Security
Headlines
HeadlinesLatestCVEs

Latest News

Facebook Asks Supreme Court to Dismiss Cambridge Analytica Lawsuit

Meta has maintained that Facebook did not mislead investors by not including mention of the Cambridge Analytica scandal in its forward-looking risk disclosures, but the plaintiffs say it was a glaring omission.

DARKReading
#auth
Microsoft Bookings Flaw Enables Account Hijacking and Impersonation

A vulnerability in Microsoft Bookings can expose your organization to serious security risks. Learn how attackers can exploit…

HASOMED Elefant / Elefant Software Updater Data Exposure / Privilege Escalation

HASOMED Elefant versions prior to 24.04.00 and Elefant Software Updater versions prior to 1.4.2.1811 suffer from having an unprotected exposed firebird database, unprotected FHIR API, multiple local privilege escalation, and hardcoded service password vulnerabilities.

Ubuntu Security Notice USN-7099-1

Ubuntu Security Notice 7099-1 - Andy Boothe discovered that the Networking component of OpenJDK 21 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. It was discovered that the Hotspot component of OpenJDK 21 did not properly handle vectorization under certain circumstances. An unauthenticated attacker could possibly use this issue to access unauthorized resources and expose sensitive information.

Ubuntu Security Notice USN-7098-1

Ubuntu Security Notice 7098-1 - Andy Boothe discovered that the Networking component of OpenJDK 17 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. It was discovered that the Hotspot component of OpenJDK 17 did not properly handle vectorization under certain circumstances. An unauthenticated attacker could possibly use this issue to access unauthorized resources and expose sensitive information.

Ubuntu Security Notice USN-7097-1

Ubuntu Security Notice 7097-1 - Andy Boothe discovered that the Networking component of OpenJDK 11 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. It was discovered that the Hotspot component of OpenJDK 11 did not properly handle vectorization under certain circumstances. An unauthenticated attacker could possibly use this issue to access unauthorized resources and expose sensitive information.

Ubuntu Security Notice USN-7096-1

Ubuntu Security Notice 7096-1 - Andy Boothe discovered that the Networking component of OpenJDK 8 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. It was discovered that the Hotspot component of OpenJDK 8 did not properly handle vectorization under certain circumstances. An unauthenticated attacker could possibly use this issue to access unauthorized resources and expose sensitive information.

Ubuntu Security Notice USN-7094-1

Ubuntu Security Notice 7094-1 - It was discovered that QEMU incorrectly handled memory during certain VNC operations. A remote attacker could possibly use this issue to cause QEMU to consume resources, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. It was discovered that QEMU incorrectly handled certain memory copy operations when loading ROM contents. If a user were tricked into running an untrusted kernel image, a remote attacker could possibly use this issue to run arbitrary code. This issue only affected Ubuntu 14.04 LTS.

Debian Security Advisory 5807-1

Debian Linux Security Advisory 5807-1 - Several vulnerabilities were discovered in NSS, a set of cryptographic libraries, which may result in denial of service or potentially the execution of arbitrary code.

WSO2 4.0.0 / 4.1.0 / 4.2.0 Shell Upload

WS02 versions 4.0.0, 4.1.0, and 4.2.0 are susceptible to remote code execution via an arbitrary file upload vulnerability.