‼ CVE-2023-21428 ‼
📖 Read
via "National Vulnerability Database".
Improper input validation vulnerability in TelephonyUI prior to SMR Jan-2023 Release 1 allows attackers to configure Preferred Call. The patch removes unused code.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21436 ‼
📖 Read
via "National Vulnerability Database".
Improper usage of implicit intent in Contacts prior to SMR Feb-2023 Release 1 allows attacker to get account ID.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22798 ‼
📖 Read
via "National Vulnerability Database".
Prior to commit 51867e0d15a6d7f80d5b714fd0e9976b9c160bb0, https://github.com/brave/adblock-lists removed redirect interceptors on some websites like Facebook in which the redirect interceptor may have been there for security purposes. This could potentially cause open redirects on these websites. Brave's redirect interceptor removal feature is known as "debouncing" and is intended to remove unnecessary redirects that track users across the web.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2023-23912 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to the WAN interface of an affected device to create a remote code execution vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24687 ‼
📖 Read
via "National Vulnerability Database".
Mojoportal v2.7.0.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Company Info Settings component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtCompanyName parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22796 ‼
📖 Read
via "National Vulnerability Database".
A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24322 ‼
📖 Read
via "National Vulnerability Database".
A reflected cross-site scripting (XSS) vulnerability in the FileDialog.aspx component of mojoPortal v2.7.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ed and tbi parameters.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21441 ‼
📖 Read
via "National Vulnerability Database".
Insufficient Verification of Data Authenticity vulnerability in Routine prior to versions 2.6.30.6 in Android Q(10), 3.1.21.10 in Android R(11) and 3.5.2.23 in Android S(12) allows local attacker to access protected files via unused code.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22797 ‼
📖 Read
via "National Vulnerability Database".
An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could allow an attacker to bypass with a carefully crafted URL resulting in an open redirect vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22795 ‼
📖 Read
via "National Vulnerability Database".
A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22799 ‼
📖 Read
via "National Vulnerability Database".
A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediately.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24689 ‼
📖 Read
via "National Vulnerability Database".
An issue in Mojoportal v2.7.0.0 and below allows an authenticated attacker to list all css files inside the root path of the webserver via manipulation of the "s" parameter in /DesignTools/ManageSkin.aspx📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24688 ‼
📖 Read
via "National Vulnerability Database".
An issue in Mojoportal v2.7.0.0 allows an unauthenticated attacker to register a new user even if the Allow User Registrations feature is disabled.📖 Read
via "National Vulnerability Database".
🕴 NewsPenguin Goes Phishing for Maritime & Military Secrets 🕴
📖 Read
via "Dark Reading".
A sophisticated cyber-espionage attack against high-value targets attending a maritime technology conference in Pakistan this weekend has been in the works since last year.📖 Read
via "Dark Reading".
Dark Reading
NewsPenguin Goes Phishing for Maritime & Military Secrets
A sophisticated cyber-espionage attack against high-value targets attending a maritime technology conference in Pakistan this weekend has been in the works since last year.
🕴 Reddit Breached With Stolen Employee Credentials 🕴
📖 Read
via "Dark Reading".
Reddit code, internal documents, dashboards, and business systems were compromised in the cyberattack.📖 Read
via "Dark Reading".
Dark Reading
Reddit Breached With Stolen Employee Credentials
Reddit code, internal documents, dashboards, and business systems were compromised in the cyberattack.
📢 The case for an accelerated device refresh cycle 📢
📖 Read
via "ITPro".
Achieving a more cost-effective device lifecycle overall📖 Read
via "ITPro".
ITPro
The case for an accelerated device refresh cycle
Achieving a more cost-effective device lifecycle overall
📢 Why technology, cyber and privacy risk management are critical for digital transformation 📢
📖 Read
via "ITPro".
How ServiceNow Integrated Risk Management helps you embrace the digital future📖 Read
via "ITPro".
ITPro
Why technology, cyber and privacy risk management are critical for digital transformation
How ServiceNow Integrated Risk Management helps you embrace the digital future
📢 Automation: The key to optimised server management 📢
📖 Read
via "ITPro".
Deliver modern digital end-user experiences, innovate with data, and more flexibly deliver IT services📖 Read
via "ITPro".
ITPro
Automation: The key to optimised server management
Deliver modern digital end-user experiences, innovate with data, and more flexibly deliver IT services
📢 Cyber resiliency and end-user performance 📢
📖 Read
via "ITPro".
Reduce risk and deliver greater business success with cyber-resilience capabilities📖 Read
via "ITPro".
ITPro
Cyber resiliency and end-user performance
Reduce risk and deliver greater business success with cyber-resilience capabilities
📢 What is spell-jacking? 📢
📖 Read
via "ITPro".
Spell-jacking vulnerabilities are threatening to unwittingly leak data to third parties, undermining any drive to protect privacy📖 Read
via "ITPro".
ITPro
What is the spell-jacking vulnerability and how can your business avoid exposing data?
Spell-jacking vulnerabilities are threatening to unwittingly leak data to third parties, undermining any drive to protect privacy
📢 TD Synnex launches free security self-assessments for VMware partners 📢
📖 Read
via "ITPro".
Partners can now offer clients three specially-designed surveys, worth tens of thousands, to help drive new business potential📖 Read
via "ITPro".
channelpro
TD Synnex launches free security self-assessments for VMware partners
Partners can now offer clients three specially-designed surveys, worth tens of thousands, to help drive new business potential