Tag
Dell ELab-Navigator, version 3.1.9 contains a hard-coded credential vulnerability. A local attacker could potentially exploit this vulnerability, leading to unauthorized access to sensitive data. Successful exploitation may result in the compromise of confidential user information.
Insecure permissions in the setNFZEnable function of Autel Robotics EVO Nano drone v1.6.5 allows attackers to breach the geo-fence and fly into no-fly zones.
Microsoft has patched a total of 63 vulnerabilities this Patch Tuesday. Make sure you update as soon as you can.
The new generation of hardware authentication key includes support for cryptographic passkeys as Google pushes adoption of the more secure login alternative.
Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
By Waqas Domain squatting can lead you to malicious websites, and it might be too late to realize what actually happened. This is a post from HackRead.com Read the original post: Domain Squatting and Brand Hijacking: A Silent Threat to Digital Enterprises
By Waqas Casio's data breach exposed a well-known secret: no one is immune to cyberattacks - It also exposes the highly vulnerable state of databases. This is a post from HackRead.com Read the original post: Lesson from Casio’s Data Breach: Why Database Security Still a Major Challenge for Businesses?
Intel has released fixes to close out a high-severity flaw codenamed Reptar that impacts its desktop, mobile, and server CPUs. Tracked as CVE-2023-23583 (CVSS score: 8.8), the issue has the potential to "allow escalation of privilege and/or information disclosure and/or denial of service via local access." Successful exploitation of the vulnerability could also permit a bypass of the CPU's
Microsoft has released fixes to address 63 security bugs in its software for the month of November 2023, including three vulnerabilities that have come under active exploitation in the wild. Of the 63 flaws, three are rated Critical, 56 are rated Important, and four are rated Moderate in severity. Two of them have been listed as publicly known at the time of the release. The updates are in
### Summary A denial of service vulnerability in JSON-Java was discovered by [ClusterFuzz](https://google.github.io/clusterfuzz/). A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used. There are two issues: (1) the parser bug can be used to circumvent a check that is supposed to prevent the key in a JSON object from itself being another JSON object; (2) if a key does end up being a JSON object then it gets converted into a string, using `\` to escape special characters, including `\` itself. So by nesting JSON objects, with a key that is a JSON object that has a key that is a JSON object, and so on, we can get an exponential number of `\` characters in the escaped string. ### Severity High - Because this is an already-fixed DoS vulnerability, the only remaining impact possible is for existing binaries that have not been updated yet. ### Proof of Concept ```java package orgjsonbug; import org.json.JSONObject; /** * Illus...