โผ CVE-2023-24485 โผ
๐ Read
via "National Vulnerability Database".
Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-24483 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual Apps and Desktops Windows VDA.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-23936 โผ
๐ Read
via "National Vulnerability Database".
Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 and prior to version 5.19.1, the undici library does not protect `host` HTTP header from CRLF injection vulnerabilities. This issue is patched in Undici v5.19.1. As a workaround, sanitize the `headers.host` string before passing to undici.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-23752 โผ
๐ Read
via "National Vulnerability Database".
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-24484 โผ
๐ Read
via "National Vulnerability Database".
A malicious user can cause log files to be written to a directory that they do not have permission to write to.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-24807 โผ
๐ Read
via "National Vulnerability Database".
Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.๐ Read
via "National Vulnerability Database".
๐ด Cybersecurity Jobs Remain Secure Despite Recession Fears ๐ด
๐ Read
via "Dark Reading".
Only 10% of corporate executives expect to lay off members of cybersecurity teams in 2023, much lower than other areas, as companies protect hard-to-find skill sets.๐ Read
via "Dark Reading".
Dark Reading
Cybersecurity Jobs Remain Secure Despite Recession Fears
Only 10% of corporate executives expect to lay off members of cybersecurity teams in 2023, much lower than other areas, as companies protect hard-to-find skill sets.
๐ด WatchGuard Launches New Line of Firewall Products to Enhance Unified Security for Remote and Distributed Businesses ๐ด
๐ Read
via "Dark Reading".
Powered by WatchGuardโs Unified Security Platformยฎ architecture, new Fireboxes deliver enhanced performance and added security capabilities that MSPs and IT admins can easily manage in WatchGuard Cloud.๐ Read
via "Dark Reading".
Dark Reading
WatchGuard Launches New Line of Firewall Products to Enhance Unified Security for Remote and Distributed Businesses
Powered by WatchGuardโs Unified Security Platformยฎ architecture, new Fireboxes deliver enhanced performance and added security capabilities that MSPs and IT admins can easily manage in WatchGuard Cloud.
โผ CVE-2022-30303 โผ
๐ Read
via "National Vulnerability Database".
An improper neutralization of special elements used in an os command ('OS Command Injection') [CWE-78] in FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions may allow an authenticated attacker to execute arbitrary shell code as `root` user via crafted HTTP requests.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-38378 โผ
๐ Read
via "National Vulnerability Database".
An improper privilege management vulnerability [CWE-269] in Fortinet FortiOS version 7.2.0 and before 7.0.7 and FortiProxy version 7.2.0 through 7.2.1 and before 7.0.7 allows an attacker that has access to the admin profile section (System subsection Administrator Users) to modify their own profile and upgrade their privileges to Read Write via CLI or GUI commands.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-23782 โผ
๐ Read
via "National Vulnerability Database".
A heap-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb version 6.3.0 through 6.3.19, FortiWeb 6.4 all versions, FortiWeb 6.2 all versions, FortiWeb 6.1 all versions allows attacker to escalation of privilege via specifically crafted arguments to existing commands.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-30300 โผ
๐ Read
via "National Vulnerability Database".
A relative path traversal vulnerability [CWE-23] in FortiWeb 7.0.0 through 7.0.1, 6.3.6 through 6.3.18, 6.4 all versions may allow an authenticated attacker to obtain unauthorized access to files and data via specifically crafted HTTP GET requests.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-30299 โผ
๐ Read
via "National Vulnerability Database".
A path traversal vulnerability [CWE-23] in the API of FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions may allow an authenticated attacker to retrieve specific parts of files from the underlying file system via specially crafted web requests.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-26345 โผ
๐ Read
via "National Vulnerability Database".
Uncontrolled search path element in the Intel(R) oneAPI Toolkit OpenMP before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-30339 โผ
๐ Read
via "National Vulnerability Database".
Out-of-bounds read in firmware for the Intel(R) Integrated Sensor Solution before versions 5.4.2.4579v3, 5.4.1.4479 and 5.0.0.4143 may allow a privileged user to potentially enable denial of service via local access.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-25905 โผ
๐ Read
via "National Vulnerability Database".
Uncontrolled search path element in the Intel(R) oneAPI Data Analytics Library (oneDAL) before version 2021.5 for Intel(R) oneAPI Base Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-26425 โผ
๐ Read
via "National Vulnerability Database".
Uncontrolled search path element in the Intel(R) oneAPI Collective Communications Library (oneCCL) before version 2021.6 for Intel(R) oneAPI Base Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-0187 โผ
๐ Read
via "National Vulnerability Database".
Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-43074 โผ
๐ Read
via "National Vulnerability Database".
An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all versions, 6.3.16 and below, 6.2 all versions, 6.1 all versions, 6.0 all versions; FortiOS 7.0.3 and below, 6.4.8 and below, 6.2 all versions, 6.0 all versions; FortiSwitch 7.0.3 and below, 6.4.10 and below, 6.2 all versions, 6.0 all versions; FortiProxy 7.0.1 and below, 2.0.7 and below, 1.2 all versions, 1.1 all versions, 1.0 all versions may allow an attacker to decrypt portions of the administrative session management cookie if able to intercept the latter.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-26837 โผ
๐ Read
via "National Vulnerability Database".
Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-26840 โผ
๐ Read
via "National Vulnerability Database".
Improper neutralization in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access.๐ Read
via "National Vulnerability Database".