ZDI-24-1688: Linux Kernel ksmbd PreviousSessionId Race Condition Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is required to exploit this vulnerability. However, only systems...
ZDI-24-1682: GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of GeoVision GV-ASManager. Although authentication is required to exploit this vulnerability, default guest...
ZDI-24-1683: Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Center. An attacker must first obtain the ability to execute low-privileged code...
ZDI-24-1684: Progress Software WhatsUp Gold GetSqlWhereClause SQL Injection Privilege Escalation Vulnerability
This vulnerability allows remote attackers to escalate privileges on affected installations of Progress Software WhatsUp Gold. Authentication is required to exploit this vulnerability. The ZDI...
ZDI-24-1685: Progress Software WhatsUp Gold GetOrderByClause SQL Injection Privilege Escalation Vulnerability
This vulnerability allows remote attackers to escalate privileges on affected installations of Progress Software WhatsUp Gold. Authentication is required to exploit this vulnerability. The ZDI...
ZDI-24-1686: Progress Software WhatsUp Gold GetFilterCriteria SQL Injection Privilege Escalation Vulnerability
This vulnerability allows remote attackers to escalate privileges on affected installations of Progress Software WhatsUp Gold. Authentication is required to exploit this vulnerability. The ZDI...
ZDI-24-1687: Progress Software WhatsUp Gold GetFilterCriteria SQL Injection Privilege Escalation Vulnerability
This vulnerability allows remote attackers to escalate privileges on affected installations of Progress Software WhatsUp Gold. Authentication is required to exploit this vulnerability. The ZDI...
Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe...
Mitel MiCollab Unauthorized Access (CVE-2024–35286 & CVE-2024–41713)
What is the attack?Two security flaws in Mitel MiCollab, CVE-2024–35286 and CVE-2024–41713, have been found and are being actively exploited, putting many organizations at risk....
Smashing Security podcast #397: Snowflake hackers, and under the influence
A Canadian man is arrested in relation to the Snowflake hacks from earlier this year - after a cybersecurity researcher managed to track his identity,...