Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

XoopsCore25 2.5.11 Cross Site Scripting

XoopsCore25 version 2.5.11 suffers from a cross site scripting vulnerability.

Packet Storm
Open in Source
#xss#vulnerability#web#mac#windows#apple#google#git#php#auth#chrome#webkit
ManageEngine ADManager Plus Recovery Password Disclosure

ManageEngine ADManager Plus versions prior to build 7183 suffers from a recovery password disclosure vulnerability.

Splunk 9.0.4 Information Disclosure

Splunk version 9.0.4 suffers from an information disclosure vulnerability.

GHSA-g74q-5xw3-j7q9: Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability

# Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET 6.0, ASP.NET 7.0 and, ASP.NET 8.0 . This advisory also provides guidance on what developers can do to update their applications to address this vulnerability. A vulnerability exists in ASP.NET applications using SignalR where a malicious client can result in a denial-of-service. ## Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/295 ### <a name="mitigation-factors"></a>Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. ## <a name="affected-software"></a>Affected software * Any .NET 6.0 application running on .NET 6.0.26 or earlier. * Any .NET 7.0 application running on .NET 7.0.15 or earlier. * Any .NET 8.0 application running on .NET 8.0.1 or ...

First Microsoft Patch Tuesday zero-day of 2024 disclosed as part of group of 75 vulnerabilities

Although considered of moderate risk, one of the vulnerabilities is being actively exploited in the wild — CVE-2024-21351, a security feature bypass vulnerability in Windows SmartScreen.

Ivanti VPN Flaws Exploited by DSLog Backdoor and Crypto Miners

By Deeba Ahmed Ivanti has released patches for vulnerabilities found in its enterprise VPN appliances, including two flagged as exploited zero-days… This is a post from HackRead.com Read the original post: Ivanti VPN Flaws Exploited by DSLog Backdoor and Crypto Miners

Remote Monitoring &#038; Management software used in phishing attacks

Threat actors are abusing commercial remote software like AnyDesk to phish users and defraud them.

CVE-2024-21362: Windows Kernel Security Feature Bypass Vulnerability

**What kind of security feature could be bypassed by successfully exploiting this vulnerability?** An attacker who successfully exploited this vulnerability could bypass the Windows Code Integrity Guard (CIG).

CVE-2024-21377: Windows DNS Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

CVE-2024-21404: .NET Denial of Service Vulnerability

**The following mitigating factors might be helpful in your situation:** Only .NET services running on non-Windows platforms are affected by this vulnerability. If your web server is running on Windows, an attacker cannot use this DoS vector to bring down your web server.