Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

Researchers Discover Critical Remote Code Execution Flaw in vm2 Sandbox Library

The maintainers of the vm2 JavaScript sandbox module have shipped a patch to address a critical flaw that could be abused to break out of security boundaries and execute arbitrary shellcode. The flaw, which affects all versions, including and prior to 3.9.14, was reported by researchers from South Korea-based KAIST WSP Lab on April 6, 2023, prompting vm2 to release a fix with version 3.9.15 on

The Hacker News
Open in Source
#vulnerability#web#mac#nodejs#js#java#rce#perl#The Hacker News
Microsoft and Fortra to Take Down Malicious Cobalt Strike Infrastructure

By Deeba Ahmed Cobalt Strike is a legitimate post-exploitation tool designed by Raphael Mudge of Fortra for adversary simulation but it has also been abused by cybercriminals. This is a post from HackRead.com Read the original post: Microsoft and Fortra to Take Down Malicious Cobalt Strike Infrastructure

Threat Roundup for March 31 to April 7

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 31 and April 7. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key

CVE-2023-23762: Release notes - GitHub Enterprise Server 3.7 Docs

An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff. To do so, an attacker would need write access to the repository and be able to correctly guess the target branch before it’s created by the code maintainer. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.9 and was fixed in versions 3.4.18, 3.5.15, 3.6.11, 3.7.8, and 3.8.1. This vulnerability was reported via the GitHub Bug Bounty program.

Close the Permissions Gap With Identity and Access Management for Multicloud Workforces

Consolidating identity management on one platform gives organizations real-time access management for all identities on hybrid and multicloud installations. (First of a two-part series.)

CVE-2023-27808: H3C Magic R100 was discovered stack overflow via the DeltriggerList interface at /goform/aspForm - HackMD

H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.

CVE-2023-27810: H3C Magic R100 was discovered stack overflow via the ipqos_lanip_editlist interface at /goform/aspForm - HackMD

H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the ipqos_lanip_editlist interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.

CVE-2023-27807: H3C Magic R100 was discovered stack overflow via the Delstlist interface at /goform/aspForm - HackMD

H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the Delstlist interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.

CVE-2023-27806: H3C Magic R100 was discovered stack overflow via the ipqos_lanip_dellist interface at /goform/aspForm - HackMD

H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the ipqos_lanip_dellist interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.

CVE-2023-27805: H3C Magic R100 was discovered stack overflow via the EditSTList interface at /goform/aspForm - HackMD

H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the EditSTList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.