Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

Kitty 0.76.0.8 Stack Buffer Overflow

Kitty version 0.76.0.8 suffers from a buffer overflow vulnerability.

Packet Storm
#vulnerability#windows#buffer_overflow#ssh
Marval MSM 14.19.0.12476 Remote Code Execution

Marval MSM version 14.19.0.12476 suffers from a remote code execution vulnerability.

Atlassian Confluence Flaw Being Used to Deploy Ransomware and Crypto Miners

A recently patched critical security flaw in Atlassian Confluence Server and Data Center products is being actively weaponized in real-world attacks to drop cryptocurrency miners and ransomware payloads. In at least two of the Windows-related incidents observed by cybersecurity vendor Sophos, adversaries exploited the vulnerability to deliver Cerber ransomware and a crypto miner called z0miner

Threat Roundup for June 10 to June 17

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 10 and June 17. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,... [[ This is only the beginning! Please visit the blog for the complete entry ]]

CVE-2022-31941: bug_report/SQL-1.md at main · Gsir97/bug_report

Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via \rdms\admin?page=user\manage_user&id=.

CVE-2022-30607: IBM Robotic Process Automation is vulnerable to cross tenant disclosure of user ids (CVE-2022-30607)

IBM Robotic Process Automation 20.10.0, 20.12.5, 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow a user to obtain sensitive information due to information properly masked in the control center UI. IBM X-Force ID: 227294.

CVE-2022-32444: URL redirection vulnerability in u5cms v8.3.5 · Issue #50 · u5cms/u5cms

An issue was discovered in u5cms verion 8.3.5 There is a URL redirection vulnerability that can cause a user's browser to be redirected to another site via /loginsave.php.

CVE-2022-31246

paymentrequest.py in Electrum before 4.2.2 allows a file:// URL in the r parameter of a payment request (e.g., within QR code data). On Windows, this can lead to capture of credentials over SMB. On Linux and UNIX, it can lead to a denial of service by specifying the /dev/zero filename.