🕴 7 Critical Cloud Threats Facing the Enterprise in 2023 🕴
📖 Read
via "Dark Reading".
From shadow data to misconfigurations, and overpermissioning to multicloud sprawl, Dark Reading's cloud security slideshow helps security pros understand the threat horizon.📖 Read
via "Dark Reading".
Dark Reading
7 Critical Cloud Threats Facing the Enterprise in 2023
From shadow data to misconfigs, and overpermissioning to multicloud sprawl, our cloud security slideshow helps security pros understand the threat horizon.
🕴 Avast Threat Report: Consumers Plagued With Refund Fraud, Tech Support Scams, and Adware 🕴
📖 Read
via "Dark Reading".
Avast researchers also discovered and reported two zero-day vulnerabilities, and observed the spread of information-stealing malware, remote access trojans, and botnets.📖 Read
via "Dark Reading".
Dark Reading
Avast Threat Report: Consumers Plagued With Refund Fraud, Tech Support Scams, and Adware
Avast researchers also discovered and reported two zero-day vulnerabilities, and observed the spread of information-stealing malware, remote access trojans, and botnets.
‼ CVE-2023-21435 ‼
📖 Read
via "National Vulnerability Database".
Exposure of Sensitive Information vulnerability in Fingerprint TA prior to SMR Feb-2023 Release 1 allows attackers to access the memory address information via log.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21429 ‼
📖 Read
via "National Vulnerability Database".
Improper usage of implict intent in ePDG prior to SMR JAN-2023 Release 1 allows attacker to access SSID.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21423 ‼
📖 Read
via "National Vulnerability Database".
Improper authorization vulnerability in ChnFileShareKit prior to SMR Jan-2023 Release 1 allows attacker to control BLE advertising without permission using unprotected action.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22792 ‼
📖 Read
via "National Vulnerability Database".
A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21447 ‼
📖 Read
via "National Vulnerability Database".
Improper access control vulnerabilities in Samsung Cloud prior to version 5.3.0.32 allows local attackers to access information with Samsung Cloud's privilege via implicit intent.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43552 ‼
📖 Read
via "National Vulnerability Database".
A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24323 ‼
📖 Read
via "National Vulnerability Database".
Mojoportal v2.7 was discovered to contain an authenticated XML external entity (XXE) injection vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21428 ‼
📖 Read
via "National Vulnerability Database".
Improper input validation vulnerability in TelephonyUI prior to SMR Jan-2023 Release 1 allows attackers to configure Preferred Call. The patch removes unused code.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21436 ‼
📖 Read
via "National Vulnerability Database".
Improper usage of implicit intent in Contacts prior to SMR Feb-2023 Release 1 allows attacker to get account ID.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22798 ‼
📖 Read
via "National Vulnerability Database".
Prior to commit 51867e0d15a6d7f80d5b714fd0e9976b9c160bb0, https://github.com/brave/adblock-lists removed redirect interceptors on some websites like Facebook in which the redirect interceptor may have been there for security purposes. This could potentially cause open redirects on these websites. Brave's redirect interceptor removal feature is known as "debouncing" and is intended to remove unnecessary redirects that track users across the web.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2023-23912 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to the WAN interface of an affected device to create a remote code execution vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24687 ‼
📖 Read
via "National Vulnerability Database".
Mojoportal v2.7.0.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Company Info Settings component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtCompanyName parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22796 ‼
📖 Read
via "National Vulnerability Database".
A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24322 ‼
📖 Read
via "National Vulnerability Database".
A reflected cross-site scripting (XSS) vulnerability in the FileDialog.aspx component of mojoPortal v2.7.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ed and tbi parameters.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21441 ‼
📖 Read
via "National Vulnerability Database".
Insufficient Verification of Data Authenticity vulnerability in Routine prior to versions 2.6.30.6 in Android Q(10), 3.1.21.10 in Android R(11) and 3.5.2.23 in Android S(12) allows local attacker to access protected files via unused code.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22797 ‼
📖 Read
via "National Vulnerability Database".
An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could allow an attacker to bypass with a carefully crafted URL resulting in an open redirect vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22795 ‼
📖 Read
via "National Vulnerability Database".
A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22799 ‼
📖 Read
via "National Vulnerability Database".
A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediately.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24689 ‼
📖 Read
via "National Vulnerability Database".
An issue in Mojoportal v2.7.0.0 and below allows an authenticated attacker to list all css files inside the root path of the webserver via manipulation of the "s" parameter in /DesignTools/ManageSkin.aspx📖 Read
via "National Vulnerability Database".