Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

CVE-2022-43183: xxl-job =< 2.3.1 version (latest version) has SSRF vulnerability, which causes low-privileged users to control executor to execute arbitrary commands · Issue #3002 · xuxueli/xxl-job

XXL-Job before v2.3.1 contains a Server-Side Request Forgery (SSRF) via the component /admin/controller/JobLogController.java.

CVE
Open in Source
#vulnerability#web#mac#apple#google#js#java#intel#ssrf#chrome#webkit
Threat Source newsletter (Nov. 17, 2022): Hot off the press! The Snort 2023 Calendar is here

The Snort 2023 calendar is finally here, and y’all, it’s a good one. Packed full of classic memes and punny Snorties, the calendar is sure to delight all year long.

CVE-2022-44384: Offensive Security’s Exploit Database Archive

An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP file.

We Need Smarter Smart Contracts To Prevent DeFi Hacks

By Waqas The smart contracts that govern DeFi are littered with exploitable code, and hackers understand that since hundreds of millions of crypto funds have been siphoned off due to this very issue. This is a post from HackRead.com Read the original post: We Need Smarter Smart Contracts To Prevent DeFi Hacks

Ubuntu Security Notice USN-5728-1

Ubuntu Security Notice 5728-1 - Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the memory address space accounting implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

China-Based Billbug APT Infiltrates Certificate Authority

Access to digital certificates would allow the Chinese-speaking espionage group to sign its custom malware and skate by security scanners.

MITRE Engenuity Launches Evaluations for Security Service Providers

The results are labor-intensive to parse, so knowing how to interpret them is key, security experts say.

Are We Ready for AI-Generated Code?

Autocompleted code is convenient and quick, but it may expose your organization to security and compliance risks.

New RapperBot malware targets gaming servers with DDoS attacks

By Deeba Ahmed RapperBot malware is known for brute-forcing SSH servers that can accept password authentication. This is a post from HackRead.com Read the original post: New RapperBot malware targets gaming servers with DDoS attacks

Announcing the Microsoft Machine Learning Membership Inference Competition (MICO)

We’re excited to announce the launch of a new competition focusing on the security and privacy of machine learning (ML) systems. Machine learning has already become a key enabler in many products and services, and this trend is likely to continue. It is therefore critical to understand the security and privacy guarantees provided by state-of-the-art … Announcing the Microsoft Machine Learning Membership Inference Competition (MICO) Read More »