βΌ CVE-2023-24107 βΌ
π Read
via "National Vulnerability Database".
hour_of_code_python_2015 commit 520929797b9ca43bb818b2e8f963fb2025459fa3 was discovered to contain a code execution backdoor via the request package (requirements.txt). This vulnerability allows attackers to access sensitive user information and execute arbitrary code.π Read
via "National Vulnerability Database".
ποΈ Cisco ClamAV anti-malware scanner vulnerable to serious security flaw ποΈ
π Read
via "The Daily Swig".
Patch released for bug that poses a critical risk to vulnerable technologiesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Cisco ClamAV anti-malware scanner vulnerable to serious security flaw
Patch released for bug that poses a critical risk to vulnerable technologies
π2π₯1
π΄ Exploit Code Released for Critical Fortinet RCE Bug π΄
π Read
via "Dark Reading".
Organizations are urged to update to the latest versions of FortiNAC to patch a flaw that allows unauthenticated attackers to write arbitrary files on the system.π Read
via "Dark Reading".
Dark Reading
Exploit Code Released for Critical Fortinet RCE Bug
Organizations are urged to update to the latest versions of FortiNAC to patch a flaw that allows unauthenticated attackers to write arbitrary files on the system.
π΄ Trend Micro Acquires SOC Technology Expert Anlyz π΄
π Read
via "Dark Reading".
Technology tuck-in enhances industry's broadest XDR security platform.π Read
via "Dark Reading".
Dark Reading
Trend Micro Acquires SOC Technology Expert Anlyz
Technology tuck-in enhances industry's broadest XDR security platform.
π Zeek 5.0.7 π
π Read
via "Packet Storm Security".
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
Zeek 5.0.7 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π1
βΌ CVE-2022-41217 βΌ
π Read
via "National Vulnerability Database".
Cloudflow contains a unauthenticated file upload vulnerability, which makes it possible for an attacker to upload malicious files to the CLOUDFLOW PROOFSCOPE built-in storage.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41216 βΌ
π Read
via "National Vulnerability Database".
Local File Inclusion vulnerability within Cloudflow allows attackers to retrieve confidential information from the system.π Read
via "National Vulnerability Database".
π΄ Xcitium Brings 'Zero Dwell' Capability to Legacy EDR Platforms π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Xcitium Brings 'Zero Dwell' Capability to Legacy EDR Platforms
BLOOMFIELD, N.J., Feb. 21, 2023 (GLOBE NEWSWIRE) -- Xcitium, a security platform provider focused on preventing damage caused by Malware, today announced availability of its advanced endpoint security solution, ZeroDwell Containment, for customers with orβ¦
βΌ CVE-2023-23063 βΌ
π Read
via "National Vulnerability Database".
Cellinx NVT v1.0.6.002b is vulnerable to local file disclosure.π Read
via "National Vulnerability Database".
π΄ Phishing Fears Ramp Up on Email, Collaboration Platforms π΄
π Read
via "Dark Reading".
It's a banner year for attacks coming through traditional email as well as newer collaboration technologies, such as Slack and Microsoft Teams. What's next?π Read
via "Dark Reading".
Dark Reading
Phishing Fears Ramp Up on Email, Collaboration Platforms
It's a banner year for attacks coming through traditional email as well as newer collaboration technologies, such as Slack and Microsoft Teams. What's next?
π΄ Google Delivers Record-Breaking $12M in Bug Bounties π΄
π Read
via "Dark Reading".
Google's Android and Chrome Vulnerability Reward Programs (VRPs) in particular saw hundreds of valid reports and payouts for security vulnerabilities discovered by ethical hackers.π Read
via "Dark Reading".
Dark Reading
Google Delivers Record-Breaking $12M in Bug Bounties
Google's Android and Chrome Vulnerability Reward Programs (VRPs) in particular saw hundreds of valid reports and payouts for security vulnerabilities discovered by ethical hackers.
π΄ Headwinds Don't Have to Be a Drag on Your Security Effectiveness π΄
π Read
via "Dark Reading".
Despite increased threats, an uncertain economy, and increasing automation, your organization can still thrive.π Read
via "Dark Reading".
Dark Reading
Headwinds Don't Have to Be a Drag on Your Security Effectiveness
Despite increased threats, an uncertain economy, and increasing automation, your organization can still thrive.
βΌ CVE-2022-43870 βΌ
π Read
via "National Vulnerability Database".
IBM Spectrum Virtualize 8.3, 8.4, and 8.5 could disclose SNMPv3 server credentials to an authenticated user in log files. IBM X-Force ID: 239540.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41566 βΌ
π Read
via "National Vulnerability Database".
The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute stored XSS on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 5.6.0 and below.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23040 βΌ
π Read
via "National Vulnerability Database".
TP-Link router TL-WR940N V6 3.19.1 Build 180119 uses a deprecated MD5 algorithm to hash the admin password used for basic authentication.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43873 βΌ
π Read
via "National Vulnerability Database".
An authenticated user can exploit a vulnerability in the IBM Spectrum Virtualize 8.2, 8.3, 8.4, and 8.5 GUI to execute code and escalate their privilege on the system. IBM X-Force ID: 239847.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23039 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel through 6.2.0-rc2. drivers/tty/vcc.c has a race condition and resultant use-after-free if a physically proximate attacker removes a VCC device while calling open(), aka a race condition between vcc_open() and vcc_remove().π Read
via "National Vulnerability Database".
βΌ CVE-2022-41567 βΌ
π Read
via "National Vulnerability Database".
The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO BusinessConnect contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a cross-site scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect: versions 7.3.0 and below.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0960 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SeaCMS 11.6 and classified as problematic. Affected by this issue is some unknown functionality of the file /data/config.ftp.php of the component Picture Management. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-221630 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41565 βΌ
π Read
via "National Vulnerability Database".
The Web Application component of TIBCO Software Inc.'s TIBCO EBX and TIBCO Product and Service Catalog powered by TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a stored XSS on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.9.21 and below, versions 6.0.11 and below and TIBCO Product and Service Catalog powered by TIBCO EBX: versions 1.2.0 and below.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26214 βΌ
π Read
via "National Vulnerability Database".
The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO BusinessConnect contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect: versions 7.3.0 and below.π Read
via "National Vulnerability Database".