‼ CVE-2023-26020 ‼
📖 Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crafter Studio on Linux, MacOS, Windows, x86, ARM, 64 bit allows SQL Injection.This issue affects CrafterCMS v4.0 from 4.0.0 through 4.0.1, and v3.1 from 3.1.0 through 3.1.26.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32142 ‼
📖 Read
via "National Vulnerability Database".
Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33391 ‼
📖 Read
via "National Vulnerability Database".
An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitrary code via the -g option of the CleanNode() function in gdoc.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32163 ‼
📖 Read
via "National Vulnerability Database".
Authentication vulnerability in MOSN v.0.23.0 allows attacker to escalate privileges via case-sensitive JWT authorization.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33983 ‼
📖 Read
via "National Vulnerability Database".
Buffer Overflow vulnerability in Dvidelabs flatcc v.0.6.0 allows local attacker to execute arbitrary code via the fltacc execution of the error_ref_sym function.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33949 ‼
📖 Read
via "National Vulnerability Database".
An issue in FeMiner WMS v1.1 allows attackers to execute arbitrary code via the filename parameter and the exec function.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24785 ‼
📖 Read
via "National Vulnerability Database".
An issue in Giorgio Tani peazip v.9.0.0 allows attackers to cause a denial of service via the End of Archive tag function of the peazip/pea UNPEA feature.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32419 ‼
📖 Read
via "National Vulnerability Database".
An issue in Schism Tracker v20200412 fixed in v.20200412 allows attacker to obtain sensitive information via the fmt_mtm_load_song function in fmt/mtm.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33950 ‼
📖 Read
via "National Vulnerability Database".
An issue discovered in OpenKM v6.3.10 allows attackers to obtain sensitive information via the XMLTextExtractor function.📖 Read
via "National Vulnerability Database".
🕴 Not Stoked: Burton Snowboards' Online Orders Disrupted After Cyberattack 🕴
📖 Read
via "Dark Reading".
The snow sports specialist is investigating to see what caused the operations-disrupting "cyber incident."📖 Read
via "Dark Reading".
Dark Reading
Not Stoked: Burton Snowboards' Online Orders Disrupted After Cyberattack
The snow sports specialist is investigating to see what caused the operations-disrupting "cyber incident."
🕴 Inglis Retires as National Cyber Director Ahead of Biden's Cybersecurity EO 🕴
📖 Read
via "Dark Reading".
The long-time NSA and cyber specialist says he's exiting the public sector.📖 Read
via "Dark Reading".
Dark Reading
Inglis Retires as National Cyber Director Ahead of Biden's Cybersecurity EO
The long-time NSA and cyber specialist says he's exiting the public sector.
🕴 Novel Spy Group Targets Telecoms in 'Precision-Targeted' Cyberattacks 🕴
📖 Read
via "Dark Reading".
The primary victims so far have been employees of telcos in the Middle East, who were hit with custom backdoors via the cloud, in a likely precursor to a broader attack.📖 Read
via "Dark Reading".
Dark Reading
Novel Spy Group Targets Telecoms in 'Precision-Targeted' Cyberattacks
The primary victims so far have been employees of telcos in the Middle East, who were hit with custom backdoors via the cloud, in a likely precursor to a broader attack.
🕴 Google Translate Helps BEC Groups Scam Companies in Any Language 🕴
📖 Read
via "Dark Reading".
BEC gangs Midnight Hedgehog and Mandarin Capybara show how online marketing and translation tools are making it easy for these threat groups to scale internationally.📖 Read
via "Dark Reading".
Dark Reading
Google Translate Helps BEC Groups Scam Companies in Any Language
BEC gangs Midnight Hedgehog and Mandarin Capybara show how online marketing and translation tools are making it easy for these threat groups to scale internationally.
🕴 Check Point Boosts AppSec Focus With CNAPP Enhancements 🕴
📖 Read
via "Dark Reading".
Established network security players like Check Point are responding to the shift to cloud-native applications, which have exposed more vulnerabilities in open source software supply chains.📖 Read
via "Dark Reading".
Dark Reading
Check Point Boosts AppSec Focus With CNAPP Enhancements
Established network security players are responding to the shift to cloud-native applications, which have exposed more vulnerabilities in open source software supply chains.
‼ CVE-2023-22233 ‼
📖 Read
via "National Vulnerability Database".
After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21575 ‼
📖 Read
via "National Vulnerability Database".
Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22239 ‼
📖 Read
via "National Vulnerability Database".
After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23064 ‼
📖 Read
via "National Vulnerability Database".
TOTOLINK A720R V4.1.5cu.532_ B20210610 is vulnerable to Incorrect Access Control.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22228 ‼
📖 Read
via "National Vulnerability Database".
Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21621 ‼
📖 Read
via "National Vulnerability Database".
FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22243 ‼
📖 Read
via "National Vulnerability Database".
Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".