βΌ CVE-2023-22842 βΌ
π Read
via "National Vulnerability Database".
On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22664 βΌ
π Read
via "National Vulnerability Database".
On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, and BIG-IP SPK starting in version 1.6.0, when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
β Password-stealing βvulnerabilityβ reported in KeyPass β bug or feature? β
π Read
via "Naked Security".
Is it a vulnerability if someone with control over your account can mess with files that your account is allowed to access anyway?π Read
via "Naked Security".
Sophos News
Password-stealing βvulnerabilityβ reported in KeePass β bug or feature?
Is it a vulnerability if someone with control over your account can mess with files that your account is allowed to access anyway?
π΄ Inside Killnet: Pro-Russia Hacktivist Group's Support and Influence Grows π΄
π Read
via "Dark Reading".
Killnet is building its profile, inspiring jewelry sales and rap anthems. But the impact of its DDoS attacks, like the ones that targeted 14 major US hospitals this week, remain largely questionable.π Read
via "Dark Reading".
Dark Reading
Inside Killnet: Pro-Russia Hacktivist Group's Support and Influence Grows
Killnet is building its profile, inspiring jewelry sales and rap anthems. But the impact of its DDoS attacks, like the ones that targeted 14 major US hospitals this week, remain largely questionable.
π΄ Radiant Logic Signs Definitive Agreement to Acquire Brainwave GRC π΄
π Read
via "Dark Reading".
Move will strengthen position as a leader in the identity governance and analytics market.π Read
via "Dark Reading".
Dark Reading
Radiant Logic Signs Definitive Agreement to Acquire Brainwave GRC
Move will strengthen position as a leader in the identity governance and analytics market.
βΌ CVE-2023-23078 βΌ
π Read
via "National Vulnerability Database".
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22501 βΌ
π Read
via "National Vulnerability Database".
An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management instance under certain circumstances_._ With write access to a User Directory and outgoing email enabled on a Jira Service Management instance, an attacker could gain access to signup tokens sent to users with accounts that have never been logged into. Access to these tokens can be obtained in two cases: * If the attacker is included on Jira issues or requests with these users, or * If the attacker is forwarded or otherwise gains access to emails containing a Γ’β¬ΕView RequestΓ’β¬οΏ½ link from these users. Bot accounts are particularly susceptible to this scenario. On instances with single sign-on, external customer accounts can be affected in projects where anyone can create their own account.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23469 βΌ
π Read
via "National Vulnerability Database".
IBM ICP4A - Automation Decision Services 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 244504.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23074 βΌ
π Read
via "National Vulnerability Database".
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23076 βΌ
π Read
via "National Vulnerability Database".
OS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating new schedules.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23077 βΌ
π Read
via "National Vulnerability Database".
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22284 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0619 βΌ
π Read
via "National Vulnerability Database".
The Kraken.io Image Optimizer plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.6.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset image optimizations.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46934 βΌ
π Read
via "National Vulnerability Database".
kkFileView v4.1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23073 βΌ
π Read
via "National Vulnerability Database".
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23969 βΌ
π Read
via "National Vulnerability Database".
In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22287 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23075 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in Zoho Asset Explorer 6.9 via the credential name when creating a new Assets Workstation.π Read
via "National Vulnerability Database".
π΄ Greater Incident Complexity, Shift in How Threat Actors Use Stolen Data, Will Drive the Cyber Threat Landscape in 2023, Says Beazley Report π΄
π Read
via "Dark Reading".
Noting 13% year-over-year growth in fraudulent instruction as a cause of loss, report predicts organizations must get smarter about educating employees to spot fraudulent tactics.π Read
via "Dark Reading".
Dark Reading
Greater Incident Complexity, Shift in How Threat Actors Use Stolen Data, Will Drive the Cyber Threat Landscape in 2023, Says Beazleyβ¦
Noting 13% year-over-year growth in fraudulent instruction as a cause of loss, report predicts organizations must get smarter about educating employees to spot fraudulent tactics.
π΄ CISA to Open Supply Chain Risk Management Office π΄
π Read
via "Dark Reading".
A new supply chain risk management office aims to help public and private sectors implement recent CISA policies and guidance.π Read
via "Dark Reading".
Dark Reading
CISA to Open Supply Chain Risk Management Office
A new supply chain risk management office aims to help public and private sectors implement recent CISA policies and guidance.