Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

CVE-2023-24025: GitHub - PQClean/PQClean at d03da3053491e767ef842deaef43fc5bdb6bc911

CRYSTALS-DILITHIUM (in Post-Quantum Cryptography Selected Algorithms 2022) in PQClean d03da30 may allow universal forgeries of digital signatures via a template side-channel attack because of intermediate data leakage of one vector.

CVE
Open in Source
#mac#windows#microsoft#linux#git#c++#ssh#ssl
CVE-2021-29368: Session Fixation in CuppaCMS · Issue #8 · CuppaCMS/CuppaCMS

Session fixation vulnerability in CuppaCMS thru commit 4c9b742b23b924cf4c1f943f48b278e06a17e297 on November 12, 2019 allows attackers to gain access to arbitrary user sessions.

CVE-2020-23256: Electron has serious security vulnerability · Issue #1686 · electerm/electerm

An issue was discovered in Electerm 1.3.22, allows attackers to execute arbitrary code via unverified request to electerms service.

Microsoft Innovations for 2023: What to Look Out for This Year

By Owais Sultan This article will highlight some of the most significant Microsoft innovations that could make an impact in 2023 and beyond. This is a post from HackRead.com Read the original post: Microsoft Innovations for 2023: What to Look Out for This Year

CVE-2022-43704: CVE-2022-43704 - Capture-Replay Vulnerability in Sinilink XY-WFT1 Thermostat

The Sinilink XY-WFT1 WiFi Remote Thermostat, running firmware 1.3.6, allows an attacker to bypass the intended requirement to communicate using MQTT. It is possible to replay Sinilink aka SINILINK521 protocol (udp/1024) commands interfacing directly with the target device. This, in turn, allows for an attack to control the onboard relay without requiring authentication via the mobile application. This might result in an unacceptable temperature within the target device's physical environment.

Critical Manufacturing Sector in the Bull's-eye

Serious security flaws go unpatched, and ransomware attacks increase against manufacturers.

Solaris 10 dtprintinfo / libXm / libXpm Security Issues

Multiple vulnerabilities have been discovered across Common Desktop Environment version 1.6, Motif version 2.1, and X.Org libXpm versions prior to 3.5.15 on Oracle Solaris 10 that can be chained together to achieve root.

OpenText Extended ECM 22.3 File Deletion / LFI / Privilege Escsalation

OpenText Extended ECM versions 16.2.2 through 22.3 suffer from arbitrary file deletion, information disclosure, local file inclusion, and privilege escalation vulnerabilities.

Gamaredon Group Launches Cyberattacks Against Ukraine Using Telegram

The Russian state-sponsored cyber espionage group known as Gamaredon has continued its digital onslaught against Ukraine, with recent attacks leveraging the popular messaging app Telegram to strike military and law enforcement sectors in the country. "The Gamaredon group's network infrastructure relies on multi-stage Telegram accounts for victim profiling and confirmation of geographic location,

What happened in privacy in 2022

In 2022, privacy was upended for millions of people. Here are the biggest stories from last year. (Read more...) The post What happened in privacy in 2022 appeared first on Malwarebytes Labs.