‼ CVE-2023-25156 ‼
📖 Read
via "National Vulnerability Database".
Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. This makes it easier to attempt brute-force attacks against the login page. Users should upgrade to v12.0 or later to receive a patch. As a workaround, users may install and configure a rate-limiting proxy in front of Kiwi TCMS.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25191 ‼
📖 Read
via "National Vulnerability Database".
AMI MegaRAC SPX devices allow Password Disclosure through Redfish. The fixed versions are SPx_12-update-7.00 and SPx_13-update-5.00.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25578 ‼
📖 Read
via "National Vulnerability Database".
Starlite is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to version 1.5.2, the request body parsing in `starlite` allows a potentially unauthenticated attacker to consume a large amount of CPU time and RAM. The multipart body parser processes an unlimited number of file parts and an unlimited number of field parts. This is a remote, potentially unauthenticated Denial of Service vulnerability. This vulnerability affects applications with a request handler that accepts a `Body(media_type=RequestEncodingType.MULTI_PART)`. The large amount of CPU time required for processing requests can block all available worker processes and significantly delay or slow down the processing of legitimate user requests. The large amount of RAM accumulated while processing requests can lead to Out-Of-Memory kills. Complete DoS is achievable by sending many concurrent multipart requests in a loop. Version 1.51.2 contains a patch for this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25171 ‼
📖 Read
via "National Vulnerability Database".
Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. This makes it easier to attempt denial-of-service attacks against the Password reset page. An attacker could potentially send a large number of emails if they know the email addresses of users in Kiwi TCMS. Additionally that may strain SMTP resources. Users should upgrade to v12.0 or later to receive a patch. As potential workarounds, users may install and configure a rate-limiting proxy in front of Kiwi TCMS and/or configure rate limits on their email server when possible.📖 Read
via "National Vulnerability Database".
🕴 Build Cyber Resiliency With These Security Threat-Mitigation Considerations 🕴
📖 Read
via "Dark Reading".
CISOs need to define their risk tolerance, identify specific critical data, and make changes based on strategic business goals.📖 Read
via "Dark Reading".
Dark Reading
Build Cyber Resiliency With These Security Threat-Mitigation Considerations
CISOs need to define their risk tolerance, identify specific critical data, and make changes based on strategic business goals.
🛠 Clam AntiVirus Toolkit 1.0.1 🛠
📖 Read
via "Packet Storm Security".
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software. This is the LTS source code release.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Clam AntiVirus Toolkit 1.0.1 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🕴 What Purple Teams Wish Companies Knew 🕴
📖 Read
via "Dark Reading".
Here are some of the easily avoidable mistakes most companies made last year, gleaned from hundreds of cybersecurity engagements by red and blue teams.📖 Read
via "Dark Reading".
Dark Reading
What Purple Teams Wish Companies Knew
Here are some of the easily avoidable mistakes most companies made last year, gleaned from hundreds of cybersecurity engagements by red and blue teams.
‼ CVE-2023-22804 ‼
📖 Read
via "National Vulnerability Database".
LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to create users on the PLC. This could allow an attacker to create and use an account with elevated privileges and take control of the device.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46892 ‼
📖 Read
via "National Vulnerability Database".
In Ampere AltraMax and Ampere Altra before 2.10c, improper access controls allows the OS to reinitialize a disabled root complex.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22807 ‼
📖 Read
via "National Vulnerability Database".
LS ELECTRIC XBC-DN32U with operating system version 01.80 does not properly control access to the PLC over its internal XGT protocol. An attacker could control and tamper with the PLC by sending the packets to the PLC over its XGT protocol.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22805 ‼
📖 Read
via "National Vulnerability Database".
LS ELECTRIC XBC-DN32U with operating system version 01.80 has improper access control to its read prohibition feature. This could allow a remote attacker to remotely set the feature to lock users out of reading data from the device.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45586 ‼
📖 Read
via "National Vulnerability Database".
Stack overflow vulnerability in function Dict::find in xpdf/Dict.cc in xpdf 4.04, allows local attackers to cause a denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0361 ‼
📖 Read
via "National Vulnerability Database".
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45587 ‼
📖 Read
via "National Vulnerability Database".
Stack overflow vulnerability in function gmalloc in goo/gmem.cc in xpdf 4.04, allows local attackers to cause a denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0103 ‼
📖 Read
via "National Vulnerability Database".
If an attacker were to access memory locations of LS ELECTRIC XBC-DN32U with operating system version 01.80 that are outside of the communication buffer, the device stops operating. This could allow an attacker to cause a denial-of-service condition.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0102 ‼
📖 Read
via "National Vulnerability Database".
LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication for its deletion command. This could allow an attacker to delete arbitrary files.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22806 ‼
📖 Read
via "National Vulnerability Database".
LS ELECTRIC XBC-DN32U with operating system version 01.80 transmits sensitive information in cleartext when communicating over its XGT protocol. This could allow an attacker to gain sensitive information such as user credentials.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2023-22803 ‼
📖 Read
via "National Vulnerability Database".
LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to perform critical functions to the PLC. This could allow an attacker to change the PLC's mode arbitrarily.📖 Read
via "National Vulnerability Database".
🕴 3 Ways CISOs Can Lead Effectively and Avoid Burnout 🕴
📖 Read
via "Dark Reading".
Information security is a high-stakes field with sky-high expectations. Here's how CISOs can offset the pressures and stay healthy.📖 Read
via "Dark Reading".
Dark Reading
3 Ways CISOs Can Lead Effectively and Avoid Burnout
Information security is a high-stakes field with sky-high expectations. Here's how CISOs can can offset the pressures and stay healthy.
👍1
🕴 Brivo Reveals Top Security Trends for 2023: Convenience Is King in Securing the Hybrid Workplaces of the Future 🕴
📖 Read
via "Dark Reading".
Factoring user experience and convenience into how employees and tenants access buildings is top concern for security professionals says benchmark industry survey.📖 Read
via "Dark Reading".
Dark Reading
Brivo Reveals Top Security Trends for 2023: Convenience Is King in Securing the Hybrid Workplaces of the Future
Factoring user experience and convenience into how employees and tenants access buildings is top concern for security professionals says benchmark industry survey.
🕴 GAO Calls for Improved Data Privacy Protections 🕴
📖 Read
via "Dark Reading".
US federal watchdog agency outlines key measures for better protecting sensitive data under the federal government's control.📖 Read
via "Dark Reading".
Dark Reading
GAO Calls for Improved Data Privacy Protections
US federal watchdog agency outlines key measures for better protecting sensitive data under the federal government's control.