Security
Headlines
HeadlinesLatestCVEs

Tag

#acer

The FDA's Medical Device Cybersecurity Overhaul Has Real Teeth, Experts Say

The physical and cyber safety issues surrounding medical devices like IV pumps is finally being meaningfully addressed by a new policy taking effect this week.

DARKReading
Open in Source
#vulnerability#mac#acer#auth
CVE-2022-37012

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation OPC UA C++ Demo Server 1.7.6-537. Authentication is not required to exploit this vulnerability. The specific flaw exists within the OpcUa_SecureListener_ProcessSessionCallRequest method. A crafted OPC UA message can force the server to incorrectly update a reference count. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-16927.

CVE-2023-27246: 2023-05-25-ziroudei/README.md at main · intruderlabs/2023-05-25-ziroudei

An arbitrary file upload vulnerability in the Virtual Disk of MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted .htaccess file.

North Korea Is Now Mining Crypto to Launder Its Stolen Loot

A spy group working for the Kim regime has been feeding stolen coins into crypto mining services in an effort to throw tracers off their trail.

Latitude Financial Data Breach: 14 Million Customers Affected

By Waqas The CEO of Latitude Financial, Ahmed Fahour, has expressed disappointment in the incident and apologized unreservedly to customers. This is a post from HackRead.com Read the original post: Latitude Financial Data Breach: 14 Million Customers Affected

Online Graduate Tracer System 1.0 SQL Injection

Online Graduate Tracer System version 1.0 suffers from a remote SQL injection vulnerability.

CVE-2023-1252: [PATCH 5.15 138/917] ovl: fix use after free in struct ovl_aio_req

A use-after-free flaw was found in the Linux kernel’s Ext4 File System in how a user triggers several file operations simultaneously with the overlay FS usage. This flaw allows a local user to crash or potentially escalate their privileges on the system. Only if patch 9a2544037600 ("ovl: fix use after free in struct ovl_aio_req") not applied yet, the kernel could be affected.

CVE-2022-48424

In the Linux kernel before 6.1.3, fs/ntfs3/inode.c does not validate the attribute name offset. An unhandled page fault may occur.

CVE-2023-1394

A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0. It has been classified as critical. This affects the function mysqli_query of the file bsitemp.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222981 was assigned to this vulnerability.

CVE-2023-25148: ZDI-23-173

A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to exploit the vulnerability by changing a specific file into a pseudo-symlink, allowing privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.