Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2023-28714

Improper access control in firmware for some Intel(R) PROSet/Wireless WiFi software for Windows before version 22.220 HF (Hot Fix) may allow a privileged user to potentially enable escalation of privilege via local access.

CVE
#windows#intel#wifi
Ransomware review: August 2023

Categories: Threat Intelligence July saw one of the highest number of ransomware attacks in 2023 at 441. At the forefront of these attacks is, once again, Cl0p. (Read more...) The post Ransomware review: August 2023 appeared first on Malwarebytes Labs.

CVE-2023-40225

HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request.

CVE-2022-47636: OffSec’s Exploit Database Archive

A DLL hijacking vulnerability has been discovered in OutSystems Service Studio 11 11.53.30 build 61739. When a user open a .oml file (OutSystems Modeling Language), the application will load the following DLLs from the same directory av_libGLESv2.dll, libcef.DLL, user32.dll, and d3d10warp.dll. Using a crafted DLL, it is possible to execute arbitrary code in the context of the current logged in user.

Microsoft Windows Kernel Security Descriptor Use-After-Free

The Microsoft Windows Kernel CmDeleteLayeredKey may delete predefined tombstone keys, leading to security descriptor use-after-free.

Microsoft Windows Kernel Unsafe Reference

The Microsoft Windows Kernel may reference rolled-back transacted keys through differencing hives.

Microsoft Windows Kernel Unsafe Reference

The Microsoft Windows Kernel may reference unbacked layered keys through registry virtualization.

Microsoft Windows Kernel Arbitrary Read

There is a Microsoft Windows Kernel arbitrary read that can be performed by accessing predefined keys through differencing hives.

Dynamic Journal CMS 2.5 Database Disclosure

Dynamic Journal CMS version 2.5 suffers from a database disclosure vulnerability.

e2 Distr CMS 2.8.5.3 Backup Disclosure

e2 Distr CMS version 2.8.5.3 appears to leave backups in a world accessible directory under the document root.