Security
Headlines
HeadlinesLatestCVEs

Tag

#sap

SAP Enable Now Manager 10.6.5 Build 2804 Cloud Edition CSRF / XSS / Redirect

SAP Enable Now Manager version 10.6.5 Build 2804 Cloud Edition suffers from cross site request forgery, cross site scripting, and open redirection vulnerabilities.

Packet Storm
Open in Source
#xss#csrf#vulnerability#web#ios#js#java#asus#auth#sap
CVE-2023-0809: Version 2.0.16 released.

In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets.

Apple, Microsoft, and Google Just Fixed Multiple Zero-Day Flaws

Plus: Mozilla patches 10 Firefox bugs, Cisco fixes a vulnerability with a rare maximum severity score, and SAP releases updates to stamp out three highly critical flaws.

The security pitfalls of social media sites offering ID-based authentication

Two notable vulnerabilities in Google Chrome should be patched asap, and an allegedly new ransomware-as-a-service group.

CVE-2023-40307: Privileges Memory Corruption (Out-of-bound write)

An attacker with standard privileges on macOS when requesting administrator privileges from the application can submit input which causes a buffer overflow resulting in a crash of the application. This could make the application unavailable and allow reading or modification of data.

Snapchat Safety for Parents: How to Safeguard Your Child

By Owais Sultan Snapchat is a platform that may not be suitable for everyone, especially if the user is an underage child. So, what can you do? This is a post from HackRead.com Read the original post: Snapchat Safety for Parents: How to Safeguard Your Child

Fake Bitwarden Password Manager Website Drops Windows ZenRAT

By Deeba Ahmed If you’ve installed Bitwarden Password Manager recently, ensure that you downloaded it from its official website and not… This is a post from HackRead.com Read the original post: Fake Bitwarden Password Manager Website Drops Windows ZenRAT

JetBrains Patches Severe TeamCity Flaw Allowing RCE and Server Hijacking

By Deeba Ahmed JetBrains has fixed this flaw in version 2023.05.4 of the product released on September 18. It also released a security advisory but didn't disclose technical details of the vulnerability for now. This is a post from HackRead.com Read the original post: JetBrains Patches Severe TeamCity Flaw Allowing RCE and Server Hijacking

RHSA-2023:5362: Red Hat Security Advisory: nodejs:18 security, bug fix, and enhancement update

An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25883: A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of service. * ...