Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

Windows Kernel Race Conditions

The Microsoft Windows Kernel has an issue with bad locking in registry virtualization that can result in race conditions.

Packet Storm
Open in Source
#windows#microsoft
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1 Vulnerabilities: Improper Restriction of XML External Entity Reference, Time-of-check Time-of-use (TOCTOU) Race Condition, Command Injection, Missing Encryption of Sensitive Data, Cross-site Scripting, Improper Restriction of Operations within the Bounds of a Memory Buffer, Use After Free, Improper Input Validation, Out-of-bounds Write, Out-of-bounds Read, Infinite Loop, Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), Allocation of Resources Without Limits or ...

CVE-2023-1904: Security Advisory 2023-12

In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server.

CVE-2023-49646: ZSB 23062

Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network access.

CVE-2023-43586: ZSB 23059

Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access.

CVE-2023-50444: BLOG PRIM'X

By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; and ZED! for Windows, Mac, Linux before 2023.5 include an encrypted version of sensitive user information, which could allow an unauthenticated attacker to obtain it via brute force.

Malvertisers zoom in on cryptocurrencies and initial access

Threat actors are increasingly placing malicious ads for Zoom within Google searches.

PDF24 Creator 11.15.1 Local Privilege Escalation

PDF24 Creator versions 11.15.1 and below suffer from a local privilege escalation vulnerability via the MSI installer.

One Identity Password Manager Kiosk Escape Privilege Escalation

One Identity Password Manager versions prior to 5.13.1 suffer from a kiosk escape privilege escalation vulnerability.