Please turn on your JavaScript for this page to function normally.

vulnerability disclosure

Eddie Zhang
Vulnerability disclosure: Legal risks and ethical considerations for researchers

In this Help Net Security interview, Eddie Zhang, Principal Consultant at Project Black, explores the complex and often controversial world of vulnerability disclosure in …

open-source software
Open-source vulnerability disclosure: Exploitable weak spots

Flaws in the vulnerability disclosure process of open-source projects could be exploited by attackers to harvest the information needed to launch attacks before patches are …

Linux
GNOME users at risk of RCE attack (CVE-2023-43641)

If you’re running GNOME on you Linux system(s), you are probably open to remote code execution attacks via a booby-trapped file, thanks to a memory corruption …

Curl
Be prepared to patch high-severity vulnerability in curl and libcurl

UPDATE (October 11, 2023, 07:15 a.m. ET): Curl v8.4.0 is out and fixes both CVE-2023-38545, a SOCKS5 heap buffer overflow vulnerability and CVE-2023-38546, a cookie injection …

Exim
Critical zero-days in Exim revealed, only 3 have been fixed

Six zero-days in Exim, the most widely used mail transfer agent (MTA), have been revealed by Trend Micro’s Zero Day Initiative (ZDI) last Wednesday. Due to what seems to …

law
How EU lawmakers can make mandatory vulnerability disclosure responsible

There is a standard playbook and best practice for when an organization discovers or is notified about a software vulnerability: The organization works quickly to fix the …

Stremio
CyFox disclose Stremio vulnerability, developers don’t agree on findings

UPDATE: August 2, 10:21 AM PT The Stremio team published a blog post saying that they’ve received a report from CyFox, but that they did not consider it valid, so they …

vulnerabilities
Owncast, EaseProbe security vulnerabilities revealed

Oxeye has uncovered two critical security vulnerabilities and recommends immediate action to mitigate risk. The vulnerabilities were discovered in Owncast (CVE-2023-3188) and …

GitHub
GitHub introduces private vulnerability reporting for open source repositories

GitHub has announced that its private vulnerability reporting feature for open source repositories is now available to all project owners. General availability The private …

Samsung Exynos
Samsung, Vivo, Google phones open to remote compromise without user interaction

Several vulnerabilities in Samsung’s Exynos chipsets may allow attackers to remotely compromise specific Samsung Galaxy, Vivo and Google Pixel mobile phones with no user …

approved
ICS vulnerabilities: Insights from advisories, how CVEs are reported

SynSaber recently released its second Industrial Control Systems (ICS) Vulnerabilities & CVEs Report. In this Help Net Security video, Ronnie Fabela, CTO at SynSaber, …

Fortinet
FortiOS flaw was exploited to compromise governmental targets (CVE-2022-42475)

A critical vulnerability in FortiOS SSL-VPN (CVE-2022-42475) that Fortinet has issued patches for in November 2022 has been exploited by attackers to compromise governmental …

Don't miss

Cybersecurity news