βΌ CVE-2018-20104 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22960 βΌ
π Read
via "National Vulnerability Database".
Lexmark products through 2023-01-10 have Improper Control of Interaction Frequency.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21795 βΌ
π Read
via "National Vulnerability Database".
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21796.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21796 βΌ
π Read
via "National Vulnerability Database".
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21795.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21775 βΌ
π Read
via "National Vulnerability Database".
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22484 βΌ
π Read
via "National Vulnerability Database".
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to a polynomial time complexity issue in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has been patched in 0.29.0.gfm.7.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21719 βΌ
π Read
via "National Vulnerability Database".
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22483 βΌ
π Read
via "National Vulnerability Database".
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to several polynomial time complexity issues in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. Various commands, when piped to cmark-gfm with large values, cause the running time to increase quadratically. These vulnerabilities have been patched in version 0.29.0.gfm.7.π Read
via "National Vulnerability Database".
β Apple patches are out β old iPhones get an old zero-day fix at last! β
π Read
via "Naked Security".
Don't delay, especially if you're still running an iOS 12 device... please do it today!π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π2
βΌ CVE-2023-22485 βΌ
π Read
via "National Vulnerability Database".
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior 0.29.0.gfm.7, a crafted markdown document can trigger an out-of-bounds read in the `validate_protocol` function. We believe this bug is harmless in practice, because the out-of-bounds read accesses `malloc` metadata without causing any visible damage.This vulnerability has been patched in 0.29.0.gfm.7.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23331 βΌ
π Read
via "National Vulnerability Database".
Amano Xoffice parking solutions 7.1.3879 is vulnerable to SQL Injection.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45639 βΌ
π Read
via "National Vulnerability Database".
OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a crafted value to the m parameter.π Read
via "National Vulnerability Database".
ποΈ IoT vendors faulted for slow progress in setting up vulnerability disclosure programs ποΈ
π Read
via "The Daily Swig".
Manufacturer complacency βtranslates into an unacceptable risk for consumersβ, warns security expertπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
IoT vendors faulted for slow progress in setting up vulnerability disclosure programs
Manufacturer complacency βtranslates into an unacceptable risk for consumersβ, warns security expert
π4π₯1
βοΈ Administrator of RSOCKS Proxy Botnet Pleads Guilty βοΈ
π Read
via "Krebs on Security".
Denis Emelyantsev, a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of devices worldwide, pleaded guilty to two counts of computer crime violations in a California courtroom this week. The plea comes just months after Emelyantsev was extradited from Bulgaria, where he told investigators, βAmerica is looking for me because I have enormous information and they need it.βπ Read
via "Krebs on Security".
Krebs on Security
Administrator of RSOCKS Proxy Botnet Pleads Guilty
Denis Emelyantsev, a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of devices worldwide, pleaded guilty to two counts of computer crime violations in a California courtroom this week. The pleaβ¦
π₯2π1
β Apple patches are out β old iPhones get an old zero-day fix at last! β
π Read
via "Naked Security".
Don't delay, especially if you're still running an iOS 12 device... please do it today!π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
ποΈ Yellowfin tackles auth bypass bug trio that opened door to RCE ποΈ
π Read
via "The Daily Swig".
Pre- and post-auth path to pwnageπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Yellowfin tackles auth bypass bug trio that opened door to RCE
Pre- and post-auth path to pwnage
π1
βοΈ Experian Glitch Exposing Credit Files Lasted 47 Days βοΈ
π Read
via "Krebs on Security".
On Dec. 23, 2022, KrebsOnSecurity alerted big-three consumer credit reporting bureau Experian that identity thieves had worked out how to bypass its security and access any consumer's full credit report -- armed with nothing more than a person's name, address, date of birth, and Social Security number. Experian fixed the glitch, but remained silent about the incident for a month. This week, however, Experian acknowledged that the security failure persisted for nearly seven weeks, between Nov. 9, 2022 and Dec. 26, 2022.π Read
via "Krebs on Security".
Krebs on Security
Experian Glitch Exposing Credit Files Lasted 47 Days
On Dec. 23, 2022, KrebsOnSecurity alerted big-three consumer credit reporting bureau Experian that identity thieves had worked out how to bypass its security and access any consumer's full credit report -- armed with nothing more than a person's name, addressβ¦
π1
ποΈ Trellix automates tackling open source vulnerabilities at scale ποΈ
π Read
via "The Daily Swig".
More than 61,000 vulnerabilities patched and countingπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Trellix automates tackling open source vulnerabilities at scale
More than 61,000 vulnerabilities patched and counting
π1
β GoTo admits: Customer cloud backups stolen together with decryption key β
π Read
via "Naked Security".
We were going to write, "Once more unto the breach, dear friends, once more"... but it seems to go without saying these days.π Read
via "Naked Security".
Naked Security
GoTo admits: Customer cloud backups stolen together with decryption key
We were going to write, βOnce more unto the breach, dear friends, once moreββ¦ but it seems to go without saying these days.
β S3 Ep119: Breaches, patches, leaks and tweaks! [Audio + Text] β
π Read
via "Naked Security".
Lastest episode - listen now! (Or read the transcript.)π Read
via "Naked Security".
Naked Security
S3 Ep119: Breaches, patches, leaks and tweaks! [Audio + Text]
Lastest episode β listen now! (Or read the transcript.)
ποΈ Ruby on Rails apps vulnerable to data theft through Ransack search ποΈ
π Read
via "The Daily Swig".
Several applications were vulnerable to brute-force attacks; hundreds more could be at riskπ Read
via "The Daily Swig".
portswigger.net
Web Application Security, Testing, & Scanning - PortSwigger
PortSwigger offers tools for web application security, testing, & scanning. Choose from a range of security tools, & identify the very latest vulnerabilities.