Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2023-38146: Windows Themes Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An attacker would need to convince a targeted user to load a Windows Themes file on a vulnerable system with access to an attacker-controlled SMB share.

Microsoft Security Response Center
Open in Source
#vulnerability#windows#rce#samba#Windows Themes#Security Vulnerability
CVE-2023-38144: Windows Common Log File System Driver Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2023-38150: Windows Kernel Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2023-38161: Windows GDI Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2023-35355: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

Google Rushes to Patch Critical Chrome Vulnerability Exploited in the Wild - Update Now

Google on Monday rolled out out-of-band security patches to address a critical security flaw in its Chrome web browser that it said has been exploited in the wild. Tracked as CVE-2023-4863, the issue has been described as a case of heap buffer overflow that resides in the WebP image format that could result in arbitrary code execution or a crash. Apple Security Engineering and Architecture (SEAR

Update Chrome now! Google patches critical vulnerability being exploited in the wild

Categories: Exploits and vulnerabilities Categories: News Tags: Google Tags: Chrome Tags: CVE-2023-4863 Tags: WebP Tags: buffer overflow Tags: 116.0.5845.187/.188 Chrome users are being urged to patch a critical vulnerability for which an exploit is available. (Read more...) The post Update Chrome now! Google patches critical vulnerability being exploited in the wild appeared first on Malwarebytes Labs.

Microsoft Teams used to deliver DarkGate Loader malware

Categories: Business Categories: News Tags: Microsoft Teams Tags: DarkGate Tags: Loader Tags: Trojan Tags: Sharepoint Tags: AutoIt Researchers have found a new distribution method for the DarkGate Loader which circumvents the security features in Microsoft Teams. (Read more...) The post Microsoft Teams used to deliver DarkGate Loader malware appeared first on Malwarebytes Labs.

CVE-2023-38878: GitHub - devcode-it/openstamanager: Il software gestionale open source per l'assistenza tecnica e la fatturazione

A reflected cross-site scripting (XSS) vulnerability in DevCode OpenSTAManager versions 2.4.24 to 2.4.47 may allow a remote attacker to execute arbitrary JavaScript in the web browser of a victim by injecting a malicious payload into the 'error' and 'error_description' parameters of 'oauth2.php'.

CVE-2023-35674

In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.