-
Technology & National Security Reflection Series Paper 10: International Responsibility for Hacker-for-Hire Operations: The BellTrox Problem
Anmol Dhawan* About the Author: The author is a 2021 graduate of National Law University, Delhi. Editor’s Note: This post is part of the Reflection Series showcasing exceptional student essays from CCG-NLUD’s Seminar Course on Technology & National Security Law. In the present essay, the author’s contribution serves as an adapted reflection to the following…
-
Introducing the Reflection Series on CCG’s Technology and National Security Law and Policy Seminar Course
In February 2022, CCG-NLUD will commence the latest edition of its Seminar Course on Technology and National Security Law and Policy (“the Seminar Course”). The Seminar Course is offered to interested 4th and 5th year students who are enrolled in the B.A. LL.B. (Hons.) programme at the National Law University, Delhi. The course is set…
-
Technology and National Security Law Reflection Series Paper 5: Legality of Cyber Weapons Under International Law
Siddharth Gautam* About the Author: The author is a 2020 graduate of National Law University, Delhi. Editor’s note: This post is part of the Reflection Series showcasing exceptional student essays from CCG-NLUD’s Seminar Course on Technology & National Security Law. In the present essay, the author reflects upon the following question: What are cyber weapons?…
-
CVE-2024-9939 – WordPress File Upload Path Traversal Vulnerability
CVE ID : CVE-2024-9939 Published : Jan. 8, 2025, 9:15 a.m. | 35 minutes ago Description : The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.13 via wfu_file_downloader.php. This makes it possible for unauthenticated attackers to read files outside of the originally intended directory. Severity:…
-
CVE-2024-45033 – Apache Airflow Fab Provider Insufficient Session Expiration Remote Authentication Bypass
CVE ID : CVE-2024-45033 Published : Jan. 8, 2025, 9:15 a.m. | 35 minutes ago Description : Insufficient Session Expiration vulnerability in Apache Airflow Fab Provider. This issue affects Apache Airflow Fab Provider: before 1.5.2. When user password has been changed with admin CLI, the sessions for that user have not been cleared, leading to insufficient…
-
CVE-2024-54676 – Apache OpenMeetings Object Deserialization Vulnerability
CVE ID : CVE-2024-54676 Published : Jan. 8, 2025, 9:15 a.m. | 35 minutes ago Description : Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0 Description: Default clustering instructions at https://openmeetings.apache.org/Clustering.html doesn’t specify white/black lists for OpenJPA this leads to possible deserialisation of untrusted data. Users are recommended to upgrade to…
-
CVE-2024-13186 – Apache MinigameCenter Information Leak
CVE ID : CVE-2024-13186 Published : Jan. 8, 2025, 9:15 a.m. | 35 minutes ago Description : The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some information leakage. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more… Go to Source