Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2023-5739: HP PC Hardware Diagnostics Windows, HP Image Assistant, and HP Thunderbolt Dock G2 Firmware – Potential Buffer Overflow, Elevation of Privilege

Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to elevation of privilege.

CVE
Open in Source
#vulnerability#windows#php#buffer_overflow
CVE-2023-37243: Vulnerability-Disclosures/2023/MNDT-2023-0010.md at master · mandiant/Vulnerability-Disclosures

The C:\Windows\Temp\Agent.Package.Availability\Agent.Package.Availability.exe file is automatically launched as SYSTEM when the system reboots. Since the C:\Windows\Temp\Agent.Package.Availability folder inherits permissions from C:\Windows\Temp and Agent.Package.Availability.exe is susceptible to DLL hijacking, standard users can write a malicious DLL to it and elevate their privileges.

CVE-2023-42658: InSpec CLI

Archive, check and export commands in Chef InSpec prior to 4.56.58 and 5.22.29 allow local command execution via maliciously crafted profile.

CVE-2023-38994: Simple yet effective. The story of some simple bugs that led to the complete compromise of a network

An issue in Univention UCS v.5.0 allows a local attacker to execute arbitrary code and gain privileges via the check_univention_joinstatus function.

CVE-2023-45996: Vuln0wned Report: SQL Injection in member_type.php · Issue #216 · slims/slims9_bulian

SQL injection vulnerability in Senayan Library Management Systems Slims v.9 and Bulian v.9.6.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the reborrowLimit parameter in the member_type.php.

CVE-2020-36767: alert leads to code execution on Linux · Issue #25498 · servo/servo

tinyfiledialogs (aka tiny file dialogs) before 3.8.0 allows shell metacharacters in titles, messages, and other input data.

UAE Bolsters Cyber Future With US Treasury Partnership, Collaborations

A determination to be taken seriously as a cyber player sees the United Arab Emirates announce a series of collaborations.

Red Hat Security Advisory 2023-6156-01

Red Hat Security Advisory 2023-6156-01 - The components for Red Hat OpenShift support for Windows Containers 8.1.0 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Issues addressed include a bypass vulnerability.

Hackers Using MSIX App Packages to Infect Windows PCs with GHOSTPULSE Maware

A new cyber attack campaign has been observed using spurious MSIX Windows app package files for popular software such as Google Chrome, Microsoft Edge, Brave, Grammarly, and Cisco Webex to distribute a novel malware loader dubbed GHOSTPULSE. "MSIX is a Windows app package format that developers can leverage to package, distribute, and install their applications to Windows users," Elastic

GHSA-35c7-w35f-xwgh: Kube-proxy may unintentionally forward traffic

Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port (`spec.ports[*].port`) as a LoadBalancer Service when the LoadBalancer controller does not set the `status.loadBalancer.ingress[].ip` field. Clusters where the LoadBalancer controller sets the `status.loadBalancer.ingress[].ip` field are unaffected.