vulnerability was named CVE-2023-52595. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2023-52594 | Linux Kernel up to 6.7.3 ath9k htc_drv_txrx.c ath9k_htc_txstatus out-of-bounds (Nessus ID 210815)

Vuldb Updates

5 months 2 weeks ago

A vulnerability was found in Linux Kernel up to 6.7.3. It has been declared as problematic. Affected by this vulnerability is the function ath9k_htc_txstatus of the file htc_drv_txrx.c of the component ath9k. The manipulation leads to out-of-bounds read. This vulnerability is known as CVE-2023-52594. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2023-52606 | Linux Kernel up to 6.7.3 powerpc analyse_instr stack-based overflow (Nessus ID 210815)

Vuldb Updates

5 months 2 weeks ago

A vulnerability was found in Linux Kernel up to 6.7.3. It has been classified as critical. This affects the function analyse_instr of the component powerpc. The manipulation leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2023-52606. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2023-52585 | Linux Kernel up to 6.7.3 amdgpu amdgpu_ras_query_error_status_helper null pointer dereference (195a6289282e/b8d55a90fd55 / Nessus ID 210815)

Vuldb Updates

5 months 2 weeks ago

A vulnerability classified as critical has been found in Linux Kernel up to 6.7.3. Affected is the function amdgpu_ras_query_error_status_helper of the component amdgpu. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2023-52585. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2021-47098 | Linux Kernel up to 5.15.11 hwmon clamp_val integer underflow (d105f30bea91/55840b9eae53 / Nessus ID 210815)

Vuldb Updates

5 months 2 weeks ago

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 5.15.11. Affected is the function clamp_val of the component hwmon. The manipulation leads to integer underflow. This vulnerability is traded as CVE-2021-47098. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

Syteca Account Discovery strengthens privileged access management

Help Net Security

5 months 2 weeks ago

Syteca launched Account Discovery, a new feature within its Privileged Access Management (PAM) solution. This enhancement enables organizations to automatically detect and manage privileged accounts across their IT infrastructure, significantly reducing security risks associated with unmanaged access credentials. The new Account Discovery feature addresses the critical challenge of “ghost accounts” – privileged credentials that remain active after employee departures, contractor project completions, or system upgrades. These overlooked accounts often create security vulnerabilities that can be … More →

The post Syteca Account Discovery strengthens privileged access management appeared first on Help Net Security.

Industry News

ESET Research Podcast: Gamaredon

WeLiveSecurity

5 months 2 weeks ago

ESET researchers introduce the Gamaredon APT group, detailing its typical modus operandi, unique victim profile, vast collection of tools and social engineering tactics, and even its estimated geolocation

Inside the DemandScience by Pure Incubation Data Breach

Troy Hunt

5 months 2 weeks ago

Apparently, before a child reaches the age of 13, advertisers will have gathered more 72 million data points on them. I knew I'd seen a metric about this sometime recently, so I went looking for "7,000", which perfectly illustrates how unaware we are of the

Troy Hunt

网络攻击致使英国司法部囚车追踪报警系统瘫痪

互联网安全内参

5 months 2 weeks ago

第三方供应商遭受网络攻击可能带来的风险

多国警告：零日漏洞攻击暴涨已成为网空新常态

互联网安全内参

5 months 2 weeks ago

这与前几年的态势已经完全不同

额外一年的教育对大脑结构变化没有产生长期影响

Solidot

5 months 2 weeks ago

英国提高离校年龄（ROSLA）改革要求 1957 年 9 月 1 日以后出生的孩子在学校待到 16 岁而不是 15 岁，从而创造了一个明显的年龄界限。研究人员利用来自英国生物银行、涉及 3 万多名参与者的广泛神经成像数据，评估了这种强制性的额外一年教育是否会导致大脑结构的持久变化。结果没有观察到统计学上显著的脑结构差异。研究没有发现额外一年的教育对神经系统有全局性或区域性的影响。这项发现表明，旨在改善认知结果的政策不应仅仅是增加教育时间，而应解决影响大脑和认知健康的更广泛因素。

Ivanti Warns of Critical Vulnerabilities in Connect Secure, Policy Secure & Secure Access

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

5 months 2 weeks ago

Ivanti, the well-known provider of IT asset and service management solutions, has issued critical security updates for its products Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), and Ivanti Secure Access Client (ISAC). These updates address multiple vulnerabilities, including medium, high, and critical severity issues, which, if exploited, could lead to denial of service (DoS), privilege escalation, and […]

The post Ivanti Warns of Critical Vulnerabilities in Connect Secure, Policy Secure & Secure Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Divya

11月19日，我们乌镇见！

默安科技

5 months 2 weeks ago

新品发布，敬请期待~

CVE-2024-8001 | VIWIS LMS 9.11 Print authorization

VulDB Recent Entries

5 months 2 weeks ago

A vulnerability was found in VIWIS LMS 9.11. It has been classified as critical. Affected is an unknown function of the component Print Handler. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2024-8001. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

vuldb.com