‼ CVE-2023-20079 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-47665 ‼
📖 Read
via "National Vulnerability Database".
Libde265 1.0.9 has a heap buffer overflow vulnerability in de265_image::set_SliceAddrRS(int, int, int)📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26604 ‼
📖 Read
via "National Vulnerability Database".
systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-20104 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the file upload functionality of Cisco Webex App for Web could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending an arbitrary file to a user and persuading that user to browse to a specific URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-20088 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the nginx configurations that are provided as part of the VPN-less reverse proxy for Cisco Finesse could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition for new and existing users who are connected through a load balancer. This vulnerability is due to improper IP address filtering by the reverse proxy. An attacker could exploit this vulnerability by sending a series of unauthenticated requests to the reverse proxy. A successful exploit could allow the attacker to cause all current traffic and subsequent requests to the reverse proxy through a load balancer to be dropped, resulting in a DoS condition.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2837 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains (TLD) to a pod they control by creating projects and namespaces that match the TLD.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2023-20078 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-20061 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. Cisco plans to release software updates that address these vulnerabilities.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41862 ‼
📖 Read
via "National Vulnerability Database".
In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2835 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in coreDNS. This flaw allows a malicious user to reroute internal calls to some internal services that were accessed by the FQDN in a format of <service>.<namespace>.svc.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45988 ‼
📖 Read
via "National Vulnerability Database".
starsoftcomm CooCare 5.304 allows local attackers to escalate privileges and execute arbitrary commands via a crafted file upload.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4645 ‼
📖 Read
via "National Vulnerability Database".
LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-20062 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. Cisco plans to release software updates that address these vulnerabilities.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-47664 ‼
📖 Read
via "National Vulnerability Database".
Libde265 1.0.9 is vulnerable to Buffer Overflow in ff_hevc_put_hevc_qpel_pixels_8_sse📖 Read
via "National Vulnerability Database".
🕴 3 Ways Security Teams Can Use IP Data Context 🕴
📖 Read
via "Dark Reading".
Innocently or not, residential proxy networks can obscure the actual geolocation of an access point. Here's why that's not great and what you can do about it.📖 Read
via "Dark Reading".
Dark Reading
3 Ways Security Teams Can Use IP Data Context
Innocently or not, residential proxy networks can obscure the actual geolocation of an access point. Here's why that's not great and what you can do about it.
👍1
⚠ Feds warn about right Royal ransomware rampage that runs the gamut of TTPs ⚠
📖 Read
via "Naked Security".
Wondering which cybercrime tools, techniques and procedures to focus on? How about any and all of them?📖 Read
via "Naked Security".
🕴 Polish Politician's Phone Patrolled by Pegasus 🕴
📖 Read
via "Dark Reading".
A mayor backing Polish opposition elections in parliament has been targeted by special services with Pegasus spyware.📖 Read
via "Dark Reading".
Dark Reading
Polish Politician's Phone Patrolled by Pegasus
A mayor backing Polish opposition elections in parliament has been targeted by special services with Pegasus spyware.
🕴 Indigo Books Refuses LockBit Ransomware Demand 🕴
📖 Read
via "Dark Reading".
Canada's largest bookseller rejected the pressure of the ransomware gang's countdown timer, despite data threats.📖 Read
via "Dark Reading".
Dark Reading
Indigo Books Refuses LockBit Ransomware Demand
Canada's largest bookseller rejected the pressure of the ransomware gang's countdown timer, despite data threats.
🕴 EV Charging Infrastructure Offers an Electric Cyberattack Opportunity 🕴
📖 Read
via "Dark Reading".
Attackers have already targeted electric vehicle (EV) charging stations, and experts are calling for cybersecurity standards to protect this necessary component of the electrified future.📖 Read
via "Dark Reading".
Dark Reading
EV Charging Infrastructure Offers an Electric Cyberattack Opportunity
Attackers have already targeted electric vehicle (EV) charging stations, and experts are calling for cybersecurity standards to protect this necessary component of the electrified future.
‼ CVE-2023-27561 ‼
📖 Read
via "National Vulnerability Database".
runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2023-24643 ‼
📖 Read
via "National Vulnerability Database".
Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateBlankTxtview.php.📖 Read
via "National Vulnerability Database".