ZDI-24-1415: Schneider Electric Zelio Soft 2 ZM2 File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric Zelio Soft 2. User interaction is required to exploit this...
ZDI-24-1416: Schneider Electric EcoStruxure Data Center Expert Missing Authentication Information Disclosure Vulnerability
The vulnerability allows remote attackers to disclose sensitive information on affected installations of Schneider Electric EcoStruxure Data Center Expert. Authentication is not required to exploit...
ZDI-24-1417: Schneider Electric EcoStruxure Data Center Expert Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability
The vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Data Center Expert. Authentication is required to exploit this...
ZDI-24-1418: Trend Micro Cloud Edge REST API Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Cloud Edge. Authentication is not required to exploit this vulnerability....
Smashing Security podcast #389: WordPress vs WP Engine, and the Internet Archive is down
WordPress's emperor, Matt Mullenweg, demands a hefty tribute from WP Engine, and a battle erupts, leaving millions of websites hanging in the balance. Meanwhile, the...
USN-7073-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the...
USN-7072-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the...
USN-7071-1: Linux kernel vulnerability
A security issue was discovered in the Linux kernel. An attacker could possibly use this to compromise the system. This update corrects flaws in the...
Drupal core – Moderately critical – Improper error handling – SA-CORE-2024-002
Project: Drupal core Date: 2024-October-16 Security risk: Moderately critical 13 ∕ 25 AC:Basic/A:None/CI:None/II:All/E:Theoretical/TD:Uncommon Vulnerability: Improper error handling Affected versions: >=10.0 < 10.2.10 Description: Under certain uncommon site...
CISA Urges Improvements in US Software Supply Chain Transparency
CISA released the third edition of SBOM guidelines to enhance software component transparency Read More