#sap

An update for the mysql:8.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21594: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can resu...

An update for gssntlmssp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25563: A flaw was found in GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication. Multiple out-of-bounds reads occur when decoding NTLM fields and can trigger a denial of service. A 32-bit integer overflow condition can lead to incorrect checks of the consistency of the length of internal buffers. Although most app...

One long-awaited security move caused a ripple effect in the cybercrime ecosystem.

Black Hat Asia's NOC team gives a look inside what's really happening on the cyberfront during these events.

Altenergy Power Control Software C1.2.5 was discovered to contain a remote code execution (RCE) vulnerability via the component /models/management_model.php.

Relatively few organizations have the resources for security programs and security professionals, so the US cyber agency is putting programs in place to help them, while striving to understand the scope of the problem itself.

The social network's new privacy feature is technically flawed, opt-in, and limited in its functionality. All this for just $8 a month.

A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. This affects the function exec of the file disapprove_delete.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228549 was assigned to this vulnerability.

Microsoft has rolled out Patch Tuesday updates for May 2023 to address 38 security flaws, including one zero-day bug that it said is being actively exploited in the wild. Trend Micro's Zero Day Initiative (ZDI) said the volume is the lowest since August 2021, although it pointed out that "this number is expected to rise in the coming months." Of the 38 vulnerabilities, six are rated Critical and

Categories: Exploits and vulnerabilities Categories: News Tags: Microsoft Tags: CVE-2023-29336 Tags: CVE-2023-24932 Tags: bootkit Tags: CVE-2023-29325 Tags: Outlook Tags: preview Tags: CVE-2023-24941 Tags: Apple Tags: Cisco Tags: Google Tags: Android Tags: VMWare Tags: SAP Tags: Mozilla Microsoft's Patch Tuesday round up for May 2023 includes patches for three zero-day vulnerabilities and one critical remote code execution vulnerability (Read more...) The post Update now! May 2023 Patch Tuesday tackles three zero-days appeared first on Malwarebytes Labs.