βΌ CVE-2023-24253 βΌ
π Read
via "National Vulnerability Database".
Domotica Labs srl Ikon Server before v2.8.6 was discovered to contain a SQL injection vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23524 βΌ
π Read
via "National Vulnerability Database".
A denial-of-service issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1, tvOS 16.3.2, watchOS 9.3.1. Processing a maliciously crafted certificate may lead to a denial-of-service.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23530 βΌ
π Read
via "National Vulnerability Database".
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23529 βΌ
π Read
via "National Vulnerability Database".
A type confusion issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..π Read
via "National Vulnerability Database".
βΌ CVE-2023-23531 βΌ
π Read
via "National Vulnerability Database".
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23520 βΌ
π Read
via "National Vulnerability Database".
A race condition was addressed with additional validation. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may be able to read arbitrary files as root.π Read
via "National Vulnerability Database".
π΄ Wiz Reaches $10B Valuation With Consolidated Cloud Security Platform π΄
π Read
via "Dark Reading".
Cloud security vendor Wiz has raised $900 million since its founding in 2020.π Read
via "Dark Reading".
Dark Reading
Wiz Reaches $10B Valuation With Consolidated Cloud Security Platform
Cloud security vendor Wiz has raised $900 million since its founding in 2020.
π΄ Attackers Were on Network for 2 Years, News Corp Says π΄
π Read
via "Dark Reading".
The publisher of the Wall Street Journal, New York Post, and several other publications had last year disclosed a breach it said was the work of a state-backed actor likely working for China.π Read
via "Dark Reading".
Dark Reading
Attackers Were on Network for 2 Years, News Corp Says
The publisher of the Wall Street Journal, New York Post, and several other publications had last year disclosed a breach it said was the work of a state-backed actor likely working for China.
βΌ CVE-2023-26041 βΌ
π Read
via "National Vulnerability Database".
Nextcloud Talk is a fully on-premises audio/video and chat communication service. When cron jobs were misconfigured and therefore messages are not expired, the API would still return them while they were then hidden by the frontend code. It is recommended that the Nextcloud Talk is upgraded to 15.0.3. There are no workaround available.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26043 βΌ
π Read
via "National Vulnerability Database".
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity (XXE) injection in the style upload functionality of GeoServer leading to Arbitrary File Read. This issue has been patched in version 4.0.3.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24258 βΌ
π Read
via "National Vulnerability Database".
SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter. This vulnerability allows attackers to execute arbitrary code via a crafted POST request.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1055 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the cockpit-389-ds is running can list the processes and display the hashed passwords. The highest threat from this vulnerability is to data confidentiality.π Read
via "National Vulnerability Database".
βΌ CVE-2015-10086 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in OpenCycleCompass server-php. Affected is an unknown function of the file api1/login.php. The manipulation of the argument user leads to sql injection. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is fa0d9bcf81c711a88172ad0d37a842f029ac3782. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-221808.π Read
via "National Vulnerability Database".
β Beware rogue 2FA apps in App Store and Google Play β donβt get hacked! β
π Read
via "Naked Security".
Even in Apple's and Google's "walled gardens", there are plenty of 2FA apps that are either dangerously incompetent, or unrepentantly malicious. (Or perhaps both.)π Read
via "Naked Security".
Naked Security
Beware rogue 2FA apps in App Store and Google Play β donβt get hacked!
Even in Appleβs and Googleβs βwalled gardensβ, there are plenty of 2FA apps that are either dangerously incompetent, or unrepentantly malicious. (Or perhaps both.)
β Dutch police arrest three cyberextortion suspects who allegedly earned millions β
π Read
via "Naked Security".
Ever paid hush money to crooks who broke into your network? Wondered how much you can trust them?π Read
via "Naked Security".
Naked Security
Dutch police arrest three cyberextortion suspects who allegedly earned millions
Ever paid hush money to crooks who broke into your network? Wondered how much you can trust them?
π1
β LastPass: The crooks used a keylogger to crack a corporatre password vault β
π Read
via "Naked Security".
Seems the crooks implanted a keylogger via a vulnerable media app (LastPass politely didn't say which one!) on a developer's home computer.π Read
via "Naked Security".
Naked Security
LastPass: Keylogger on home PC led to cracked corporate password vault
Seems the crooks implanted a keylogger via a vulnerable media app (LastPass politely didnβt say which one!) on a developerβs home computer.
βΌ CVE-2023-22995 βΌ
π Read
via "National Vulnerability Database".
In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and kfree calls.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3884 βΌ
π Read
via "National Vulnerability Database".
Incorrect Default Permissions vulnerability in Hitachi Ops Center Analyzer on Windows (Hitachi Ops Center Analyzer RAID Agent component) allows local users to read and write specific files.This issue affects Hitachi Ops Center Analyzer: from 10.9.0-00 before 10.9.0-01.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22283 βΌ
π Read
via "National Vulnerability Database".
Improper Initialization vulnerability in ABB Relion protection relays - 611 series, ABB Relion protection relays - 615 series IEC 4.0 FP1, ABB Relion protection relays - 615 series CN 4.0 FP1, ABB Relion protection relays - 615 series IEC 5.0, ABB Relion protection relays - 615 series IEC 5.0 FP1, ABB Relion protection relays - 620 series IEC/CN 2.0, ABB Relion protection relays - 620 series IEC/CN 2.0 FP1, ABB Relion protection relays - REX640 PCL1, ABB Relion protection relays - REX640 PCL2, ABB Relion protection relays - REX640 PCL3, ABB Relion protection relays - RER615, ABB Remote Monitoring and Control - REC615, ABB Merging Unit- SMU615 allows Communication Channel Manipulation.This issue affects Relion protection relays - 611 series: from 1.0.0 before 2.0.3; Relion protection relays - 615 series IEC 4.0 FP1: from 4.1.0 before 4.1.9; Relion protection relays - 615 series CN 4.0 FP1: from 4.1.0 before 4.1.8; Relion protection relays - 615 series IEC 5.0: from 5.0.0 before 5.0.12; Relion protection relays - 615 series IEC 5.0 FP1: from 5.1.0 before 5.1.20; Relion protection relays - 620 series IEC/CN 2.0: from 2.0.0 before 2.0.11; Relion protection relays - 620 series IEC/CN 2.0 FP1: from 2.1.0 before 2.1.15; Relion protection relays - REX640 PCL1: from 1.0.0 before 1.0.8; Relion protection relays - REX640 PCL2: from 1.1.0 before 1.1.4; Relion protection relays - REX640 PCL3: from 1.2.0 before 1.2.1; Relion protection relays - RER615: from 2.0.0 before 2.0.3; Remote Monitoring and Control - REC615: from 1.0.0 before 2.0.3; Merging Unit- SMU615: from 1.0.0 before 1.0.2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4895 βΌ
π Read
via "National Vulnerability Database".
Improper Certificate Validation vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component) allows Man in the Middle Attack.This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.1-00.π Read
via "National Vulnerability Database".