Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

RHSA-2023:4603: Red Hat Security Advisory: OpenShift Container Platform 4.13.9 bug fix and security update

Red Hat OpenShift Container Platform release 4.13.9 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number...

Red Hat Security Data
Open in Source
#vulnerability#web#mac#linux#red_hat#dos#nodejs#js#kubernetes#vmware#aws#alibaba#ibm#rpm#ssl
CVE-2023-38863: my_iot_vul/COMFAST/CF-XR11/Command_Inject4 at main · TTY-flag/my_iot_vul

An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the ifname and mac parameters in the sub_410074 function at bin/webmgnt.

CVE-2023-38840: Erase Master Password in memory after login · Issue #476 · bitwarden/desktop

Bitwarden Windows Desktop v2023.5.1 and below allows an attacker with local access to obtain sensitive information via the Bitwarden.exe process.

WordPress Core 5.6.2 XPath Injection

WordPress Core version 5.6.2 appears to suffer from an xpath injection vulnerability via the log parameter.

Monti Ransomware Returns with New Linux Variant and Enhanced Evasion Tactics

The threat actors behind the Monti ransomware have resurfaced after a two-month break with a new Linux version of the encryptor in its attacks targeting government and legal sectors. Monti emerged in June 2022, weeks after the Conti ransomware group shut down its operations, deliberately imitating the tactics and tools associated with the latter, including its leaked source code. Not anymore.

Over 12,000 Computers Compromised by Info Stealers Linked to Users of Cybercrime Forums

A "staggering" 120,000 computers infected by stealer malware have credentials associated with cybercrime forums, many of them belonging to malicious actors. The findings come from Hudson Rock, which analyzed data collected from computers compromised between 2018 to 2023. "Hackers around the world infect computers opportunistically by promoting results for fake software or through YouTube

North Korean Hackers Suspected in New Wave of Malicious npm Packages

The npm package registry has emerged as the target of yet another highly targeted attack campaign that aims to entice developers into downloading malevolent modules. Software supply chain security firm Phylum told The Hacker News the activity exhibits similar behaviors to that of a previous attack wave uncovered in June, which has since been linked to North Korean threat actors. As many as nine

CVE-2023-40518: LiteSpeed Web Server Release Log

LiteSpeed OpenLiteSpeed before 1.7.18 does not strictly validate HTTP request headers.