Schneier on Security Another rare security + squid story: The woman—who has only been identified by her surname, Wang—was having a meal with friends at a hotpot restaurant in Kunming, a city in southwest China. When everyone’s selections arrived at the table, she posted a photo of the spread on the Chinese social media platform…
Weiterlesen
Open Source Security Posted by Alan Coopersmith on Dec 08 https://github.com/fish-shell/fish-shell/security/advisories/GHSA-2j9r-pm96-wp4f reports: Package: fish-shell Affected versions: < 3.6.2 Patched versions: 3.6.2 CVSS: 3.9 (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L) CVE ID: CVE-2023-49284 Impact: fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command substitution output, rather than… Read…
Weiterlesen
The Hacker News A collection of security flaws in the firmware implementation of 5G mobile network modems from major chipset vendors such as MediaTek and Qualcomm impact USB and IoT modems as well as hundreds of smartphone models running Android and iOS. Of the 14 flaws – collectively called 5Ghoul (a combination of „5G“ and „Ghoul“) – 10…
Weiterlesen
Forgejo Releases Post Content Read More
heise Security Betroffene Kommunen und deren Bürger werden nach dem verheerenden Angriff auf die Südwestfalen-IT noch wochenlang Einschränkungen hinnehmen müssen. Read More
QNAP Systems, Inc. – Network Attached Storage (NAS) An OS command injection vulnerability has been found to affect legacy QNAP VioStor NVR models running QVR Firmware 4.x. If exploit … More Read More
QNAP Systems, Inc. – Network Attached Storage (NAS) Two buffer copy without checking size of input vulnerabilities have been reported to affect several QNAP operating system versions … More Read More
QNAP Systems, Inc. – Network Attached Storage (NAS) Multiple vulnerabilities have been reported in Samba, which affect certain QNAP operating system versions. We have already fixed t … More Read More
The Hacker News The North Korean threat actor known as Kimsuky has been observed targeting research institutes in South Korea as part of a spear-phishing campaign with the ultimate goal of distributing backdoors on compromised systems. „The threat actor ultimately uses a backdoor to steal information and execute commands,“ the AhnLab Security Emergency Response Center (ASEC) said in an Read More
Qualys Security Blog OpenCms is a popular open-source Java framework developed by Alkacon Software. OpenCms provides a platform for users to design and develop web applications. The latest version of the framework is 16.0. About CVE-2023-42344 CVE-2023-42344 is a critical vulnerability where users can execute code without authentication. An attacker can execute malicious requests on the…
Weiterlesen
