Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

Samsung Zero-Day Vuln Under Active Exploit, Google Warns

If exploited, bad actors can execute arbitrary code while evading detection thanks to a renamed process.

DARKReading
Open in Source
#vulnerability#google#samsung#auth#zero_day
OPA for Windows Vulnerability Exposes NTLM Hashes

The vulnerability affects all versions prior to v0.68.0 and highlights the risks organizations assume when consuming open source software and code.

The severity of the Elevation of Privilege – Windows Kernel-Mode Driver (CVE-2024-35250) vulnerability has increased

The severity of the Elevation of Privilege – Windows Kernel-Mode Driver (CVE-2024-35250) vulnerability has increased. This vulnerability was fixed as part of the June Microsoft Patch Tuesday. As in the case of the CVE-2024-30090 vulnerability, it was discovered by a researcher with the nickname Angelboy from DEVCORE. And it also affects the Kernel Streaming framework, […]

GHSA-3vpc-4p9p-47hc: curl_cffi bundles a version of libcurl affected by High Severity vulnerability

### Summary curl_cffi is potentially affected by High Severity vulnerability (CVE-2023-38545) in libcurl<8.4.0 ### Details HIGH severity vulnerability in curl and libcurl: [announcement](https://github.com/curl/curl/discussions/12026#discussioncomment-7195548) Details are still unknown, but seems it will be a major issue as it's advertised by curl devs as "_probably the worst curl security flaw in a long time_". A patched version (8.4.0) and details will be published around 06:00 UTC on October 11. curl_cffi wheels on PyPI ship with libcurl 7.84.0 ### PoC [https://inspector.pypi.io/project/curl-cffi/0.5.10b2/packages/56/ae/eb7d39ad234f1f44650b910757d5aa696feff413d327c8328223ce78cb76/curl_cffi-0.5.10b2-cp37-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl/curl_cffi/include/curl/curlver.h](https://inspector.pypi.io/project/curl-cffi/0.5.10b2/packages/56/ae/eb7d39ad234f1f44650b910757d5aa696feff413d327c8328223ce78cb76/curl_cffi-0.5.10b2-cp37-abi3-manylinux_2_17_aarch64.manylinux2014...

GHSA-wxw9-6pv9-c3xc: Umbraco CMS Has Incomplete Server Termination During Explicit Sign-Out

### Impact During an explicit sign-out, the server session is not fully terminated.

GHSA-5955-cwv4-h7qh: Umbraco has a Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice

### Impact There is a potential risk of code execution for Backoffice users when they “preview” SVG files in full screen mode. ### Workarounds Server-side file validation is available to strip script tags from file's content during the file upload process.

GHSA-4gp9-ff99-j6vj: Umbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook API

### Impact An improper access control issue has been identified, allowing low-privilege users to access the webhook API and retrieve information that should be restricted to users with access to the settings section

Swarms of Fake WordPress Plug-ins Infect Sites With Infostealers

GoDaddy flagged a ClickFix campaign that infected 6,000 sites in a one-day period, with attackers using stolen admin credentials to distribute malware.

Debian Security Advisory 5794-1

Debian Linux Security Advisory 5794-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or information disclosure.