Security
Headlines
HeadlinesLatestCVEs

Tag

#sap

Update now! Microsoft patches 3 actively exploited zero-days

Microsoft has patched a total of 63 vulnerabilities this Patch Tuesday. Make sure you update as soon as you can.

Malwarebytes
#vulnerability#web#android#windows#google#microsoft#dos#perl#zero_day#sap#asp.net
CVE-2023-48013: double-free in gf_filterpacket_del /home/user/fuzzing_gpac/gpac/src/filter_core/filter.c:38:17 · Issue #2612 · gpac/gpac

GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a double free via the gf_filterpacket_del function at /gpac/src/filter_core/filter.c.

Social Media Sleuths, Armed With AI, Are Identifying Dead Bodies

Poverty, fentanyl, and lack of public funding mean morgues are overloaded with unidentified bodies. TikTok and Facebook pages are filling the gap—with AI proving a powerful and controversial new tool.

Alert: Microsoft Releases Patch Updates for 5 New Zero-Day Vulnerabilities

Microsoft has released fixes to address 63 security bugs in its software for the month of November 2023, including three vulnerabilities that have come under active exploitation in the wild. Of the 63 flaws, three are rated Critical, 56 are rated Important, and four are rated Moderate in severity. Two of them have been listed as publicly known at the time of the release. The updates are in

CVE-2023-36719

Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege Vulnerability

The Mirai Confessions: Three Young Hackers Who Built a Web-Killing Monster Finally Tell Their Story

Netflix, Spotify, Twitter, PayPal, Slack. All down for millions of people. How a group of teen friends plunged into an underworld of cybercrime and broke the internet—then went to work for the FBI.

CVE-2023-36719: Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2023-31754: Optimizely CMS Admin Panel DOM XSS

Optimizely CMS UI before v12.16.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Admin panel.

CVE-2023-41366

Under certain condition SAP NetWeaver Application Server ABAP - versions KERNEL 722, KERNEL 7.53, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL 7.94, KERNEL64UC 7.22, KERNEL64UC 7.22EXT, KERNEL64UC 7.53, KERNEL64NUC 7.22, KERNEL64NUC 7.22EXT, allows an unauthenticated attacker to access the unintended data due to the lack of restrictions applied which may lead to low impact in confidentiality and no impact on the integrity and availability of the application.

CVE-2023-31403

SAP Business One installation - version 10.0, does not perform proper authentication and authorization checks for SMB shared folder. As a result, any malicious user can read and write to the SMB shared folder. Additionally, the files in the folder can be executed or be used by the installation process leading to considerable impact on confidentiality, integrity and availability.