Security
Headlines
HeadlinesLatestCVEs

Tag

#oracle

You Really Need to Update Firefox and Android Right Now

January saw a slew of security patches for iOS, Chrome, Windows, and more.

Wired
Open in Source
#vulnerability#ios#android#windows#google#microsoft#oracle#rce#vmware#samsung#auth#chrome#firefox#sap
Ubuntu Security Notice USN-5823-3

Ubuntu Security Notice 5823-3 - USN-5823-1 fixed vulnerabilities in MySQL. Unfortunately, 8.0.32 introduced a regression in MySQL Router preventing connections from PyMySQL. This update reverts most of the changes in MySQL Router to 8.0.31 until a proper fix can be found.

Microsoft Urges Customers to Secure On-Premises Exchange Servers

Microsoft is urging customers to keep their Exchange servers updated as well as take steps to bolster the environment, such as enabling Windows Extended Protection and configuring certificate-based signing of PowerShell serialization payloads. "Attackers looking to exploit unpatched Exchange servers are not going to go away," the tech giant's Exchange Team said in a post. "There are too many

CVE-2023-23949: Support Content Notification - Support Portal - Broadcom support portal

An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser.

Ubuntu Security Notice USN-5823-2

Ubuntu Security Notice 5823-2 - USN-5823-1 fixed a vulnerability in MySQL. This update provides the corresponding update for Ubuntu 16.04 ESM. Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to MySQL 5.7.41.

Ubuntu Security Notice USN-5823-1

Ubuntu Security Notice 5823-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.32 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. Ubuntu 18.04 LTS has been updated to MySQL 5.7.41. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.

CVE-2023-24040: vulns/HNS-2022-01-dtprintinfo.txt at main · hnsecurity/vulns

** UNSUPPORTED WHEN ASSIGNED ** dtprintinfo in Common Desktop Environment 1.6 has a bug in the parser of lpstat (an invoked external command) during listing of the names of available printers. This allows low-privileged local users to inject arbitrary printer names via the $HOME/.printers file. This injection allows those users to manipulate the control flow and disclose memory contents on Solaris 10 systems. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Threat Round up for January 13 to January 20

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 13 and Jan. 20. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key

CVE-2022-38112: DPA 2023.1 Release Notes

In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext.