TencentOS Server 3: java-1.8.0-openjdk (TSSA-2023:0254)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0254 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Alert: Over 178,000 SonicWall Firewalls Potentially Vulnerable to Exploits - Act Now

Over 178,000 SonicWall firewalls exposed over the internet are exploitable to at least one of the two security flaws that could be potentially exploited to cause a denial-of-service DoS condition and remote code execution RCE. "The two issues are fundamentally the same but exploitable at differen...

Debian DSA-5090-1 : firefox-esr - security update

The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5090 advisory. Two security issues have been found in the Mozilla Firefox web browser, which result in the execution of arbitrary code. For the oldstable distribution buste...

KLA12006 Multiple vulnerabilities in Apple iCloud

Multiple vulnerabilities were found in Apple iCloud. Malicious users can exploit these vulnerabilities to perform cross-site scripting attack, bypass security restrictions, cause denial of service. Below is a complete list of vulnerabilities: 1. An input validation vulnerability in WebKit can be...

This Week in Security News: Cybercriminals Distribute Backdoor with VPN Installer and New ‘Alien’ Malware can Steal Passwords from 226 Android Apps

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about how threat actors are bundling Windscribe VPN installers with backdoors. Also, read about a new strain of Android malware that...

KLA11404 Multiple vulnerabilities in Microsoft Development Tools

Multiple vulnerabilities were found in Microsoft Development Tools. Malicious users can exploit these vulnerabilities to obtain sensitive information, perform cross-site scripting attacks. Below is a complete list of vulnerabilities: 1. A cross-site-scripting XSS vulnerability in Team Foundation...

Several Critical Remotely Exploitable Flaws Found in Drupal Modules, patch ASAP!

The extraordinary 'Panama Papers leak' from Law firm Mossack Fonseca that exposed the tax-avoiding efforts by the world's richest and most influential members was initially believed to be the result of an unpatched vulnerability in the popular content management systems: Drupal and WordPress. Now...

Concurrency strikes MSIE (potentially exploitable msxml3 flaws)

A while ago, apparently angry with Larry Seltzer, I penned a quick write-up on the possible issues with race conditions triggered by asynchronous browser events such as JavaScript timers colliding with synchronous content rendering: http://seclists.org/vulnwatch/2006/q3/0023.html This is in...

OneOrZero Helpdesk tupdate.php sg Parameter SQL Injection

The remote host is running OneOrZero, an online helpdesk. There are multiple flaws in this software that could allow an attacker to insert arbitrary SQL commands in the remote database, or even to gain administrative privileges on this host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Re...