Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

Printing Business Records Management System 1.0 Cross Site Request Forgery

Printing Business Records Management System version 1.0 suffers from a cross site request forgery vulnerability.

Packet Storm
Open in Source
#csrf#vulnerability#windows#google#php#auth#firefox
Online Eyewear Shop 1.0 Cross Site Request Forgery

Online Eyewear Shop version 1.0 suffers from a cross site request forgery vulnerability.

Manufacturers Rank as Ransomware's Biggest Target

Improvements in cybersecurity and basics like patching aren't keeping pace with the manufacturing sector's rapid growth.

Alert: Over 700,000 DrayTek Routers Exposed to Hacking via 14 New Vulnerabilities

A little over a dozen new security vulnerabilities have been discovered in residential and enterprise routers manufactured by DrayTek that could be exploited to take over susceptible devices. "These vulnerabilities could enable attackers to take control of a router by injecting malicious code, allowing them to persist on the device and use it as a gateway into enterprise networks," Forescout

GHSA-phh4-3hmm-24rx: Duplicate Advisory: Juju makes Use of Weak Credentials

## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mh98-763h-m9v4. This link is maintained to preserve external references. ## Original Description JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the unprivileged user access to the same information and tools as the Juju charm.

GHSA-fc27-7pf5-96v3: Duplicate Advisory: Vulnerable juju hook tool abstract UNIX domain socket

## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-8v4w-f4r9-7h6x. This link is maintained to preserve external references. ## Original Description Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJU_CONTEXT_ID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a juju charm.

GHSA-85qf-6845-m8p2: Duplicate Advisory: Juju Unprotected Alternate Channel vulnerability

## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xwgj-vpm9-q2rq. This link is maintained to preserve external references. ## Original Description Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks.

Alert: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit

Cybersecurity researchers have disclosed that 5% of all Adobe Commerce and Magento stores have been hacked by malicious actors by exploiting a security vulnerability dubbed CosmicSting. Tracked as CVE-2024-34102 (CVSS score: 9.8), the critical flaw relates to an improper restriction of XML external entity reference (XXE) vulnerability that could result in remote code execution. The shortcoming,

Russian Cyber Offensive Shifts Focus to Ukraine’s Military Infrastructure

SSSCIP reports a strategic shift in Russian cyber operations in H1 2024. Targeting Ukraine’s defence sectors, attacks doubled,…

GHSA-r2jw-c95q-rj29: cocoon Reuses a Nonce, Key Pair in Encryption

Versions of the package cocoon before 0.4.0 are vulnerable to Reusing a Nonce, Key Pair in Encryption when the encrypt, wrap, and dump functions are sequentially called. An attacker can generate the same ciphertext by creating a new encrypted message with the same cocoon object. **Note:** The issue does NOT affect objects created with Cocoon::new which utilizes ThreadRng.