βΌ CVE-2021-23938 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38779 βΌ
π Read
via "National Vulnerability Database".
An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL.π Read
via "National Vulnerability Database".
π΄ How to Stop Attackers That Target Healthcare Imaging Data π΄
π Read
via "Dark Reading".
Attribute-based encryption could help keep sensitive metadata off of the Dark Web.π Read
via "Dark Reading".
Dark Reading
How to Stop Attackers That Target Healthcare Imaging Data
Attribute-based encryption could help keep sensitive metadata off of the Dark Web.
βΌ CVE-2023-24108 βΌ
π Read
via "National Vulnerability Database".
MvcTools 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737 was discovered to contain a code execution backdoor via the request package (requirements.txt). This vulnerability allows attackers to access sensitive user information and execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0947 βΌ
π Read
via "National Vulnerability Database".
Path Traversal in GitHub repository flatpressblog/flatpress prior to 1.3.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2883 βΌ
π Read
via "National Vulnerability Database".
In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Serviceπ Read
via "National Vulnerability Database".
βΌ CVE-2023-24107 βΌ
π Read
via "National Vulnerability Database".
hour_of_code_python_2015 commit 520929797b9ca43bb818b2e8f963fb2025459fa3 was discovered to contain a code execution backdoor via the request package (requirements.txt). This vulnerability allows attackers to access sensitive user information and execute arbitrary code.π Read
via "National Vulnerability Database".
ποΈ Cisco ClamAV anti-malware scanner vulnerable to serious security flaw ποΈ
π Read
via "The Daily Swig".
Patch released for bug that poses a critical risk to vulnerable technologiesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Cisco ClamAV anti-malware scanner vulnerable to serious security flaw
Patch released for bug that poses a critical risk to vulnerable technologies
π2π₯1
π΄ Exploit Code Released for Critical Fortinet RCE Bug π΄
π Read
via "Dark Reading".
Organizations are urged to update to the latest versions of FortiNAC to patch a flaw that allows unauthenticated attackers to write arbitrary files on the system.π Read
via "Dark Reading".
Dark Reading
Exploit Code Released for Critical Fortinet RCE Bug
Organizations are urged to update to the latest versions of FortiNAC to patch a flaw that allows unauthenticated attackers to write arbitrary files on the system.
π΄ Trend Micro Acquires SOC Technology Expert Anlyz π΄
π Read
via "Dark Reading".
Technology tuck-in enhances industry's broadest XDR security platform.π Read
via "Dark Reading".
Dark Reading
Trend Micro Acquires SOC Technology Expert Anlyz
Technology tuck-in enhances industry's broadest XDR security platform.
π Zeek 5.0.7 π
π Read
via "Packet Storm Security".
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
Zeek 5.0.7 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π1
βΌ CVE-2022-41217 βΌ
π Read
via "National Vulnerability Database".
Cloudflow contains a unauthenticated file upload vulnerability, which makes it possible for an attacker to upload malicious files to the CLOUDFLOW PROOFSCOPE built-in storage.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41216 βΌ
π Read
via "National Vulnerability Database".
Local File Inclusion vulnerability within Cloudflow allows attackers to retrieve confidential information from the system.π Read
via "National Vulnerability Database".
π΄ Xcitium Brings 'Zero Dwell' Capability to Legacy EDR Platforms π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Xcitium Brings 'Zero Dwell' Capability to Legacy EDR Platforms
BLOOMFIELD, N.J., Feb. 21, 2023 (GLOBE NEWSWIRE) -- Xcitium, a security platform provider focused on preventing damage caused by Malware, today announced availability of its advanced endpoint security solution, ZeroDwell Containment, for customers with orβ¦
βΌ CVE-2023-23063 βΌ
π Read
via "National Vulnerability Database".
Cellinx NVT v1.0.6.002b is vulnerable to local file disclosure.π Read
via "National Vulnerability Database".
π΄ Phishing Fears Ramp Up on Email, Collaboration Platforms π΄
π Read
via "Dark Reading".
It's a banner year for attacks coming through traditional email as well as newer collaboration technologies, such as Slack and Microsoft Teams. What's next?π Read
via "Dark Reading".
Dark Reading
Phishing Fears Ramp Up on Email, Collaboration Platforms
It's a banner year for attacks coming through traditional email as well as newer collaboration technologies, such as Slack and Microsoft Teams. What's next?
π΄ Google Delivers Record-Breaking $12M in Bug Bounties π΄
π Read
via "Dark Reading".
Google's Android and Chrome Vulnerability Reward Programs (VRPs) in particular saw hundreds of valid reports and payouts for security vulnerabilities discovered by ethical hackers.π Read
via "Dark Reading".
Dark Reading
Google Delivers Record-Breaking $12M in Bug Bounties
Google's Android and Chrome Vulnerability Reward Programs (VRPs) in particular saw hundreds of valid reports and payouts for security vulnerabilities discovered by ethical hackers.
π΄ Headwinds Don't Have to Be a Drag on Your Security Effectiveness π΄
π Read
via "Dark Reading".
Despite increased threats, an uncertain economy, and increasing automation, your organization can still thrive.π Read
via "Dark Reading".
Dark Reading
Headwinds Don't Have to Be a Drag on Your Security Effectiveness
Despite increased threats, an uncertain economy, and increasing automation, your organization can still thrive.
βΌ CVE-2022-43870 βΌ
π Read
via "National Vulnerability Database".
IBM Spectrum Virtualize 8.3, 8.4, and 8.5 could disclose SNMPv3 server credentials to an authenticated user in log files. IBM X-Force ID: 239540.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41566 βΌ
π Read
via "National Vulnerability Database".
The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute stored XSS on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 5.6.0 and below.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23040 βΌ
π Read
via "National Vulnerability Database".
TP-Link router TL-WR940N V6 3.19.1 Build 180119 uses a deprecated MD5 algorithm to hash the admin password used for basic authentication.π Read
via "National Vulnerability Database".