βΌ CVE-2023-22341 βΌ
π Read
via "National Vulnerability Database".
On version 14.1.x before 14.1.5.3, and all versions of 13.1.x, when the BIG-IP APM system is configured with all the following elements, undisclosed requests may cause the Traffic Management Microkernel (TMM) to terminate: * An OAuth Server that references an OAuth Provider * An OAuth profile with the Authorization Endpoint set to '/' * An access profile that references the above OAuth profile and is associated with an HTTPS virtual server Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22302 βΌ
π Read
via "National Vulnerability Database".
In BIG-IP versions 17.0.x before 17.0.0.2, and 16.1.x beginning in 16.1.2.2 to before 16.1.3.3, when an HTTP profile is configured on a virtual server and conditions beyond the attackerΓ’β¬β’s control exist on the target pool member, undisclosed requests sent to the BIG-IP system can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43922 βΌ
π Read
via "National Vulnerability Database".
IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration. IBM X-Force ID: 241583.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4254 βΌ
π Read
via "National Vulnerability Database".
sssd: libsss_certmap fails to sanitise certificate data used in LDAP filtersπ Read
via "National Vulnerability Database".
βΌ CVE-2023-22422 βΌ
π Read
via "National Vulnerability Database".
On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, when a HTTP profile with the non-default Enforcement options of Enforce HTTP Compliance and Unknown Methods: Reject are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22842 βΌ
π Read
via "National Vulnerability Database".
On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22664 βΌ
π Read
via "National Vulnerability Database".
On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, and BIG-IP SPK starting in version 1.6.0, when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
β Password-stealing βvulnerabilityβ reported in KeyPass β bug or feature? β
π Read
via "Naked Security".
Is it a vulnerability if someone with control over your account can mess with files that your account is allowed to access anyway?π Read
via "Naked Security".
Sophos News
Password-stealing βvulnerabilityβ reported in KeePass β bug or feature?
Is it a vulnerability if someone with control over your account can mess with files that your account is allowed to access anyway?
π΄ Inside Killnet: Pro-Russia Hacktivist Group's Support and Influence Grows π΄
π Read
via "Dark Reading".
Killnet is building its profile, inspiring jewelry sales and rap anthems. But the impact of its DDoS attacks, like the ones that targeted 14 major US hospitals this week, remain largely questionable.π Read
via "Dark Reading".
Dark Reading
Inside Killnet: Pro-Russia Hacktivist Group's Support and Influence Grows
Killnet is building its profile, inspiring jewelry sales and rap anthems. But the impact of its DDoS attacks, like the ones that targeted 14 major US hospitals this week, remain largely questionable.
π΄ Radiant Logic Signs Definitive Agreement to Acquire Brainwave GRC π΄
π Read
via "Dark Reading".
Move will strengthen position as a leader in the identity governance and analytics market.π Read
via "Dark Reading".
Dark Reading
Radiant Logic Signs Definitive Agreement to Acquire Brainwave GRC
Move will strengthen position as a leader in the identity governance and analytics market.
βΌ CVE-2023-23078 βΌ
π Read
via "National Vulnerability Database".
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22501 βΌ
π Read
via "National Vulnerability Database".
An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management instance under certain circumstances_._ With write access to a User Directory and outgoing email enabled on a Jira Service Management instance, an attacker could gain access to signup tokens sent to users with accounts that have never been logged into. Access to these tokens can be obtained in two cases: * If the attacker is included on Jira issues or requests with these users, or * If the attacker is forwarded or otherwise gains access to emails containing a Γ’β¬ΕView RequestΓ’β¬οΏ½ link from these users. Bot accounts are particularly susceptible to this scenario. On instances with single sign-on, external customer accounts can be affected in projects where anyone can create their own account.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23469 βΌ
π Read
via "National Vulnerability Database".
IBM ICP4A - Automation Decision Services 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 244504.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23074 βΌ
π Read
via "National Vulnerability Database".
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23076 βΌ
π Read
via "National Vulnerability Database".
OS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating new schedules.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23077 βΌ
π Read
via "National Vulnerability Database".
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22284 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0619 βΌ
π Read
via "National Vulnerability Database".
The Kraken.io Image Optimizer plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.6.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset image optimizations.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46934 βΌ
π Read
via "National Vulnerability Database".
kkFileView v4.1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23073 βΌ
π Read
via "National Vulnerability Database".
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component.π Read
via "National Vulnerability Database".