Tag
#windows
Advanced persistent threat (APT) actors exploited a recently disclosed critical flaw impacting Ivanti Endpoint Manager Mobile (EPMM) as a zero-day since at least April 2023 in attacks directed against Norwegian entities, including a government network. The disclosure comes as part of a new joint advisory released by the Cybersecurity and Infrastructure Security Agency (CISA) and the Norwegian
In affected versions of Octopus Deploy it is possible for a low privileged guest user to interact with extension endpoints.
Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote attacker to execute arbitrary code via the description function in the SEO project.
Maintaining compliance to cybersecurity standards can be a daunting task, but you can mitigate that by using Red Hat Insights. With the latest feature update, the Red Hat Insights Compliance reporting service now allows you to edit the rules in your policies to meet your organization's requirements, giving you visibility and control over your servers. Red Hat Insights is a managed service, included with every Red Hat Enterprise Linux (RHEL) subscription, that continuously analyzes platforms and applications to help you manage your hybrid cloud environment. Red Hat Insights uses predictive a
Joomla JLex Review extension version 6.0.1 suffers from a cross site scripting vulnerability.
General Device Manager version 2.5.2.2 suffers from a buffer overflow vulnerability.
CoolAdmin version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
City Variety LMS version 2.2 suffers from a cross site scripting vulnerability.
The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary file deletion controlled by the non-privileged user. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116 and Firefox ESR < 115.1.
Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.