Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

HospitalRun 1.0.0-beta macOS Local Root

HospitalRun version 1.0.0-beta local root exploit for macOS.

Packet Storm
Open in Source
#vulnerability#mac#git
CVE-2023-1802: Docker Desktop release notes

In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed. A targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental Features enabled and have logged in to a private registry are affected.

A whirlwind adventure: Malwarebytes' 15-year journey in business cybersecurity

Categories: Business It's time to buckle up and embark on a whimsical journey through the twists and turns of Malwarebytes' evolution. (Read more...) The post A whirlwind adventure: Malwarebytes' 15-year journey in business cybersecurity appeared first on Malwarebytes Labs.

RHSA-2023:1525: Red Hat Security Advisory: OpenShift Container Platform 4.9.59 security update

Red Hat OpenShift Container Platform release 4.9.59 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-20329: A flaw was found in Mongo. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshaling Go objects into BSON. This flaw allows a malicious user to use a Go object with a specific string to inject additional fields into marshaled documen...

CVE-2022-31890: Securing Open-Source Solutions: A Study of osTicket Vulnerabilities

SQL Injection vulnerability in audit/class.audit.php in osTicket osTicket-plugins before commit a7842d494889fd5533d13deb3c6a7789768795ae via the order parameter to the getOrder function.

BlackBerry Introduces Integrated Solution to Assure Secure Bi-Directional Response Communications During Cyber Incidents

BlackBerry integrates award-winning CylanceGUARD and BlackBerry AtHoc technologies for "combat-ready" cyber event continuity planning and response.

Beware of new YouTube phishing scam using authentic email address

By Deeba Ahmed Watch out for a new YouTube phishing scam and ignore any email from YouTube that claims to provide details about "Changes in YouTube rules and policies | Check the Description." This is a post from HackRead.com Read the original post: Beware of new YouTube phishing scam using authentic email address

CVE-2023-1708: 2023/CVE-2023-1708.json · master · GitLab.org / cves · GitLab

An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1 where non-printable characters gets copied from clipboard, allowing unexpected commands to be executed on victim machine.

AppSec Looms Large for RSAC 2023 Innovation Sandbox Finalists

Application security is the dominant trend for this year's startup contest, but AI, blockchain, and compliance are all represented as well.

CVE-2023-1879: Stored XSS @ updatecategory in phpmyfaq

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.