Security
Headlines
HeadlinesLatestCVEs

Tag

#linux

CVE-2023-36621: Stored XSS & Privilege Escalation in Boomerang Parental Control App

An issue was discovered in the Boomerang Parental Control application through 13.83 for Android. The child can use Safe Mode to remove all restrictions temporarily or uninstall the application without the parents noticing.

CVE
Open in Source
#xss#vulnerability#web#android#google#microsoft#linux#js#git#perl#samsung#auth#asp.net
CVE-2023-31102: 7-Zip / Discussion / Open Discussion: 7-Zip 23.00

7-Zip through 22.01 on Linux allows an integer underflow and code execution via a crafted 7Z archive.

CVE-2023-35896: IBM Content Navigator is vulnerable to Server Side Request Forgery leading to Arbitrary File Read due to Oracle Outside In Technology (CVE-2023-35896)

IBM Content Navigator 3.0.13 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 259247.

CVE-2023-42029: Security Bulletin: "Cross Site Scripting" affects IBM CICS TX Standard and IBM CICS TX Advanced

IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 266059.

CVE-2023-42027: Security Bulletin: "Cross Site Request Forgery" affects IBM CICS TX Advanced and IBM CICS TX Standard

IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 266057.

Exploring Software Categories: From Basics to Specialized Applications

By Waqas Software is the backbone of modern technology, serving various purposes across different sectors. The vast array of software… This is a post from HackRead.com Read the original post: Exploring Software Categories: From Basics to Specialized Applications

CVE-2023-42299: heap-buffer-overflow in file src/gif.imageio/gifinput.cpp, line 368 · Issue #3840 · AcademySoftwareFoundation/OpenImageIO

Buffer Overflow vulnerability in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_subimage_data function.

CVE-2023-31027: NVIDIA Support

NVIDIA GPU Display Driver for Windows contains a vulnerability that allows Windows users with low levels of privilege to escalate privileges when an administrator is updating GPU drivers, which may lead to escalation of privileges.

Iran’s MuddyWater Group Targets Israelis with Fake Memo Spear-Phishing

By Deeba Ahmed MuddyWater (aka Mango Sandstorm and Static Kitten) is a cyberespionage group that's believed to be active since 2017. This is a post from HackRead.com Read the original post: Iran’s MuddyWater Group Targets Israelis with Fake Memo Spear-Phishing

CVE-2023-5408

A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different worker nodes and gain broader access to the cluster.