Riasztások

Talos Group- Cisco blog · 3 óra 2 perc

Black Hat Asia 2023 NOC: XDR (eXtended Detection and Response) in Action

The core mission in the Network Operations Center (NOC) is network resilience. We also provide integrated security, visibility and automation: a SOC (Security Operations Center) inside the NOC, with… Read more on Cisco Blogs

Talos Group- Cisco blog · 3 óra 2 perc

Black Hat Asia 2023 NOC: Connecting Singapore

In this blog about the design, deployment and automation of the Black Hat Asia network, we have the following sections:

NVD: all CVE · 3 óra 47 perc

CVE-2022-39071

There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could overwrite some system configuration files and user installers without user permission.
NVD: all CVE · 3 óra 47 perc

CVE-2022-39074

There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could start a non-public interface of an application without user permission.
NVD: all CVE · 3 óra 47 perc

CVE-2022-39075

There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could delete some system files without user permission.
NVD: all CVE · 3 óra 47 perc

CVE-2023-2952

XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file
NVD: all CVE · 3 óra 47 perc

CVE-2023-29726

The Call Blocker application 6.6.3 for Android incorrectly opens a key component that an attacker can use to inject large amounts of dirty data into the application's database. When the application starts, it loads the data from the database into memory. Once the attacker injects too much data, the application triggers an OOM error and crashes, resulting in a persistent denial of service.
NVD: all CVE · 3 óra 47 perc

CVE-2023-29727

The Call Blocker application 6.6.3 for Android allows unauthorized applications to use exposed components to delete data stored in its database that is related to user privacy settings and affects the implementation of the normal functionality of the application. An attacker can use this to cause an escalation of privilege attack.
NVD: all CVE · 3 óra 47 perc

CVE-2023-29728

The Call Blocker application 6.6.3 for Android allows attackers to tamper with feature-related data, resulting in a severe elevation of privilege attack.
NVD: all CVE · 3 óra 47 perc

CVE-2023-29738

An issue found in Wave Animated Keyboard Emoji v.1.70.7 for Android allows a local attacker to cause code execution and escalation of Privileges via the database files.
NVD: all CVE · 3 óra 47 perc

CVE-2023-29739

An issue found in Alarm Clock for Heavy Sleepers v.5.3.2 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the component.
NVD: all CVE · 3 óra 47 perc

CVE-2023-29740

An issue found in Alarm Clock for Heavy Sleepers v.5.3.2 for Android allows unauthorized apps to cause a denial of service attack by manipulating the database.
NVD: all CVE · 3 óra 47 perc

CVE-2023-29741

An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause an escalation of privileges attack by manipulating the database.
NVD: all CVE · 3 óra 47 perc

CVE-2023-29743

An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a persistent denial of service attack by manipulating the database.
NVD: all CVE · 4 óra 47 perc

CVE-2023-34151

A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546).
NVD: all CVE · 4 óra 47 perc

CVE-2023-34152

A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured.
NVD: all CVE · 4 óra 47 perc

CVE-2023-34153

A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding.
NVD: all CVE · 4 óra 47 perc

CVE-2023-2930

Use after free in Extensions in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
NVD: all CVE · 4 óra 47 perc

CVE-2023-2931

Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)