Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

CVE-2022-38112: DPA 2023.1 Release Notes

In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext.

CVE
Open in Source
#sql#xss#vulnerability#web#windows#microsoft#linux#oracle#vmware#auth
Microsoft Innovations for 2023: What to Look Out for This Year

By Owais Sultan This article will highlight some of the most significant Microsoft innovations that could make an impact in 2023 and beyond. This is a post from HackRead.com Read the original post: Microsoft Innovations for 2023: What to Look Out for This Year

Ubuntu Security Notice USN-5814-1

Ubuntu Security Notice 5814-1 - Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

OpenText Extended ECM 22.3 File Deletion / LFI / Privilege Escsalation

OpenText Extended ECM versions 16.2.2 through 22.3 suffer from arbitrary file deletion, information disclosure, local file inclusion, and privilege escalation vulnerabilities.

OpenText Extended ECM 22.3 Java Frontend Remote Code Execution

OpenText Extended ECM versions 20.4 through 22.3 suffer from a pre-authentication remote code execution vulnerability in the Java frontend.

OpenText Extended ECM 22.3 cs.exe Remote Code Execution

OpenText Extended ECM versions 20.4 through 22.3 suffer from a pre-authentication remote code execution vulnerability in cs.exe.

CVE-2022-41441: Microsoft Dynamics ERP | End-to-End eProcurement Solution | ReQlogic

Multiple cross-site scripting (XSS) vulnerabilities in ReQlogic v11.3 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the POBatch and WaitDuration parameters.

Gamaredon Group Launches Cyberattacks Against Ukraine Using Telegram

The Russian state-sponsored cyber espionage group known as Gamaredon has continued its digital onslaught against Ukraine, with recent attacks leveraging the popular messaging app Telegram to strike military and law enforcement sectors in the country. "The Gamaredon group's network infrastructure relies on multi-stage Telegram accounts for victim profiling and confirmation of geographic location,

OpenAI’s ChatGPT Can Create Polymorphic Malware

By Waqas The researchers managed to create the Polymorphic malware by bypassing the content filters in ChatGPT by using an authoritative tone. This is a post from HackRead.com Read the original post: OpenAI’s ChatGPT Can Create Polymorphic Malware

CVE-2023-23691: DSA-2023-018: Dell PowerVault ME5 Security Update for a Client Desync Attack Vulnerability

Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, contains a Client-side desync Vulnerability. An unauthenticated attacker could potentially exploit this vulnerability to force a victim's browser to desynchronize its connection with the website, typically leading to XSS and DoS.