Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2023-22130: Oracle Critical Patch Update Advisory - October 2023

Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

CVE
Open in Source
#sql#vulnerability#web#mac#windows#apple#google#linux#apache#redis#nodejs#js#git#java#oracle#kubernetes#intel#php#c++#ldap#samba#pdf#graalvm#auth#ssh#docker#maven#kotlin#ssl
CVE-2023-27132: TSPlus 16.0.0.0 Insecure Credential Storage ≈ Packet Storm

TSplus Remote Work 16.0.0.0 places a cleartext password on the "var pass" line of the HTML source code for the secure single sign-on web portal. NOTE: CVE-2023-31069 is only about the TSplus Remote Access product, not the TSplus Remote Work product.

CVE-2023-27133: TSPlus 16.0.0.0 Insecure Permissions ≈ Packet Storm

TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .html files under the %PROGRAMFILES(X86)%\TSplus-RemoteWork\Clients\www folder. This may enable privilege escalation if a different local user modifies a file. NOTE: CVE-2023-31067 and CVE-2023-31068 are only about the TSplus Remote Access product, not the TSplus Remote Work product.

CVE-2023-37537: Knowledge Article View HCL - Customer Support

An unquoted service path vulnerability in HCL AppScan Presence, deployed as a Windows service in HCL AppScan on Cloud (ASoC), may allow a local attacker to gain elevated privileges.

CVE-2023-43959: OffSec’s Exploit Database Archive

An issue in YeaLinkSIP-T19P-E2 v.53.84.0.15 allows a remote privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component.

CVE-2022-3761

OpenVPN Connect versions before 3.4.0.4506 (macOS) and OpenVPN Connect before 3.4.0.3100 (Windows) allows man-in-the-middle attackers to intercept configuration profile download requests which contains the users credentials

Snapshot fuzzing direct composition with WTF

Although there is public research on Direct Composition, only a few discuss fuzzing this feature, and none, to our knowledge, that covers snapshot fuzzing.

CVE-2022-43893: ELAN Microelectronics Miniport touchpad Windows driver denial of service CVE-2021-42205 Vulnerability Report

IBM Security Verify Privilege On-Premises 11.5 could allow a privileged user to cause by using a malicious payload. IBM X-Force ID: 240634.

CVE-2022-22377: Security Bulletin: IBM Security Verify Privilege On-Premise is affected by multiple security vulnerabilities

IBM Security Verify Privilege On-Premises 11.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 221827.

CVE-2023-40373: IBM® Db2® is vulnerable to denial of service with a specially crafted query containing common table expressions (CVE-2023-40373)

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted query containing common table expressions. IBM X-Force ID: 263574.