Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2023-41077: About the security content of macOS Ventura 13.6.1

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.1. An app may be able to access protected user data.

CVE
Open in Source
#vulnerability#web#mac#windows#dos#auth#zero_day
CVE-2023-5731: Security Vulnerabilities fixed in Firefox 119

Memory safety bugs present in Firefox 118. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 119.

CVE-2023-46650: security - Multiple vulnerabilities in Jenkins plugins

Jenkins GitHub Plugin 1.37.3 and earlier does not escape the GitHub project URL on the build page when showing changes, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

CVE-2023-5671: HP Print and Scan Doctor for Windows - Potential Escalation of Privilege

HP Print and Scan Doctor for Windows may potentially be vulnerable to escalation of privilege. HP is releasing software updates to mitigate the potential vulnerability.

CVE-2023-46158: Security Bulletin: IBM WebSphere Application Server Liberty could provide weaker than expected security (CVE-2023-46158)

IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 could provide weaker than expected security due to improper resource expiration handling. IBM X-Force ID: 268775.

CVE-2023-23767: Release notes - GitHub Enterprise Server 3.9 Docs

Incorrect Permission Assignment for Critical Resource in GitHub Enterprise Server that allowed local operating system user accounts to read MySQL connection details including the MySQL password via configuration files. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.7.18, 3.8.11, 3.9.6, and 3.10.3.

Kazakhstan-associated YoroTrooper disguises origin of attacks as Azerbaijan

Cisco Talos assesses with high confidence that YoroTrooper, an espionage-focused threat actor first active in June 2022, likely consists of individuals from Kazakhstan based on their use of Kazakh currency and fluency in Kazakh and Russian.

Malvertising Campaign Targets Brazil's PIX Payment System with GoPIX Malware

The popularity of Brazil's PIX instant payment system has made it a lucrative target for threat actors looking to generate illicit profits using a new malware called GoPIX. Kaspersky, which has been tracking the active campaign since December 2022, said the attacks are pulled off using malicious ads that are served when potential victims search for "WhatsApp web" on search engines. "The

Meet Rhysida, a New Ransomware Strain That Deletes Itself

Emerging RaaS operation uses Rhysida ransomware paired with a wicked infostealer called Lumar, researchers warn.

Social Login Flaws in Popular Websites Risked Billions of User Accounts

By Deeba Ahmed The critical API security flaws in the social sign-in and OAuth (Open Authentication) implementations affected high-profile companies like… This is a post from HackRead.com Read the original post: Social Login Flaws in Popular Websites Risked Billions of User Accounts