Security
Headlines
HeadlinesLatestCVEs

Tag

#linux

New Strain of Rorschach Ransomware Targeting US- Firms

By Deeba Ahmed Rorschach ransomware boasts advanced encryption technology and can spread automatically on the machine if executed on a domain controller.  This is a post from HackRead.com Read the original post: New Strain of Rorschach Ransomware Targeting US- Firms

HackRead
Open in Source
#mac#windows#amazon#linux#chrome
CVE-2023-28069: DSA-2022-258: Dell Streaming Data Platform Security Update for Multiple Third-Party Component Vulnerabilities

Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. An attacker with privileges same as a legitimate user can phish the legitimate the user to redirect to malicious website leading to information disclosure and launch of phishing attacks.

RHSA-2023:1639: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.1.3 security and bug fix update

OpenShift API for Data Protection (OADP) 1.1.3 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41724: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition. * CVE-2022-41725: A flaw was found in Go, where it is vulnerable to a denial of service caused by a...

How to Teach Your Child Coding: A Gift for Their Digital Future

By Owais Sultan Let's code, kids! This is a post from HackRead.com Read the original post: How to Teach Your Child Coding: A Gift for Their Digital Future

CVE-2023-0835: markdown-pdf 11.0.0 - Local File Read via Server Side XSS | Advisories | Fluid Attacks

markdown-pdf version 11.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the Markdown content entered by the user.

CVE-2023-0357: GitHub - helpyio/helpy: Helpy is a modern, open source helpdesk customer support application. Features include knowledgebase, community discussions and support tickets integrated with email.

Helpy version 2.8.0 allows an unauthenticated remote attacker to exploit an XSS stored in the application. This is possible because the application does not correctly validate the attachments sent by customers in the ticket.

CVE-2023-0480: VitalPBX 3.2.3-8 - Account Takeover via CSRF | Advisories | Fluid Attacks

VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance administrator's account. This is possible because the application is vulnerable to CSRF.

CVE-2023-0486: VitalPBX 3.2.3-8 - Account Takeover via Reflected XSS | Advisories | Fluid Attacks

VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance's administrator account via a malicious link. This is possible because the application is vulnerable to XSS.

CVE-2023-0325: Uvdesk 1.1.1 - Stored Cross-Site Scripting | Advisories | Fluid Attacks

Uvdesk version 1.1.1 allows an unauthenticated remote attacker to exploit a stored XSS in the application. This is possible because the application does not correctly validate the message sent by the clients in the ticket.

CVE-2023-0265: Uvdesk 1.1.1 - RCE via Insecure File Upload | Advisories | Fluid Attacks

Uvdesk version 1.1.1 allows an authenticated remote attacker to execute commands on the server. This is possible because the application does not properly validate profile pictures uploaded by customers.