Security
Headlines
HeadlinesLatestCVEs

Tag

#oracle

Zimbra remote code execution vulnerability actively exploited in the wild

Mitigation guidance provided while a patch is being developed

PortSwigger
Open in Source
#vulnerability#web#ubuntu#linux#red_hat#oracle#rce#samba#zero_day
Apple Safari Safest, Google Chrome Riskiest Browser of 2022- Study

By Waqas According to researchers, Google Chrome, Mozilla Firefox, and Microsoft Edge browser contained the most vulnerabilities in 2022. This is a post from HackRead.com Read the original post: Apple Safari Safest, Google Chrome Riskiest Browser of 2022- Study

Hackers Exploiting Unpatched RCE Flaw in Zimbra Collaboration Suite

A severe remote code execution vulnerability in Zimbra's enterprise collaboration software and email platform is being actively exploited, with no patch currently available to remediate the issue. The shortcoming, assigned CVE-2022-41352, carries a critical-severity rating of CVSS 9.8, providing a pathway for attackers to upload arbitrary files and carry out malicious actions on affected

The Top 5 Cloud Vulnerabilities You Should Know Of

By Waqas After the pandemic hit in 2020 cloud computing gained a lot of adoption, globally. The velocity of cloud… This is a post from HackRead.com Read the original post: The Top 5 Cloud Vulnerabilities You Should Know Of

CVE-2022-37461: Trustwave Security Advisories

Multiple cross-site scripting (XSS) vulnerabilities in Canon Medical Vitrea View 7.x before 7.7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the input after the error subdirectory to the /vitrea-view/error/ subdirectory, or the (2) groupID, (3) offset, or (4) limit parameter to an Administrative Panel (Group and Users) page. There is a risk of an attacker retrieving patient information.

With the Software Supply Chain, You Can't Secure What You Don't Measure

Reports to the National Vulnerability Database jumped in 2022, but we should pay just as much attention to the flaws that are not being reported to NVD, including those affecting the software supply chain.

Cyera Survey Finds One in Three Respondents Want to Minimize Cloud Data Risk

Multiple providers say 'cloud data sprawl' makes managing cloud data risk a priority initiative within the next 12 months.

Rancher stored sensitive values in plaintext, exposed Kubernetes clusters to takeover

Maintainers patch vulnerability and offer mitigation advice over bug that affects Rancher-owned objects

Ubuntu Security Notice USN-5640-1

Ubuntu Security Notice 5640-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Duoming Zhou discovered that race conditions existed in the timer handling implementation of the Linux kernel's Rose X.25 protocol layer, resulting in use-after-free vulnerabilities. A local attacker could use this to cause a denial of service.