Due to insecure fallback behavior, a man-in-the-middle attacker can bypass NNE’s protection against man-in-the-middle attacks and hijack authenticated connections. In some configurations, a full man-in-the-middle attack is possible. Oracle Database versions 19c, 12.2.0.1, and 12.1.0.2 are affected.
Backdoor.Win32.Phase.11 malware suffers from a code execution vulnerability.
NNE’s integrity protection mechanism deliberately weakens the key used for computing per-packet message authentication codes (MACs). Oracle Database versions 19c, 12.2.0.1, and 12.1.0.2 are affected.
Microsoft Internet Explorer / ActiveX Control – Security Bypass
Tags:
0day,
remote exploit
WordPress Plugin Typebot 1.4.3 – Stored Cross Site Scripting (XSS) (Authenticated)
Tags:
0day,
remote exploit
Apache Log4j 2 – Remote Code Execution (RCE)
Tags:
0day,
remote exploit
Laravel Valet 2.0.3 – Local Privilege Escalation (macOS)
Tags:
0day,
remote exploit
Apache Log4j2 2.14.1 – Information Disclosure
Tags:
0day,
remote exploit
WebHMI 4.0 – Remote Code Execution (RCE) (Authenticated)
Tags:
0day,
remote exploit