Security
Headlines
HeadlinesLatestCVEs

Tag

#linux

Update Now: Microsoft Releases Patches for 3 Actively Exploited Windows Vulnerabilities

Microsoft on Tuesday released security updates to address 75 flaws spanning its product portfolio, three of which have come under active exploitation in the wild. The updates are in addition to 22 flaws the Windows maker patched in its Chromium-based Edge browser over the past month. Of the 75 vulnerabilities, nine are rated Critical and 66 are rated Important in severity. 37 out of 75 bugs are

The Hacker News
Open in Source
#sql#vulnerability#web#android#mac#windows#apple#google#microsoft#ubuntu#linux#debian#cisco#red_hat#dos#git#oracle#intel#rce#samba#vmware#lenovo#amd#samsung#auth#ibm#dell#zero_day#chrome#firefox#sap#The Hacker News
CVE-2023-25725: The Reliable, High Performance TCP/HTTP Load Balancer

HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31.

Password manager security: Which is the right option for me?

The first guide of our two-part series helps consumers choose the best way to manage their login credentials

Cisco RV Series Authentication Bypass / Command Injection

This Metasploit module exploits two vulnerabilities, a session ID directory traversal authentication bypass (CVE-2022-20705) and a command injection vulnerability (CVE-2022-20707), on Cisco RV160, RV260, RV340, and RV345 Small Business Routers, allowing attackers to execute arbitrary commands with www-data user privileges. This access can then be used to pivot to other parts of the network. This module works on firmware versions 1.0.03.24 and below.

Red Hat Security Advisory 2023-0752-01

Red Hat Security Advisory 2023-0752-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Issues addressed include buffer overflow, bypass, and out of bounds write vulnerabilities.

Debian Security Advisory 5347-1

Debian Linux Security Advisory 5347-1 - Bryan Gonzalez discovered that the PNG support in Imagemagick could be tricked into embedding the content of an arbitrary file when converting an image file.

Red Hat Security Advisory 2023-0742-01

Red Hat Security Advisory 2023-0742-01 - Red Hat Update Infrastructure offers a highly scalable, highly redundant framework that enables you to manage repositories and content. It also enables cloud providers to deliver content and updates to Red Hat Enterprise Linux instances. Issues addressed include a bypass vulnerability.

CVE-2023-24161: VulnerabilityProjectRecords/setWebWlanIdx.md at main · iceyjchen/VulnerabilityProjectRecords

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the webWlanIdx parameter in the setWebWlanIdx function.

CVE-2023-24160: VulnerabilityProjectRecords/setPasswordCfg_admuser.md at main · iceyjchen/VulnerabilityProjectRecords

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function.

CVE-2023-24159: VulnerabilityProjectRecords/setPasswordCfg_admpass.md at main · iceyjchen/VulnerabilityProjectRecords

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admpass parameter in the setPasswordCfg function.