Tag
#windows
Improper access control in firmware for some Intel(R) PROSet/Wireless WiFi software for Windows before version 22.220 HF (Hot Fix) may allow a privileged user to potentially enable escalation of privilege via local access.
Categories: Threat Intelligence July saw one of the highest number of ransomware attacks in 2023 at 441. At the forefront of these attacks is, once again, Cl0p. (Read more...) The post Ransomware review: August 2023 appeared first on Malwarebytes Labs.
HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request.
A DLL hijacking vulnerability has been discovered in OutSystems Service Studio 11 11.53.30 build 61739. When a user open a .oml file (OutSystems Modeling Language), the application will load the following DLLs from the same directory av_libGLESv2.dll, libcef.DLL, user32.dll, and d3d10warp.dll. Using a crafted DLL, it is possible to execute arbitrary code in the context of the current logged in user.
The Microsoft Windows Kernel CmDeleteLayeredKey may delete predefined tombstone keys, leading to security descriptor use-after-free.
The Microsoft Windows Kernel may reference rolled-back transacted keys through differencing hives.
The Microsoft Windows Kernel may reference unbacked layered keys through registry virtualization.
There is a Microsoft Windows Kernel arbitrary read that can be performed by accessing predefined keys through differencing hives.
Dynamic Journal CMS version 2.5 suffers from a database disclosure vulnerability.
e2 Distr CMS version 2.8.5.3 appears to leave backups in a world accessible directory under the document root.