โผ CVE-2022-4645 โผ
๐ Read
via "National Vulnerability Database".
LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-20062 โผ
๐ Read
via "National Vulnerability Database".
Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. Cisco plans to release software updates that address these vulnerabilities.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-47664 โผ
๐ Read
via "National Vulnerability Database".
Libde265 1.0.9 is vulnerable to Buffer Overflow in ff_hevc_put_hevc_qpel_pixels_8_sse๐ Read
via "National Vulnerability Database".
๐ด 3 Ways Security Teams Can Use IP Data Context ๐ด
๐ Read
via "Dark Reading".
Innocently or not, residential proxy networks can obscure the actual geolocation of an access point. Here's why that's not great and what you can do about it.๐ Read
via "Dark Reading".
Dark Reading
3 Ways Security Teams Can Use IP Data Context
Innocently or not, residential proxy networks can obscure the actual geolocation of an access point. Here's why that's not great and what you can do about it.
๐1
โ Feds warn about right Royal ransomware rampage that runs the gamut of TTPs โ
๐ Read
via "Naked Security".
Wondering which cybercrime tools, techniques and procedures to focus on? How about any and all of them?๐ Read
via "Naked Security".
๐ด Polish Politician's Phone Patrolled by Pegasus ๐ด
๐ Read
via "Dark Reading".
A mayor backing Polish opposition elections in parliament has been targeted by special services with Pegasus spyware.๐ Read
via "Dark Reading".
Dark Reading
Polish Politician's Phone Patrolled by Pegasus
A mayor backing Polish opposition elections in parliament has been targeted by special services with Pegasus spyware.
๐ด Indigo Books Refuses LockBit Ransomware Demand ๐ด
๐ Read
via "Dark Reading".
Canada's largest bookseller rejected the pressure of the ransomware gang's countdown timer, despite data threats.๐ Read
via "Dark Reading".
Dark Reading
Indigo Books Refuses LockBit Ransomware Demand
Canada's largest bookseller rejected the pressure of the ransomware gang's countdown timer, despite data threats.
๐ด EV Charging Infrastructure Offers an Electric Cyberattack Opportunity ๐ด
๐ Read
via "Dark Reading".
Attackers have already targeted electric vehicle (EV) charging stations, and experts are calling for cybersecurity standards to protect this necessary component of the electrified future.๐ Read
via "Dark Reading".
Dark Reading
EV Charging Infrastructure Offers an Electric Cyberattack Opportunity
Attackers have already targeted electric vehicle (EV) charging stations, and experts are calling for cybersecurity standards to protect this necessary component of the electrified future.
โผ CVE-2023-27561 โผ
๐ Read
via "National Vulnerability Database".
runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.๐ Read
via "National Vulnerability Database".
๐1
โผ CVE-2023-24643 โผ
๐ Read
via "National Vulnerability Database".
Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateBlankTxtview.php.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-27566 โผ
๐ Read
via "National Vulnerability Database".
Cubism Core in Live2D Cubism Editor 4.2.03 allows out-of-bounds write via a crafted Section Offset Table or Count Info Table in an MOC3 file.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-24641 โผ
๐ Read
via "National Vulnerability Database".
Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateview.php.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-24642 โผ
๐ Read
via "National Vulnerability Database".
Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateTxtview.php.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-26492 โผ
๐ Read
via "National Vulnerability Database".
Directus is a real-time API and App dashboard for managing SQL database content. Directus is vulnerable to Server-Side Request Forgery (SSRF) when importing a file from a remote web server (POST to `/files/import`). An attacker can bypass the security controls by performing a DNS rebinding attack and view sensitive data from internal servers or perform a local port scan. An attacker can exploit this vulnerability to access highly sensitive internal server(s) and steal sensitive information. This issue was fixed in version 9.23.0.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-46973 โผ
๐ Read
via "National Vulnerability Database".
Report v0.9.8.6 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-23927 โผ
๐ Read
via "National Vulnerability Database".
Craft is a platform for creating digital experiences. When you insert a payload inside a label name or instruction of an entry type, an cross-site scripting (XSS) happens in the quick post widget on the admin dashboard. This issue has been fixed in version 4.3.7.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-27567 โผ
๐ Read
via "National Vulnerability Database".
In OpenBSD 7.2, a TCP packet with destination port 0 that matches a pf divert-to rule can crash the kernel.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-0968 โผ
๐ Read
via "National Vulnerability Database".
The Watu Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the รขโฌหdnรขโฌโข, 'email', 'points', and 'date' parameters in versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-26488 โผ
๐ Read
via "National Vulnerability Database".
OpenZeppelin Contracts is a library for secure smart contract development. The ERC721Consecutive contract designed for minting NFTs in batches does not update balances when a batch has size 1 and consists of a single token. Subsequent transfers from the receiver of that token may overflow the balance as reported by `balanceOf`. The issue exclusively presents with batches of size 1. The issue has been patched in 4.8.2.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-27574 โผ
๐ Read
via "National Vulnerability Database".
ShadowsocksX-NG 1.10.0 signs with com.apple.security.get-task-allow entitlements because of CODE_SIGNING_INJECT_BASE_ENTITLEMENTS.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-23313 โผ
๐ Read
via "National Vulnerability Database".
Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865 and Vigor2866 v4.4.1.0; Vigor2927 v4.4.2.2; and Vigor2915, Vigor2765, Vigor2766, Vigor2135 v4.4.2.0; Vigor2763 v4.4.2.1; Vigor2862 and Vigor2926 v3.9.9.0; Vigor2925 v3.9.3; Vigor2952 and Vigor3220 v3.9.7.3; Vigor2133 and Vigor2762 v3.9.6.4; and Vigor2832 v3.9.6.2.๐ Read
via "National Vulnerability Database".
๐ฅ1