β Password-stealing βvulnerabilityβ reported in KeePass β bug or feature? β
π Read
via "Naked Security".
Is it a vulnerability if someone with control over your account can mess with files that your account is allowed to access anyway?π Read
via "Naked Security".
Sophos News
Password-stealing βvulnerabilityβ reported in KeePass β bug or feature?
Is it a vulnerability if someone with control over your account can mess with files that your account is allowed to access anyway?
βΌ CVE-2023-25015 βΌ
π Read
via "National Vulnerability Database".
Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25014 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to delete all frontend users.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25013 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to set the password of all frontend users.π Read
via "National Vulnerability Database".
π΄ Lazarus Group Rises Again, to Gather Intelligence on Energy, Healthcare Firms π΄
π Read
via "Dark Reading".
An OpSec slip from the North Korean threat group helps researchers attribute what was first suspected as a ransomware attack to nation-state espionage.π Read
via "Dark Reading".
Dark Reading
Lazarus Group Rises Again, to Gather Intelligence on Energy, Healthcare Firms
An OpSec slip from the North Korean threat group helps researchers attribute what was first suspected as a ransomware attack to nation-state espionage.
π1
βΌ CVE-2022-40269 βΌ
π Read
via "National Vulnerability Database".
Authentication Bypass by Spoofing vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.14.000 to 01.47.000, Mitsubishi Electric Corporation GOT2000 Series GT25 model versions 01.14.000 to 01.47.000 and Mitsubishi Electric Corporation GT SoftGOT2000 versions 1.265B to 1.285X allows a remote unauthenticated attacker to disclose sensitive information from users' browsers or spoof legitimate users by abusing inappropriate HTML attributes.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33323 βΌ
π Read
via "National Vulnerability Database".
Active Debug Code vulnerability in robot controller of Mitsubishi Electric Corporation industrial robot MELFA SD/SQ Series and MELFA F-Series allows a remote unauthenticated attacker to gain unauthorized access by authentication bypass through an unauthorized telnet login. As for the affected model names, controller types and firmware versions, see the Mitsubishi Electric's advisory which is listed in [References] section.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0639 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in TRENDnet TEW-652BRP 3.04b01 and classified as problematic. This issue affects some unknown processing of the file get_set.ccp of the component Web Management Interface. The manipulation of the argument nextPage leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-220019.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43665 βΌ
π Read
via "National Vulnerability Database".
A denial of service vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.8.645. A specially-crafted PE file can lead to killing target process. An attacker can provide a malicious file to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2546 βΌ
π Read
via "National Vulnerability Database".
The All-in-One WP Migration WordPress plugin before 7.63 uses the wrong content type, and does not properly escape the response from the ai1wm_export AJAX action, allowing an attacker to craft a request that when submitted by any visitor will inject arbitrary html or javascript into the response that will be executed in the victims session. Note: This requires knowledge of a static secret keyπ Read
via "National Vulnerability Database".
βΌ CVE-2023-0641 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in PHPGurukul Employee Leaves Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file changepassword.php. The manipulation of the argument newpassword/confirmpassword leads to weak password requirements. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220021 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0638 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in TRENDnet TEW-811DRU 1.0.10.0 and classified as critical. This vulnerability affects unknown code of the component Web Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-220018 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0637 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in TRENDnet TEW-811DRU 1.0.10.0. This affects an unknown part of the file wan.asp of the component Web Management Interface. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220017 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0400 βΌ
π Read
via "National Vulnerability Database".
The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to bypass DLP controls when uploading sensitive data from a mapped drive into a web email client. Loading from a local driver was correctly prevented. Versions prior to 11.9 correctly detected and blocked the attempted upload of sensitive data.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40268 βΌ
π Read
via "National Vulnerability Database".
Improper Restriction of Rendered UI Layers or Frames vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.14.000 to 01.47.000, Mitsubishi Electric Corporation GOT2000 Series GT25 model versions 01.14.000 to 01.47.000 and Mitsubishi Electric Corporation GT SoftGOT2000 versions 1.265B to 1.285X allows a remote unauthenticated attacker to lead legitimate users to perform unintended operations through clickjacking.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0640 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in TRENDnet TEW-652BRP 3.04b01. It has been classified as critical. Affected is an unknown function of the file ping.ccp of the component Web Interface. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220020.π Read
via "National Vulnerability Database".
π΄ Discrepancies Discovered in Vulnerability Severity Ratings π΄
π Read
via "Dark Reading".
Differences in how the National Vulnerability Database (NVD) and vendors score bugs can make patch prioritization harder, study says.π Read
via "Dark Reading".
Dark Reading
Discrepancies Discovered in Vulnerability Severity Ratings
Differences in how the National Vulnerability Database (NVD) and vendors score bugs can make patch prioritization harder, study says.
βΌ CVE-2023-0642 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) in GitHub repository squidex/squidex prior to 7.4.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0643 βΌ
π Read
via "National Vulnerability Database".
Improper Handling of Additional Special Element in GitHub repository squidex/squidex prior to 7.4.0.π Read
via "National Vulnerability Database".
βΌ CVE-2020-24307 βΌ
π Read
via "National Vulnerability Database".
An issue in mRemoteNG v1.76.20 allows attackers to escalate privileges via a crafted executable file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46965 βΌ
π Read
via "National Vulnerability Database".
PrestaShop module, totadministrativemandate before v1.7.1 was discovered to contain a SQL injection vulnerability.π Read
via "National Vulnerability Database".
π1