ZDI-23-1004: SolarWinds Orion Platform WriteToFile Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. Read More
ZDI-23-1005: SolarWinds Orion Platform UpdateActionsProperties Incorrect Behavior Order Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. Read More
ZDI-23-1006: SolarWinds Orion Platform SendHttpRequest Missing Authorization Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. Read More
USN-6257-1: Open VM Tools vulnerability
It was discovered that Open VM Tools incorrectly handled certain authentication requests. A fully compromised ESXi host can force Open VM Tools to fail to...
Smashing Security podcast #332: Nudes leak at the plastic surgery, Mali mail mix-up, and WormGPT
Dr 90210 finds himself in a sticky situation after his patients' plastic surgery photos AND more end up in the hands of hackers, emails to...
xen-4.16.4-2.fc37
FEDORA-2023-1bd1171606 Packages in this update: xen-4.16.4-2.fc37 Update description: x86/AMD: Zenbleed [XSA-433, CVE-2023-20593] Read More
CVE-2022-31455
* A cross-site scripting (XSS) vulnerability in Truedesk v1.2.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a...
USN-6256-1: Linux kernel (IoT) vulnerabilities
Jiasheng Jiang discovered that the HSA Linux kernel driver for AMD Radeon GPU devices did not properly validate memory allocation in certain situations, leading to...
CVE-2022-31456
A cross-site scripting (XSS) vulnerability in Truedesk v1.2.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the team...
Following claims by two ransomware groups, Yamaha confirms cyberattack
Yamaha Corporation, the world's largest producer of musical equipment, has confirmed that has suffered a "cybersecurity incident" during which hackers gained unauthorised access to its...