βΌ CVE-2023-0096 βΌ
π Read
via "National Vulnerability Database".
The Happyforms WordPress plugin before 1.22.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20614 βΌ
π Read
via "National Vulnerability Database".
In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628615; Issue ID: ALPS07628615.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0669 βΌ
π Read
via "National Vulnerability Database".
Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20611 βΌ
π Read
via "National Vulnerability Database".
In gpu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588678; Issue ID: ALPS07588678.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20607 βΌ
π Read
via "National Vulnerability Database".
In ccu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07512839; Issue ID: ALPS07512839.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23944 βΌ
π Read
via "National Vulnerability Database".
Nextcloud mail is an email app for the nextcloud home server platform. In versions prior to 2.2.2 user's passwords were stored in cleartext in the database during the duration of OAuth2 setup procedure. Any attacker or malicious user with access to the database would have access to these user passwords until the OAuth setup has been completed. It is recommended that the Nextcloud Mail app is upgraded to 2.2.2. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0687 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0174 βΌ
π Read
via "National Vulnerability Database".
The WP VR WordPress plugin before 8.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32655 βΌ
π Read
via "National Vulnerability Database".
In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705028; Issue ID: GN20220705028.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0081 βΌ
π Read
via "National Vulnerability Database".
The MonsterInsights WordPress plugin before 8.12.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π Read
via "National Vulnerability Database".
π΄ Cadien Cyber Response Launches to Deliver Incident Response & Complex Digital Forensics Services π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Cadien Cyber Response Launches to Deliver Incident Response & Complex Digital Forensics Services
TYSONS, Va.--(BUSINESS WIRE)-- Cadien Cyber Response, a US-based incident response and complex digital forensics firm, formally launched operations today and unveiled its team of leading industry and government cyber experts focused on reactive services.
π΄ Global Ransomware Attack on VMware EXSi Hypervisors Continues to Spread π΄
π Read
via "Dark Reading".
The fresh "ESXiArgs" malware is exploiting a 2-year-old RCE security vulnerability (tracked as CVE-2021-21974), resulting in thousands of unpatched servers falling prey to the campaign.π Read
via "Dark Reading".
Dark Reading
Global Ransomware Attack on VMware EXSi Hypervisors Continues to Spread
The fresh "ESXiArgs" malware is exploiting a 2-year-old RCE security vulnerability (tracked as CVE-2021-21974), resulting in thousands of unpatched servers falling prey to the campaign.
π₯1
π΄ Consumer Watchdog Reports: CA Privacy Board OKs Landmark Personal Data Regulations, Some Key Protections Left Out π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Consumer Watchdog Reports: CA Privacy Board OKs Landmark Personal Data Regulations, Some Key Protections Left Out
LOS ANGELES, Feb. 6, 2023 /PRNewswire/ -- After nearly a year of rulemaking and over 1,000 pages of public comments later, the country's first dedicated data privacy agency on Friday approved regulations aimed at giving consumers unprecedented control overβ¦
π΄ Crypto Drainers Are Ready to Ransack Investor Wallets π΄
π Read
via "Dark Reading".
Cryptocurrency drainers are the latest hot ticket being used in a string of lucrative cyberattacks aimed at virtual currency investors.π Read
via "Dark Reading".
Dark Reading
Crypto Drainers Are Ready to Ransack Investor Wallets
Cryptocurrency drainers are the latest hot ticket being used in a string of lucrative cyberattacks aimed at virtual currency investors.
βΌ CVE-2022-48311 βΌ
π Read
via "National Vulnerability Database".
**UNSUPPORTED WHEN ASSIGNED** Cross Site Scripting (XSS) in HP Deskjet 2540 series printer Firmware Version CEP1FN1418BR and Product Model Number A9U23B allows authenticated attacker to inject their own script into the page via HTTP configuration page. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25016 βΌ
π Read
via "National Vulnerability Database".
Couchbase Server before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2 exposes Sensitive Information to an Unauthorized Actor.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23943 βΌ
π Read
via "National Vulnerability Database".
Nextcloud mail is an email app for the nextcloud home server platform. In affected versions the SMTP, IMAP and Sieve host fields allowed to scan for internal services and servers reachable from within the local network of the Nextcloud Server. It is recommended that the Nextcloud Maill app is upgraded to 1.15.0 or 2.2.2. The only known workaround for this issue is to completely disable the nextcloud mail app.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31577 βΌ
π Read
via "National Vulnerability Database".
In Boa, there is a possible escalation of privilege due to a missing permission check. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210008; Issue ID: OSBNB00123241.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42951 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Couchbase Server 6.5.x and 6.6.x before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2. During the start-up of a Couchbase Server node, there is a small window of time (before the cluster management authentication has started) where an attacker can connect to the cluster manager using default credentials.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31578 βΌ
π Read
via "National Vulnerability Database".
In Boa, there is a possible escalation of privilege due to a stack buffer overflow. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210008; Issue ID: OSBNB00123241.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23333 βΌ
π Read
via "National Vulnerability Database".
There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php.π Read
via "National Vulnerability Database".