Security
Headlines
HeadlinesLatestCVEs

Tag

#acer

Ubuntu Security Notice USN-5882-1

Ubuntu Security Notice 5882-1 - Gjoko Krstic discovered that DCMTK incorrectly handled buffers. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. Omar Ganiev discovered that DCMTK incorrectly handled buffers. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Packet Storm
Open in Source
#vulnerability#ubuntu#dos#acer
CVE-2021-32847: GHSL-2021-058: Disclosure of the host memory into the virtualized guest in hyperkit - CVE-2021-32847

HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior, a malicious guest can trigger a vulnerability in the host by abusing the disk driver that may lead to the disclosure of the host memory into the virtualized guest. This issue is fixed in commit cf60095a4d8c3cb2e182a14415467afd356e982f.

Is OWASP at Risk of Irrelevance?

A growing group of OWASP members and board leaders are calling for the AppSec group to make big changes to stay apace with modern development.

CVE-2022-40080: Acerin kannettavat, pöytäkoneet, Chromebookit, monitorit ja projektorit | Acer Suomi

Stack overflow vulnerability in Aspire E5-475G 's BIOS firmware, in the FpGui module, a second call to GetVariable services allows local attackers to execute arbitrary code in the UEFI DXE phase and gain escalated privileges.

3 Ways CISOs Can Lead Effectively and Avoid Burnout

Information security is a high-stakes field with sky-high expectations. Here's how CISOs can offset the pressures and stay healthy.

WordPress Quiz And Survey Master 8.0.8 Cross Site Request Forgery

WordPress Quiz and Survey Master plugin versions 8.0.8 and below suffer from a cross site request forgery vulnerability.

WordPress Quiz And Survey Master 8.0.8 Media Deletion

WordPress Quiz and Survey Master plugin versions 8.0.8 and below suffer from a missing authentication vulnerability that allows an attacker to delete media from the WordPress instance.

CVE-2023-22943: Modular Input REST API Requests Connect via HTTP after Certificate Validation Failure in Splunk Add-on Builder and Splunk CloudConnect SDK

In Splunk Add-on Builder (AoB) versions below 4.1.2 and the Splunk CloudConnect SDK versions below 3.1.3, requests to third-party APIs through the REST API Modular Input incorrectly revert to using HTTP to connect after a failure to connect over HTTPS occurs. The vulnerability affects AoB and apps that AoB generates when using the REST API Modular Input functionality through its user interface. The vulnerability also potentially affects third-party apps and add-ons that call the *cloudconnectlib.splunktacollectorlib.cloud_connect_mod_input* Python class directly.

The Chinese Spy Balloon Shows the Downsides of Spy Balloons

A popular military tool during the Cold War, spy balloons have since fallen out of favor—for good reason.

CVE-2023-24143: CVE-vulns/setNetworkDiag_NetDiagTracertHop.md at main · Double-q1015/CVE-vulns

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagTracertHop parameter in the setNetworkDiag function.