Security
Headlines
HeadlinesLatestCVEs

Tag

#git

Hackers Could Exploit Google Workspace and Cloud Platform for Ransomware Attacks

A set of novel attack methods has been demonstrated against Google Workspace and the Google Cloud Platform that could be potentially leveraged by threat actors to conduct ransomware, data exfiltration, and password recovery attacks. "Starting from a single compromised machine, threat actors could progress in several ways: they could move to other cloned machines with GCPW installed, gain access

The Hacker News
Open in Source
#mac#windows#google#microsoft#git#oauth#auth#chrome#ssl#The Hacker News
A Spy Agency Leaked People's Data Online—Then the Data Was Stolen

The National Telecommunication Monitoring Center in Bangladesh exposed a database to the open web. The types of data leaked online are extensive.

CVE-2023-43757: 無線LANルーター・中継器のセキュリティ向上のための ファームウェアアップデート・対策実施のお願い | エレコム株式会社 ELECOM

Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION allows a network-adjacent unauthenticated attacker to guess the encryption key used for wireless LAN communication and intercept the communication. As for the affected products/versions, see the information provided by the vendor under [References] section.

CVE-2023-47003: Query crashes in `DataBlock_ItemIsDeleted` · Issue #3063 · RedisGraph/RedisGraph

An issue in RedisGraph v.2.12.10 allows an attacker to execute arbitrary code and cause a denial of service via a crafted string in DataBlock_ItemIsDeleted.

CVE-2023-43275: dedecms/v5.7_110-CSRF.md at main · thedarknessdied/dedecms

Cross-Site Request Forgery (CSRF) vulnerability in DedeCMS v5.7 in 110 backend management interface via /catalog_add.php, allows attackers to create crafted web pages due to a lack of verification of the token value of the submitted form.

CVE-2021-35437: Vulns/lmxcms injection.md at main · GHA193/Vulns

SQL injection vulnerability in LMXCMS v.1.4 allows attacker to execute arbitrary code via the TagsAction.class.

CVE-2023-47471: SEGV in libde265 in slice_segment_header::dump_slice_segment_header · Issue #426 · strukturag/libde265

Buffer Overflow vulnerability in strukturag libde265 v1.10.12 allows a local attacker to cause a denial of service via the slice_segment_header function in the slice.cc component.

CVE-2023-47470: avcodec/evc_ps: Check ref_pic_num and sps_max_dec_pic_buffering_minus1 · FFmpeg/FFmpeg@4565747

Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps.c

GHSA-6944-6pmv-6mp2: free5gc Buffer Overflow vulnerability

Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cause a denial of service via crafted PFCP message with malformed PFCP Heartbeat message whose Recovery Time Stamp IE length is mutated to zero.