βΌ CVE-2023-25567 βΌ
π Read
via "National Vulnerability Database".
GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication, has an out-of-bounds read when decoding target information prior to version 1.2.0. The length of the `av_pair` is not checked properly for two of the elements which can trigger an out-of-bound read. The out-of-bounds read can be triggered via the main `gss_accept_sec_context` entry point and could cause a denial-of-service if the memory is unmapped. The issue is fixed in version 1.2.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22942 βΌ
π Read
via "National Vulnerability Database".
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a cross-site request forgery in the Splunk Secure Gateway (SSG) app in the Γ’β¬Λkvstore_clientΓ’β¬β’ REST endpoint lets a potential attacker update SSG [App Key Value Store (KV store)](https://docs.splunk.com/Documentation/Splunk/latest/Admin/AboutKVstore) collections using an HTTP GET request. SSG is a Splunk-built app that comes with Splunk Enterprise. The vulnerability affects instances with SSG and Splunk Web enabled.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22940 βΌ
π Read
via "National Vulnerability Database".
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases of the Γ’β¬ΛcollectΓ’β¬β’ search processing language (SPL) command, including Γ’β¬ΛsummaryindexΓ’β¬β’, Γ’β¬ΛsumindexΓ’β¬β’, Γ’β¬ΛstashΓ’β¬β’,Γ’β¬β’ mcollectΓ’β¬β’, and Γ’β¬ΛmeventcollectΓ’β¬β’, were not designated as safeguarded commands. The commands could potentially allow for the exposing of data to a summary index that unprivileged users could access. The vulnerability requires a higher privileged user to initiate a request within their browser, and only affects instances with Splunk Web enabled.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25566 βΌ
π Read
via "National Vulnerability Database".
GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, a memory leak can be triggered when parsing usernames which can trigger a denial-of-service. The domain portion of a username may be overridden causing an allocated memory area the size of the domain name to be leaked. An attacker can leak memory via the main `gss_accept_sec_context` entry point, potentially causing a denial-of-service. This issue is fixed in version 1.2.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0830 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in EasyNAS 1.1.0. Affected is the function system of the file /backup.pl. The manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. VDB-220950 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
π1
π΄ Oakland City Services Struggle to Recover From Ransomware Attack π΄
π Read
via "Dark Reading".
Fire emergency, 911 services functioning, along with Oakland financial systems, city says.π Read
via "Dark Reading".
Dark Reading
Oakland City Services Struggle to Recover From Ransomware Attack
Fire emergency, 911 services functioning, along with Oakland financial systems, city says.
β Apple fixes zero-day spyware implant bug β patch now! β
π Read
via "Naked Security".
Everyone update now! Except for those who don't need to! Or who need to but will only get updates later on, though Apple isn't saying yet!π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2023-21570 βΌ
π Read
via "National Vulnerability Database".
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-21699 βΌ
π Read
via "National Vulnerability Database".
Windows Internet Storage Name Service (iSNS) Server Information Disclosure Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-21717 βΌ
π Read
via "National Vulnerability Database".
Microsoft SharePoint Server Elevation of Privilege Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-21705 βΌ
π Read
via "National Vulnerability Database".
Microsoft SQL Server Remote Code Execution Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-21687 βΌ
π Read
via "National Vulnerability Database".
HTTP.sys Information Disclosure Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-21568 βΌ
π Read
via "National Vulnerability Database".
Microsoft SQL Server Integration Service (VS extension) Remote Code Execution Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-21703 βΌ
π Read
via "National Vulnerability Database".
Azure Data Box Gateway Remote Code Execution Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-21704 βΌ
π Read
via "National Vulnerability Database".
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-21706 βΌ
π Read
via "National Vulnerability Database".
Microsoft Exchange Server Remote Code Execution Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-21701 βΌ
π Read
via "National Vulnerability Database".
Microsoft Protected Extensible Authentication Protocol (PEAP) Denial of Service Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-21714 βΌ
π Read
via "National Vulnerability Database".
Microsoft Office Information Disclosure Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-21713 βΌ
π Read
via "National Vulnerability Database".
Microsoft SQL Server Remote Code Execution Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-21528 βΌ
π Read
via "National Vulnerability Database".
Microsoft SQL Server Remote Code Execution Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-21694 βΌ
π Read
via "National Vulnerability Database".
Windows Fax Service Remote Code Execution Vulnerabilityπ Read
via "National Vulnerability Database".