βΌ CVE-2023-0044 βΌ
π Read
via "National Vulnerability Database".
If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23915 βΌ
π Read
via "National Vulnerability Database".
A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. This HSTS mechanism would however surprisingly fail when multiple transfers are done in parallel as the HSTS cache file gets overwritten by the most recentlycompleted transfer. A later HTTP-only transfer to the earlier host name would then *not* get upgraded properly to HSTS.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23917 βΌ
π Read
via "National Vulnerability Database".
A prototype pollution vulnerability exists in Rocket.Chat server <5.2.0 that could allow an attacker to a RCE under the admin account. Any user can create their own server in your cloud and become an admin so this vulnerability could affect the cloud infrastructure. This attack vector also may increase the impact of XSS to RCE which is dangerous for self-hosted users as well.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26325 βΌ
π Read
via "National Vulnerability Database".
The 'rx_export_review' action in the ReviewX WordPress Plugin version < 1.6.4, is affected by an authenticated SQL injection vulnerability in the 'filterValue' and 'selectedColumns' parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23916 βΌ
π Read
via "National Vulnerability Database".
An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this "decompression chain" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a "malloc bomb", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24317 βΌ
π Read
via "National Vulnerability Database".
Judging Management System 1.0 was discovered to contain an arbitrary file upload vulnerability via the component edit_organizer.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4492 βΌ
π Read
via "National Vulnerability Database".
The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26326 βΌ
π Read
via "National Vulnerability Database".
The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated insecure deserialization issue. An unauthenticated attacker could leverage this issue to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46786 βΌ
π Read
via "National Vulnerability Database".
SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows XSS (issue 2 of 2).π Read
via "National Vulnerability Database".
βΌ CVE-2023-20089 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the Link Layer Discovery Protocol (LLDP) feature for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated, adjacent attacker to cause a memory leak, which could result in an unexpected reload of the device. This vulnerability is due to incorrect error checking when parsing ingress LLDP packets. An attacker could exploit this vulnerability by sending a steady stream of crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause a memory leak, which could result in a denial of service (DoS) condition when the device unexpectedly reloads. Note: This vulnerability cannot be exploited by transit traffic through the device. The crafted LLDP packet must be targeted to a directly connected interface, and the attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). In addition, the attack surface for this vulnerability can be reduced by disabling LLDP on interfaces where it is not required.π Read
via "National Vulnerability Database".
π΄ AUVSI Launches Green UAS Cybersecurity Certification Program For Commercial Drones π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
AUVSI Launches Green UAS Cybersecurity Certification Program For Commercial Drones
ARLINGTON, VA, USA, February 23, 2023 -- Today, AUVSI announced the launch of Green UAS, a new program to expand the number of commercial Uncrewed Aircraft Systems (UAS) that have been verified to meet the highest levels of cybersecurity and National Defenseβ¦
π΄ Student Medical Records Exposed After LAUSD Breach π΄
π Read
via "Dark Reading".
"Hundreds" of special education students' psych records have turned up on the Dark Web. School records like these are covered by FERPA, not HIPAA, so parents have little recourse.π Read
via "Dark Reading".
Dark Reading
Student Medical Records Exposed After LAUSD Breach
"Hundreds" of special education students' psych records have turned up on the Dark Web. School records like these are covered by FERPA, not HIPAA, so parents have little recourse.
π΄ Pirated Final Cut Pro for macOS Offers Stealth Malware Delivery π΄
π Read
via "Dark Reading".
The number of people who have made the weaponized software available for sharing via torrent suggests that many unsuspecting victims may have downloaded the XMRig coin miner.π Read
via "Dark Reading".
Dark Reading
Pirated Final Cut Pro for macOS Offers Stealth Malware Delivery
The number of people who have made the weaponized software available for sharing via torrent suggests that many unsuspecting victims may have downloaded the XMRig coin miner.
βΌ CVE-2022-46785 βΌ
π Read
via "National Vulnerability Database".
SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows XSS (issue 1 of 2).π Read
via "National Vulnerability Database".
βΌ CVE-2022-46784 βΌ
π Read
via "National Vulnerability Database".
SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows open redirection. (The issue was originally found in 5.5.1 GA.)π Read
via "National Vulnerability Database".
βΌ CVE-2023-0755 βΌ
π Read
via "National Vulnerability Database".
The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25823 βΌ
π Read
via "National Vulnerability Database".
Gradio is an open-source Python library to build machine learning and data science demos and web applications. Versions prior to 3.13.1 contain Use of Hard-coded Credentials. When using Gradio's share links (i.e. creating a Gradio app and then setting `share=True`), a private SSH key is sent to any user that connects to the Gradio machine, which means that a user could access other users' shared Gradio demos. From there, other exploits are possible depending on the level of access/exposure the Gradio app provides. This issue is patched in version 3.13.1, however, users are recommended to update to 3.19.1 or later where the FRP solution has been properly tested.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36231 βΌ
π Read
via "National Vulnerability Database".
pdf_info 0.5.3 is vulnerable to Command Execution.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25824 βΌ
π Read
via "National Vulnerability Database".
Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. Versions from 0.9.0 to 0.12.0 (including) did not properly fail blocking read operations on TLS connections when the transport hit timeouts. Instead it entered an endless loop retrying the read operation, consuming CPU resources. This could be exploited for denial of service attacks. If trace level logging was enabled, it would also produce an excessive amount of log output during the loop, consuming disk space. The problem has been fixed in commit d7eec4e598158ab6a98bf505354e84352f9715ec, please update to version 0.12.1. There are no workarounds, users who cannot update should apply the errno fix detailed in the security advisory.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0754 βΌ
π Read
via "National Vulnerability Database".
The affected products are vulnerable to an integer overflow or wraparound, which could allow an attacker to crash the server and remotely execute arbitrary code.π Read
via "National Vulnerability Database".