Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2023-2355

Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3900.

CVE
Open in Source
#vulnerability#windows
MilleGPG5 5.9.2 Local Privilege Escalation

MilleGPG5 version 5.9.2 suffers from a local privilege escalation vulnerability due to incorrect access controls.

CVE-2023-2335: Security and Compliance - 42Gears Mobility Systems

Plaintext Password in Registry vulnerability in 42gears surelock windows surelockwinsetupv2.40.0.Exe on Windows (Registery modules) allows Retrieve Admin user credentials This issue affects surelock windows: from 2.3.12 through 2.40.0.

Google Gets Court Order to Take Down CryptBot That Infected Over 670,000 Computers

Google on Wednesday said it obtained a temporary court order in the U.S. to disrupt the distribution of a Windows-based information-stealing malware called CryptBot and "decelerate" its growth. The tech giant's Mike Trinh and Pierre-Marc Bureau said the efforts are part of steps it takes to "not only hold criminal operators of malware accountable, but also those who profit from its distribution.

MIMEDefang Email Scanner 3.4

MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with the Sendmail 8.11 and newer "Milter" API, which makes it more flexible and efficient than procmail-based approaches.

ChurchCRM 4.5.3 SQL Injection

ChurchCRM versions 4.5.3 and below suffer from a remote SQL injection vulnerability.

CVE-2023-24966: IBM WebSphere Application Server is vulnerable to cross-site scripting in the Admin Console (CVE-2023-24966)

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 246904.

Paperbug Attack: New Politically-Motivated Surveillance Campaign in Tajikistan

A little-known Russian-speaking cyber-espionage group has been linked to a new politically-motivated surveillance campaign targeting high-ranking government officials, telecom services, and public service infrastructures in Tajikistan. The intrusion set, dubbed Paperbug by Swiss cybersecurity company PRODAFT, has been attributed to a threat actor known as Nomadic Octopus (aka DustSquad). "The

CVE-2023-29255: IBM DB2 for Linux, UNIX and Windows denial of service CVE-2023-29255 Vulnerability Report

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as it may trap when compiling a variation of an anonymous block. IBM X-Force ID: 251991.

CVE-2023-2331: Security and Compliance - 42Gears Mobility Systems

Unquoted Search Path or Element vulnerability in 42Gears Surelock Windows SureLock Service (NixService.Exe) on Windows allows Privilege Escalation, Local Execution of Code.This issue affects Surelock Windows : 2.40.0.