Remote Code Execution in Kardex MLOG
Posted by Patrick Hener on Feb 16 Remote Code Execution in Kardex MLOG ======================================================================= Product: Kardex Mlog MCC Vendor: Kardex Holding AG Tested Version: 5.7.12+0-a203c2a213-master...
DSA-5351 webkit2gtk – security update
The following vulnerabilities have been discovered in the WebKitGTK web engine: Read More
DSA-5352 wpewebkit – security update
The following vulnerabilities have been discovered in the WPE WebKit web engine: Read More
DSA-5353 nss – security update
Christian Holler discovered that incorrect handling of PKCS 12 Safe Bag attributes in nss, the Mozilla Network Security Service library, may result in execution of...
Malware authors leverage more attack techniques that enable lateral movement
A new study of over a half-million malware samples collected from various sources in 2022 revealed that attackers put a high value on lateral movement,...
CVE-2021-23980
A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title,...
CVE-2020-6817
bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed...
CVE-2020-12413
The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabled support for DHE ciphersuites....
CVE-2019-17003
Scanning a QR code that contained a javascript: URL would have resulted in the Javascript being executed. Read More
CVE-2021-0187
Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local...