#windows

The notorious APT15 used common malware tools and a third-generation custom "Graphican" backdoor to continue its information gathering exploits, this time against foreign ministries.

libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753.

Nokia ASIKA version 7.13.52 suffers from a hard-coded private key disclosure vulnerability.

WordPress Super Socializer plugin version 7.13.52 suffers from a cross site scripting vulnerability.

Accent Microcomputers CMS version 2.4 suffers from a directory traversal vulnerability.

WordPress WP Sticky Social plugin version 1.0.1 suffers from cross site request forgery and cross site scripting vulnerabilities.

A Cart version 2.0 suffers from a database disclosure vulnerability.

3CX Open Standards Software IP PBX Thailand version 2.0.3 suffers from a cross site scripting vulnerability.

Red Hat Integration Camel for Spring Boot 3.20.1 Patch 1 release and security update is now available. Red Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-20883: A flaw was found in Spring Boot, occurring prominently in Spring MVC with a reverse proxy cache. This issue requires Spring MVC to have auto-configuration enabled and the application to use Spring Boot's welcome page support, either static or templated, resulting in the application being deployed behind a proxy that cache...

VMware has flagged that a recently patched critical command injection vulnerability in Aria Operations for Networks (formerly vRealize Network Insight) has come under active exploitation in the wild. The flaw, tracked as CVE-2023-20887, could allow a malicious actor with network access to the product to perform a command injection attack, resulting in remote code execution. It impacts VMware