Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2023-35898: Security Bulletin: IBM InfoSphere Information Server is affected by an information disclosure vulnerability (CVE-2023-35898)

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information due to an insecure security configuration in InfoSphere Data Flow Designer. IBM X-Force ID: 259352.

CVE
Open in Source
#vulnerability#windows#linux#auth#ibm
CVE-2023-22062: Oracle Critical Patch Update Advisory - July 2023

Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).

CVE-2023-30383: Download for Archer C2 | TP-Link

TP-LINK Archer C50v2 Archer C50(US)_V2_160801, TP-LINK Archer C20v1 Archer_C20_V1_150707, and TP-LINK Archer C2v1 Archer_C2_US__V1_170228 were discovered to contain a buffer overflow which may lead to a Denial of Service (DoS) when parsing crafted data.

CCOM Events CMS 0.1.02 SQL Injection

CCOM Events CMS version 0.1.02 suffers from a remote SQL injection vulnerability.

Catpops Technobiz CMS 4.0 Cross Site Scripting

Catpops Technobiz CMS version 4.0 suffers from a cross site scripting vulnerability.

Carbiz Buy Sell Car Marketplace Script 1.2.0 Insecure Settings

Carbiz Buy Sell Car Marketplace Script version 1.2.0 appears to leave default credentials installed after installation.

Red Hat Security Advisory 2023-4025-01

Red Hat Security Advisory 2023-4025-01 - Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers. Issues addressed include a bypass vulnerability.

Capitol Matrimonial Banquet Centre 1.5 SQL Injection

Capitol Matrimonial Banquet Centre version 1.5 suffers from a remote SQL injection vulnerability.

Pakistani Entities Targeted in Sophisticated Attack Deploying ShadowPad Malware

An unidentified threat actor compromised an application used by multiple entities in Pakistan to deliver ShadowPad, a successor to the PlugX backdoor that's commonly associated with Chinese hacking crews. Targets included a Pakistan government entity, a public sector bank, and a telecommunications provider, according to Trend Micro. The infections took place between mid-February 2022 and

FakeSG enters the 'FakeUpdates' arena to deliver NetSupport RAT

Categories: Threat Intelligence Tags: fakeupdates Tags: socgholish Tags: netsupport Tags: RAT A new campaign leveraging compromised WordPress sites emerges with another fake browser update. (Read more...) The post FakeSG enters the 'FakeUpdates' arena to deliver NetSupport RAT appeared first on Malwarebytes Labs.