Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2023-38994: Simple yet effective. The story of some simple bugs that led to the complete compromise of a network

An issue in Univention UCS v.5.0 allows a local attacker to execute arbitrary code and gain privileges via the check_univention_joinstatus function.

CVE
Open in Source
#vulnerability#web#mac#windows#microsoft#linux#debian#git#ldap#samba#auth#ssh#docker
CVE-2023-45996: Vuln0wned Report: SQL Injection in member_type.php · Issue #216 · slims/slims9_bulian

SQL injection vulnerability in Senayan Library Management Systems Slims v.9 and Bulian v.9.6.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the reborrowLimit parameter in the member_type.php.

CVE-2020-36767: alert leads to code execution on Linux · Issue #25498 · servo/servo

tinyfiledialogs (aka tiny file dialogs) before 3.8.0 allows shell metacharacters in titles, messages, and other input data.

UAE Bolsters Cyber Future With US Treasury Partnership, Collaborations

A determination to be taken seriously as a cyber player sees the United Arab Emirates announce a series of collaborations.

Red Hat Security Advisory 2023-6156-01

Red Hat Security Advisory 2023-6156-01 - The components for Red Hat OpenShift support for Windows Containers 8.1.0 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Issues addressed include a bypass vulnerability.

Hackers Using MSIX App Packages to Infect Windows PCs with GHOSTPULSE Maware

A new cyber attack campaign has been observed using spurious MSIX Windows app package files for popular software such as Google Chrome, Microsoft Edge, Brave, Grammarly, and Cisco Webex to distribute a novel malware loader dubbed GHOSTPULSE. "MSIX is a Windows app package format that developers can leverage to package, distribute, and install their applications to Windows users," Elastic

GHSA-35c7-w35f-xwgh: Kube-proxy may unintentionally forward traffic

Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port (`spec.ports[*].port`) as a LoadBalancer Service when the LoadBalancer controller does not set the `status.loadBalancer.ingress[].ip` field. Clusters where the LoadBalancer controller sets the `status.loadBalancer.ingress[].ip` field are unaffected.

CVE-2021-25736: For LoadBalancer Service type don't create a HNS policy for empty or invalid external loadbalancer IP by sbangari · Pull Request #99958 · kubernetes/kubernetes

Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port (“spec.ports[*].port”) as a LoadBalancer Service when the LoadBalancer controller does not set the “status.loadBalancer.ingress[].ip” field. Clusters where the LoadBalancer controller sets the “status.loadBalancer.ingress[].ip” field are unaffected.

CVE-2023-46864: Path Traversal - Arbitrary File Download · Issue #171 · Peppermint-Lab/peppermint

Peppermint Ticket Management through 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/ticket/1/file/download?filepath=../ POST request.

This Cryptomining Tool Is Stealing Secrets

Plus: Details emerge of a US government social media-scanning tool that flags “derogatory” speech, and researchers find vulnerabilities in the global mobile communications network.