βΌ CVE-2023-0081 βΌ
π Read
via "National Vulnerability Database".
The MonsterInsights WordPress plugin before 8.12.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π Read
via "National Vulnerability Database".
π΄ Cadien Cyber Response Launches to Deliver Incident Response & Complex Digital Forensics Services π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Cadien Cyber Response Launches to Deliver Incident Response & Complex Digital Forensics Services
TYSONS, Va.--(BUSINESS WIRE)-- Cadien Cyber Response, a US-based incident response and complex digital forensics firm, formally launched operations today and unveiled its team of leading industry and government cyber experts focused on reactive services.
π΄ Global Ransomware Attack on VMware EXSi Hypervisors Continues to Spread π΄
π Read
via "Dark Reading".
The fresh "ESXiArgs" malware is exploiting a 2-year-old RCE security vulnerability (tracked as CVE-2021-21974), resulting in thousands of unpatched servers falling prey to the campaign.π Read
via "Dark Reading".
Dark Reading
Global Ransomware Attack on VMware EXSi Hypervisors Continues to Spread
The fresh "ESXiArgs" malware is exploiting a 2-year-old RCE security vulnerability (tracked as CVE-2021-21974), resulting in thousands of unpatched servers falling prey to the campaign.
π₯1
π΄ Consumer Watchdog Reports: CA Privacy Board OKs Landmark Personal Data Regulations, Some Key Protections Left Out π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Consumer Watchdog Reports: CA Privacy Board OKs Landmark Personal Data Regulations, Some Key Protections Left Out
LOS ANGELES, Feb. 6, 2023 /PRNewswire/ -- After nearly a year of rulemaking and over 1,000 pages of public comments later, the country's first dedicated data privacy agency on Friday approved regulations aimed at giving consumers unprecedented control overβ¦
π΄ Crypto Drainers Are Ready to Ransack Investor Wallets π΄
π Read
via "Dark Reading".
Cryptocurrency drainers are the latest hot ticket being used in a string of lucrative cyberattacks aimed at virtual currency investors.π Read
via "Dark Reading".
Dark Reading
Crypto Drainers Are Ready to Ransack Investor Wallets
Cryptocurrency drainers are the latest hot ticket being used in a string of lucrative cyberattacks aimed at virtual currency investors.
βΌ CVE-2022-48311 βΌ
π Read
via "National Vulnerability Database".
**UNSUPPORTED WHEN ASSIGNED** Cross Site Scripting (XSS) in HP Deskjet 2540 series printer Firmware Version CEP1FN1418BR and Product Model Number A9U23B allows authenticated attacker to inject their own script into the page via HTTP configuration page. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25016 βΌ
π Read
via "National Vulnerability Database".
Couchbase Server before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2 exposes Sensitive Information to an Unauthorized Actor.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23943 βΌ
π Read
via "National Vulnerability Database".
Nextcloud mail is an email app for the nextcloud home server platform. In affected versions the SMTP, IMAP and Sieve host fields allowed to scan for internal services and servers reachable from within the local network of the Nextcloud Server. It is recommended that the Nextcloud Maill app is upgraded to 1.15.0 or 2.2.2. The only known workaround for this issue is to completely disable the nextcloud mail app.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31577 βΌ
π Read
via "National Vulnerability Database".
In Boa, there is a possible escalation of privilege due to a missing permission check. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210008; Issue ID: OSBNB00123241.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42951 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Couchbase Server 6.5.x and 6.6.x before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2. During the start-up of a Couchbase Server node, there is a small window of time (before the cluster management authentication has started) where an attacker can connect to the cluster manager using default credentials.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31578 βΌ
π Read
via "National Vulnerability Database".
In Boa, there is a possible escalation of privilege due to a stack buffer overflow. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210008; Issue ID: OSBNB00123241.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23333 βΌ
π Read
via "National Vulnerability Database".
There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31575 βΌ
π Read
via "National Vulnerability Database".
In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210009; Issue ID: OSBNB00123234.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45589 βΌ
π Read
via "National Vulnerability Database".
SQL Injection vulnerability in Talend ESB Runtime 7.3.1-R2022-09-RT thru 8.0.1-R2022-10-RT when using the provisioning service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31576 βΌ
π Read
via "National Vulnerability Database".
In Boa, there is a possible information disclosure due to a missing permission check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210008; Issue ID: OSBNB00123241.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31574 βΌ
π Read
via "National Vulnerability Database".
In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210009; Issue ID: OSBNB00123234.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48166 βΌ
π Read
via "National Vulnerability Database".
An access control issue in Wavlink WL-WN530HG4 M30HG4.V5030.201217 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42439 βΌ
π Read
via "National Vulnerability Database".
IBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 and 12.0.5.0 contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party systemΓ’β¬β’s credentials to be exposed to a privileged attacker. IBM X-Force ID: 238211.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42950 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Couchbase Server 7.x before 7.0.5 and 7.1.x before 7.1.2. A crafted HTTP REST request from an administrator account to the Couchbase Server Backup Service can exhaust memory resources, causing the process to be killed, which can be used for denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23942 βΌ
π Read
via "National Vulnerability Database".
The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as `strong`, `em` and `head` lines in the UI of the desktop client. The lack of sanitisation may allow for javascript injection. It is recommended that the Nextcloud Desktop Client is upgraded to 3.6.3. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44268 βΌ
π Read
via "National Vulnerability Database".
ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).π Read
via "National Vulnerability Database".