‼ CVE-2023-22943 ‼
📖 Read
via "National Vulnerability Database".
In Splunk Add-on Builder (AoB) versions below 4.1.2 and the Splunk CloudConnect SDK versions below 3.1.3, requests to third-party APIs through the REST API Modular Input incorrectly revert to using HTTP to connect after a failure to connect over HTTPS occurs. The vulnerability affects AoB and apps that AoB generates when using the REST API Modular Input functionality through its user interface. The vulnerability also potentially affects third-party apps and add-ons that call the *cloudconnectlib.splunktacollectorlib.cloud_connect_mod_input* Python class directly.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22939 ‼
📖 Read
via "National Vulnerability Database".
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘map’ search processing language (SPL) command lets a search [bypass SPL safeguards for risky commands](https://docs.splunk.com/Documentation/Splunk/latest/Security/SPLsafeguards). The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22934 ‼
📖 Read
via "National Vulnerability Database".
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘pivot’ search processing language (SPL) command lets a search bypass [SPL safeguards for risky commands](https://docs.splunk.com/Documentation/Splunk/latest/Security/SPLsafeguards) using a saved search job. The vulnerability requires an authenticated user to craft the saved job and a higher privileged user to initiate a request within their browser. The vulnerability affects instances with Splunk Web enabled.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25565 ‼
📖 Read
via "National Vulnerability Database".
GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, an incorrect free when decoding target information can trigger a denial of service. The error condition incorrectly assumes the `cb` and `sh` buffers contain a copy of the data that needs to be freed. However, that is not the case. This vulnerability can be triggered via the main `gss_accept_sec_context` entry point. This will likely trigger an assertion failure in `free`, causing a denial-of-service. This issue is fixed in version 1.2.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22932 ‼
📖 Read
via "National Vulnerability Database".
In Splunk Enterprise 9.0 versions before 9.0.4, a View allows for Cross-Site Scripting (XSS) through the error message in a Base64-encoded image. The vulnerability affects instances with Splunk Web enabled. It does not affect Splunk Enterprise versions below 9.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41564 ‼
📖 Read
via "National Vulnerability Database".
The Hawk Console component of TIBCO Software Inc.'s TIBCO Hawk and TIBCO Operational Intelligence Hawk RedTail contains a vulnerability that will return the EMS transport password and EMS SSL password to a privileged user. Affected releases are TIBCO Software Inc.'s TIBCO Hawk: versions 6.2.1 and below and TIBCO Operational Intelligence Hawk RedTail: versions 7.2.0 and below.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25567 ‼
📖 Read
via "National Vulnerability Database".
GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication, has an out-of-bounds read when decoding target information prior to version 1.2.0. The length of the `av_pair` is not checked properly for two of the elements which can trigger an out-of-bound read. The out-of-bounds read can be triggered via the main `gss_accept_sec_context` entry point and could cause a denial-of-service if the memory is unmapped. The issue is fixed in version 1.2.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22942 ‼
📖 Read
via "National Vulnerability Database".
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a cross-site request forgery in the Splunk Secure Gateway (SSG) app in the ‘kvstore_client’ REST endpoint lets a potential attacker update SSG [App Key Value Store (KV store)](https://docs.splunk.com/Documentation/Splunk/latest/Admin/AboutKVstore) collections using an HTTP GET request. SSG is a Splunk-built app that comes with Splunk Enterprise. The vulnerability affects instances with SSG and Splunk Web enabled.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22940 ‼
📖 Read
via "National Vulnerability Database".
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases of the ‘collect’ search processing language (SPL) command, including ‘summaryindex’, ‘sumindex’, ‘stash’,’ mcollect’, and ‘meventcollect’, were not designated as safeguarded commands. The commands could potentially allow for the exposing of data to a summary index that unprivileged users could access. The vulnerability requires a higher privileged user to initiate a request within their browser, and only affects instances with Splunk Web enabled.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25566 ‼
📖 Read
via "National Vulnerability Database".
GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, a memory leak can be triggered when parsing usernames which can trigger a denial-of-service. The domain portion of a username may be overridden causing an allocated memory area the size of the domain name to be leaked. An attacker can leak memory via the main `gss_accept_sec_context` entry point, potentially causing a denial-of-service. This issue is fixed in version 1.2.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0830 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in EasyNAS 1.1.0. Affected is the function system of the file /backup.pl. The manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. VDB-220950 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
👍1
🕴 Oakland City Services Struggle to Recover From Ransomware Attack 🕴
📖 Read
via "Dark Reading".
Fire emergency, 911 services functioning, along with Oakland financial systems, city says.📖 Read
via "Dark Reading".
Dark Reading
Oakland City Services Struggle to Recover From Ransomware Attack
Fire emergency, 911 services functioning, along with Oakland financial systems, city says.
⚠ Apple fixes zero-day spyware implant bug – patch now! ⚠
📖 Read
via "Naked Security".
Everyone update now! Except for those who don't need to! Or who need to but will only get updates later on, though Apple isn't saying yet!📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
‼ CVE-2023-21570 ‼
📖 Read
via "National Vulnerability Database".
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21699 ‼
📖 Read
via "National Vulnerability Database".
Windows Internet Storage Name Service (iSNS) Server Information Disclosure Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21717 ‼
📖 Read
via "National Vulnerability Database".
Microsoft SharePoint Server Elevation of Privilege Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21705 ‼
📖 Read
via "National Vulnerability Database".
Microsoft SQL Server Remote Code Execution Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21687 ‼
📖 Read
via "National Vulnerability Database".
HTTP.sys Information Disclosure Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21568 ‼
📖 Read
via "National Vulnerability Database".
Microsoft SQL Server Integration Service (VS extension) Remote Code Execution Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21703 ‼
📖 Read
via "National Vulnerability Database".
Azure Data Box Gateway Remote Code Execution Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21704 ‼
📖 Read
via "National Vulnerability Database".
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability📖 Read
via "National Vulnerability Database".