Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

Norwegian Entities Targeted in Ongoing Attacks Exploiting Ivanti EPMM Vulnerability

Advanced persistent threat (APT) actors exploited a recently disclosed critical flaw impacting Ivanti Endpoint Manager Mobile (EPMM) as a zero-day since at least April 2023 in attacks directed against Norwegian entities, including a government network. The disclosure comes as part of a new joint advisory released by the Cybersecurity and Infrastructure Security Agency (CISA) and the Norwegian

The Hacker News
#vulnerability#web#windows#linux#asus#auth#zero_day#firefox#The Hacker News
CVE-2022-2346: Security Advisory 2023-10

In affected versions of Octopus Deploy it is possible for a low privileged guest user to interact with extension endpoints.

CVE-2023-36121: OffSec’s Exploit Database Archive

Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote attacker to execute arbitrary code via the description function in the SEO project.

Red Hat Insights Compliance: Introducing new customization options for policies

Maintaining compliance to cybersecurity standards can be a daunting task, but you can mitigate that by using Red Hat Insights. With the latest feature update, the Red Hat Insights Compliance reporting service now allows you to edit the rules in your policies to meet your organization's requirements, giving you visibility and control over your servers. Red Hat Insights is a managed service, included with every Red Hat Enterprise Linux (RHEL) subscription, that continuously analyzes platforms and applications to help you manage your hybrid cloud environment. Red Hat Insights uses predictive a

Joomla JLex Review 6.0.1 Cross Site Scripting

Joomla JLex Review extension version 6.0.1 suffers from a cross site scripting vulnerability.

General Device Manager 2.5.2.2 Buffer Overflow

General Device Manager version 2.5.2.2 suffers from a buffer overflow vulnerability.

CoolAdmin 1.0 SQL Injection

CoolAdmin version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

CVE-2023-4052: Invalid Bug ID

The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary file deletion controlled by the non-privileged user. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116 and Firefox ESR < 115.1.

CVE-2023-4045: Security Vulnerabilities fixed in Firefox ESR 102.14

Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.