#vulnerability

Individual companies and entire industries alike must take responsibility for protecting customer data — and doing the right thing when they fail.

Protect traveler data with these tips: use VPNs, manage app permissions, and secure travel documents. Travel companies should…

A critical vulnerability in the Windows Kerberos authentication protocol poses a significant risk to millions of servers. Microsoft…

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: MELSEC iQ-F Series Vulnerability: Improper Validation of Specified Type of Input 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service condition in Ethernet communication on the module. A system reset of the module is required for recovery. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Mitsubishi Electric reports that the following versions of MELSEC iQ-F Series Ethernet module and EtherNet/IP module are affected: MELSEC iQ-F Series FX5-ENET: version 1.100 and later MELSEC iQ-F Series FX5-ENET/IP: version 1.100 to 1.104 3.2 Vulnerability Overview 3.2.1 Improper Validation of Specified Type of Input CWE-1287 A denial-of-service vulnerability due to improper validation of a specified type of input exists in MELSEC iQ-F Ethernet Module and EtherNet/IP Module. CVE-2024-8403 has ...

Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients. Apache Kafka Clients accept configuration data for customizing behavior, and includes ConfigProvider plugins in order to manipulate these configurations. Apache Kafka also provides FileConfigProvider, DirectoryConfigProvider, and EnvVarConfigProvider implementations which include the ability to read from disk or environment variables. In applications where Apache Kafka Clients configurations can be specified by an untrusted party, attackers may use these ConfigProviders to read arbitrary contents of the disk and environment variables. In particular, this flaw may be used in Apache Kafka Connect to escalate from REST API access to filesystem/environment access, which may be undesirable in certain environments, including SaaS products. This issue affects Apache Kafka Clients: from 2.3.0 through 3.5.2, 3.6.2, 3.7.0. Users with affected applications are recommended ...

On November 13, NIST NVD finally admitted the obvious: they had failed to process the CVE analysis backlog before the end of the fiscal year (September 30). This is actually visible in their own statistics. At the moment, there are 19860 identifiers in the backlog. This week, 1136 new CVEs were received, and they analyzed […]

Our security teams work around the clock to help protect every person and organization on the planet from security threats. We also know that security is a team sport, and that’s why we also partner with the global security community through our bug bounty programs to proactively identify and mitigate potential issues before our customers are impacted.

Now-patched security flaws impacting Progress Kemp LoadMaster and VMware vCenter Server have come under active exploitation in the wild, it has emerged. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added CVE-2024-1212 (CVSS score: 10.0), a maximum-severity security vulnerability in Progress Kemp LoadMaster to its Known Exploited Vulnerabilities (KEV) catalog. It was

Experimental counter-offensive system responds to malicious AI probes with their own surreptitious prompt-injection commands.