Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

Alert: Microsoft Releases Patch Updates for 5 New Zero-Day Vulnerabilities

Microsoft has released fixes to address 63 security bugs in its software for the month of November 2023, including three vulnerabilities that have come under active exploitation in the wild. Of the 63 flaws, three are rated Critical, 56 are rated Important, and four are rated Moderate in severity. Two of them have been listed as publicly known at the time of the release. The updates are in

The Hacker News
Open in Source
#vulnerability#android#windows#apple#google#microsoft#ubuntu#linux#debian#cisco#red_hat#dos#apache#git#oracle#wordpress#intel#rce#perl#vmware#lenovo#amd#buffer_overflow#asus#samsung#auth#ibm#dell#zero_day#chrome#sap#asp.net#The Hacker News
Urgent: VMware Warns of Unpatched Critical Cloud Director Vulnerability

VMware is warning of a critical and unpatched security flaw in Cloud Director that could be exploited by a malicious actor to get around authentication protections. Tracked as CVE-2023-34060 (CVSS score: 9.8), the vulnerability impacts instances that have been upgraded to version 10.5 from an older version. "On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with

CVE-2023-47309: [CVE-2023-47309] Improper Neutralization of Input During Web Page Generation in Nukium - NKM GLS module for PrestaShop

Nukium nkmgls before version 3.0.2 is vulnerable to Cross Site Scripting (XSS) via NkmGlsCheckoutModuleFrontController::displayAjaxSavePhoneMobile.

CVE-2023-43979: [CVE-2023-43979] Improper neutralization of SQL parameter in PrestaHero (ETS Soft) - BLOG - Drive High Traffic & Boost SEO module for PrestaShop

ETS Soft ybc_blog before v4.4.0 was discovered to contain a SQL injection vulnerability via the component Ybc_blogBlogModuleFrontController::getPosts().

CVE-2023-31100: Security Notifications - Phoenix Technologies - Leading PC Innovation since 1979

Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification. This issue affects SecureCore™ Technology™ 4: * from 4.3.0.0 before 4.3.0.203 * from 4.3.1.0 before 4.3.1.163 * from 4.4.0.0 before 4.4.0.217 * from 4.5.0.0 before 4.5.0.138

CVE-2023-41718: Ivanti Community

When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file.

CVE-2023-39335: Ivanti Community

A security vulnerability has been identified in EPMM Versions 11.10, 11.9 and 11.8 and older allowing an unauthenticated threat actor to impersonate any existing user during the device enrollment process. This issue poses a significant security risk, as it enables unauthorized access and potential misuse of user accounts and resources.

CVE-2023-47518: WordPress Restrict Categories plugin <= 2.6.4 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Matthew Muro Restrict Categories plugin <= 2.6.4 versions.

CVE-2023-45627

An authenticated Denial-of-Service (DoS) vulnerability exists in the CLI service. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point.