π΄ TSA Issues Urgent Directive to Make Aviation More Cyber Resilient π΄
π Read
via "Dark Reading".
Will stricter cybersecurity requirements make flying safer? The TSA says yes, and sees it as a time-sensitive imperative.π Read
via "Dark Reading".
Dark Reading
TSA Issues Urgent Directive to Make Aviation More Cyber Resilient
Will stricter cybersecurity requirements make flying safer? The TSA says yes, and sees it as a time-sensitive imperative.
π΄ Edgeless Systems Raises $5M to Advance Confidential Computing π΄
π Read
via "Dark Reading".
Confidential computing will revolutionize cloud security in the decade to come and has become a top C-level priority for industry leaders such as Google, Intel and Microsoft. Edgeless Systems is leading these advancements to ensure all data is always encrypted.π Read
via "Dark Reading".
Dark Reading
Edgeless Systems Raises $5M to Advance Confidential Computing
Confidential computing will revolutionize cloud security in the decade to come and has become a top C-level priority for industry leaders such as Google, Intel and Microsoft. Edgeless Systems is leading these advancements to ensure all data is always encrypted.
π΄ Emotet Resurfaces Yet Again After 3-Month Hiatus π΄
π Read
via "Dark Reading".
More than two years after a major takedown by law enforcement, the threat group is once again proving just how impervious it is against disruption attempts.π Read
via "Dark Reading".
Dark Reading
Emotet Resurfaces Yet Again After 3-Month Hiatus
More than two years after a major takedown by law enforcement, the threat group is once again proving just how impervious it is against disruption attempts.
π΄ 'Skinny' Cyber Insurance Policies Create Compliance Path π΄
π Read
via "Dark Reading".
It's getting hard to buy cyber insurance, but not having it is not always an option. Low-coverage plans could bridge the gap.π Read
via "Dark Reading".
Dark Reading
'Skinny' Cyber-Insurance Policies Create Compliance Path
It's getting hard to buy cyber insurance, but not having it is not always an option. Low-coverage plans could bridge the gap.
βΌ CVE-2023-24782 βΌ
π Read
via "National Vulnerability Database".
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/edit.π Read
via "National Vulnerability Database".
π€1
βΌ CVE-2023-1283 βΌ
π Read
via "National Vulnerability Database".
Code Injection in GitHub repository builderio/qwik prior to 0.21.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22891 βΌ
π Read
via "National Vulnerability Database".
There exists a privilege escalation vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by authorized users to reset passwords for other accounts.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22889 βΌ
π Read
via "National Vulnerability Database".
SmartBear Zephyr Enterprise through 7.15.0 mishandles user-defined input during report generation. This could lead to remote code execution by unauthenticated users.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27477 βΌ
π Read
via "National Vulnerability Database".
wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's code generation backend, Cranelift, has a bug on x86_64 platforms for the WebAssembly `i8x16.select` instruction which will produce the wrong results when the same operand is provided to the instruction and some of the selected indices are greater than 16. There is an off-by-one error in the calculation of the mask to the `pshufb` instruction which causes incorrect results to be returned if lanes are selected from the second vector. This codegen bug has been fixed in Wasmtiem 6.0.1, 5.0.1, and 4.0.1. Users are recommended to upgrade to these updated versions. If upgrading is not an option for you at this time, you can avoid this miscompilation by disabling the Wasm simd proposal. Additionally the bug is only present on x86_64 hosts. Other platforms such as AArch64 and s390x are not affected.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33351 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting Vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before and fixed in v.1.3.7 allows attackers to escalte privileges via a crafted payload in the ticket message field.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33353 βΌ
π Read
via "National Vulnerability Database".
Directory Traversal vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via the file attachment directory setting.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33352 βΌ
π Read
via "National Vulnerability Database".
An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via a phar file upload in the ticket message field.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22892 βΌ
π Read
via "National Vulnerability Database".
There exists an information disclosure vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by unauthenticated users to read arbitrary files from Zephyr instances.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24777 βΌ
π Read
via "National Vulnerability Database".
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/list.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24282 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in Poly Trio 8800 7.2.2.1094 allows attackers to execute arbitrary code via a crafted ringtone file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22890 βΌ
π Read
via "National Vulnerability Database".
SmartBear Zephyr Enterprise through 7.15.0 allows unauthenticated users to upload large files, which could exhaust the local drive space, causing a denial of service condition.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4007 βΌ
π Read
via "National Vulnerability Database".
A issue has been discovered in GitLab CE/EE affecting all versions from 15.3 prior to 15.7.8, version 15.8 prior to 15.8.4, and version 15.9 prior to 15.9.2 A cross-site scripting vulnerability was found in the title field of work items that allowed attackers to perform arbitrary actions on behalf of victims at client side.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27974 βΌ
π Read
via "National Vulnerability Database".
** DISPUTED ** Bitwarden through 2023.2.1 offers password auto-fill when the second-level domain matches, e.g., a password stored for an example.com hosting provider when customer-website.example.com is visited. NOTE: the vendor's position is that "Auto-fill on page load" is not enabled by default.π Read
via "National Vulnerability Database".
βΌ CVE-2018-25081 βΌ
π Read
via "National Vulnerability Database".
** DISPUTED ** Bitwarden through 2023.2.1 offers password auto-fill within a cross-domain IFRAME element. NOTE: the vendor's position is that there have been important legitimate cross-domain configurations (e.g., an apple.com IFRAME element on the icloud.com website) and that "Auto-fill on page load" is not enabled by default.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4315 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 2.0 before 3.0.55, which sends custom request headers with every request on the authentication page.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0030 βΌ
π Read
via "National Vulnerability Database".
A use-after-free flaw was found in the Linux kernelΓ’β¬β’s nouveau driver in how a user triggers a memory overflow that causes the nvkm_vma_tail function to fail. This flaw allows a local user to crash or potentially escalate their privileges on the system.π Read
via "National Vulnerability Database".