Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

Ubuntu Security Notice USN-6500-2

Ubuntu Security Notice 6500-2 - USN-6500-1 fixed several vulnerabilities in Squid. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Joshua Rogers discovered that Squid incorrectly handled the Gopher protocol. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. Gopher support has been disabled in this update.

Packet Storm
#vulnerability#web#ubuntu#dos#auth
“Amazon got hacked” messages are a false alarm

A message about extra delivery addresses getting added to Amazon accounts has gone wild on social media. Luckily, it's nothing to worry about.

CVE-2023-6194: XXE in Eclipse Memory Analyzer report definition files (#15) · Issues · Eclipse Projects Security / cve-assignement · GitLab

In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit document type definition (DTD) references to external entities. This means that if a user chooses to use a malicious report definition XML file containing an external entity reference to generate a report then Eclipse Memory Analyzer may access external files or URLs defined via a DTD in the report definition.

CVE-2023-6671: Cross-Site Request Forgery on OPEN JOURNAL SYSTEMS

A vulnerability has been discovered on OJS, that consists in a CSRF (Cross-Site Request Forgery) attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated.

Interpol Busts Human Traffickers Luring Victims with Fake Online Job Ads

By Deeba Ahmed Operation Storm Makers II, as dubbed by Interpol, witnessed the mobilization of law enforcement agencies from 27 countries. This is a post from HackRead.com Read the original post: Interpol Busts Human Traffickers Luring Victims with Fake Online Job Ads

Insights into your unpatched vulnerabilities

Malwarebytes is offering customers its ThreatDown Vulnerability Assessment solution without extra costs to help reduce attack surfaces and improve their security posture

CVE-2023-5500: VDE-2023-049 | CERT@VDE

This vulnerability allows an remote attacker with low privileges to misuse Improper Control of Generation of Code ('Code Injection') to gain full control of the affected device.

SpyLoan Scandal: 18 Malicious Loan Apps Defraud Millions of Android Users

Cybersecurity researchers have discovered 18 malicious loan apps for Android on the Google Play Store that have been collectively downloaded over 12 million times. "Despite their attractive appearance, these services are in fact designed to defraud users by offering them high-interest-rate loans endorsed with deceitful descriptions, all while collecting their victims' personal and

CVE-2023-50465: Releases · monicahq/monica

A stored cross-site scripting (XSS) vulnerability exists in Monica (aka MonicaHQ) 4.0.0 via an SVG document uploaded by an authenticated user.