Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2023-5763: Eclipse GlassFish Security Guide, Release 7

In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners.

CVE
Open in Source
#xss#vulnerability#web#mac#windows#linux#dos#apache#js#git#java#oracle#intel#perl#ldap#amd#buffer_overflow#acer#auth#ssh#maven#ssl
CVE-2023-31102: 7-Zip / Discussion / Open Discussion: 7-Zip 23.00

7-Zip through 22.01 on Linux allows an integer underflow and code execution via a crafted 7Z archive.

CVE-2023-35896: IBM Content Navigator is vulnerable to Server Side Request Forgery leading to Arbitrary File Read due to Oracle Outside In Technology (CVE-2023-35896)

IBM Content Navigator 3.0.13 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 259247.

Exploring Software Categories: From Basics to Specialized Applications

By Waqas Software is the backbone of modern technology, serving various purposes across different sectors. The vast array of software… This is a post from HackRead.com Read the original post: Exploring Software Categories: From Basics to Specialized Applications

Should you allow your browser to remember your passwords?

It’s very convenient to store your passwords in your browser. But is it a good idea?

CVE-2023-31027: NVIDIA Support

NVIDIA GPU Display Driver for Windows contains a vulnerability that allows Windows users with low levels of privilege to escalate privileges when an administrator is updating GPU drivers, which may lead to escalation of privileges.

You’d be surprised to know what devices are still using Windows CE

The Arid Viper threat actor is actively trying to install spyware on targeted devices in the Middle East, using fake dating apps as lures.

Microsoft Does Damage Control With Its New 'Secure Future Initiative'

Following a string of serious security incidents, Microsoft says it has a plan to deal with escalating threats from cybercriminals and state-backed hackers.

Red Lion Crimson

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Red Lion Equipment: FlexEdge Gateway, DA50A, DA70A running Crimson Vulnerability: Improper Neutralization of Null Byte or NUL Character 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to truncate passwords configured by the Crimson configuration tool which could create weaker than intended credentials. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Red Lion products are affected: Crimson: v3.2.0053.18 or prior 3.2 Vulnerability Overview 3.2.1 IMPROPER NEUTRALIZATION OF NULL BYTE OR NUL CHARACTER CWE-158 The Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent (%) character, invalid values will be included, potentially truncating the string if a NUL is encountered....

Researchers Find 34 Windows Drivers Vulnerable to Full Device Takeover

As many as 34 unique vulnerable Windows Driver Model (WDM) and Windows Driver Frameworks (WDF) drivers could be exploited by non-privileged threat actors to gain full control of the devices and execute arbitrary code on the underlying systems. "By exploiting the drivers, an attacker without privilege may erase/alter firmware, and/or elevate [operating system] privileges," Takahiro Haruyama, a