Security
Headlines
HeadlinesLatestCVEs

Tag

#oracle

The Mysterious Shortwave Radio Station Stoking US-Russia Nuclear Fears

A popular shortwave Russian radio station dubbed “UVB-76” has been an enigma for decades. But its recent messages have turned it into a tool for Kremlin saber-rattling.

Wired
Open in Source
#web#mac#oracle#intel#auth
Europol Denies $50K Reward for Qilin Ransomware, Calls It a Scam

Europol has confirmed that a widely reported $50,000 reward for information on the Qilin ransomware group is a…

ReVault! When your SoC turns against you… deep dive edition

Talos reported 5 vulnerabilities to Broadcom and Dell affecting both the ControlVault3 Firmware and its associated Windows APIs that we are calling “ReVault”.

Ex-NSA Chief Paul Nakasone Has a Warning for the Tech World

At the Defcon security conference in Las Vegas on Friday, Nakasone tried to thread the needle in a politically fraught moment while hinting at major changes for the tech community around the corner.

Navigating Cybersecurity Risks in Crypto-Backed Lending

As crypto-backed lending gathers momentum among institutions and everyday users, cybersecurity shadows every new transaction. Billions in digital…

GHSA-g693-v3jr-8hcr: Duplicate Advisory: `ed25519-dalek` Double Public Key Signing Function Oracle Attack

### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-w5vr-6qhr-36cc. This link is maintained to preserve external references. ### Original Description The ed25519-dalek crate before 2 for Rust allows a double public key signing function oracle attack. The Keypair implementation leads to a simple computation for extracting a private key.

GHSA-p9qm-p942-q3w5: XWiki Platform vulnerable to SQL injection through XWiki#searchDocuments API

### Impact It's possible to execute any SQL query in Oracle by using the function like [DBMS_XMLGEN or DBMS_XMLQUERY](https://docs.oracle.com/en/database/oracle/oracle-database/19/arpls/DBMS_XMLGEN.html). The XWiki#searchDocuments APIs are not sanitizing the query at all and even if they force a specific select, Hibernate allows using any native function in an HQL query (for example in the WHERE). ### Patches This has been patched in 16.10.6 and 17.3.0-rc-1. ### Workarounds There is no known workaround, other than upgrading XWiki. ### References https://jira.xwiki.org/browse/XWIKI-22728 ### For more information If you have any questions or comments about this advisory: * Open an issue in [Jira XWiki.org](https://jira.xwiki.org/) * Email us at [Security Mailing List](mailto:security@xwiki.org)

Microsoft Put Older Versions of SharePoint on Life Support. Hackers Are Taking Advantage

Multiple hacking groups—including state actors from China—have targeted a vulnerability in older, on-premises versions of the file-sharing tool after a flawed attempt to patch it.

Oracle Fixes Critical Bug in Cloud Code Editor

The bug allowed an attacker an easy way to compromise full suite of developer tools in Oracle Cloud Infrastructure.

eSIM Bug in Millions of Phones Enables Spying, Takeover

eSIMs around the world may be fundamentally vulnerable to physical and network attacks because of a 6-year-old Oracle vulnerability in technology that underlies billions of cards.