βΌ CVE-2023-27585 βΌ
π Read
via "National Vulnerability Database".
PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.13 and prior affects applications that use PJSIP DNS resolver. It doesn't affect PJSIP users who do not utilise PJSIP DNS resolver. This vulnerability is related to CVE-2022-24793. A patch is available as commit `d1c5e4d` in the `master` branch. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver implementation instead.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23419 βΌ
π Read
via "National Vulnerability Database".
Windows Resilient File System (ReFS) Elevation of Privilege Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-25206 βΌ
π Read
via "National Vulnerability Database".
PrestaShop ws_productreviews < 3.6.2 is vulnerable to SQL Injection.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24909 βΌ
π Read
via "National Vulnerability Database".
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-24930 βΌ
π Read
via "National Vulnerability Database".
Microsoft OneDrive for MacOS Elevation of Privilege Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-24923 βΌ
π Read
via "National Vulnerability Database".
Microsoft OneDrive for Android Information Disclosure Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-27070 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24919 βΌ
π Read
via "National Vulnerability Database".
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilityπ Read
via "National Vulnerability Database".
π’ MI5 to establish new security agency to counter Chinese hacking, espionage π’
π Read
via "ITPro".
The new organisation has been compared to GCHQβs NCSC, and will provide companies advice on how to deal with Chinese companies or carry out business in Chinaπ Read
via "ITPro".
ITPro
MI5 to establish new security agency to counter Chinese hacking, espionage
The new organisation has been compared to GCHQβs NCSC, and will provide companies advice on how to deal with Chinese companies or carry out business in China
βΌ CVE-2023-28144 βΌ
π Read
via "National Vulnerability Database".
KDAB Hotspot 1.3.x and 1.4.x through 1.4.1, in a non-default configuration, allows privilege escalation because of race conditions involving symlinks and elevate_perf_privileges.sh chown calls.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27589 βΌ
π Read
via "National Vulnerability Database".
Minio is a Multi-Cloud Object Storage framework. Starting with RELEASE.2020-12-23T02-24-12Z and prior to RELEASE.2023-03-13T19-46-17Z, a user with `consoleAdmin` permissions can potentially create a user that matches the root credential `accessKey`. Once this user is created successfully, the root credential ceases to work appropriately. The issue is patched in RELEASE.2023-03-13T19-46-17Z. There are ways to work around this via adding higher privileges to the disabled root user via `mc admin policy set`.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28339 βΌ
π Read
via "National Vulnerability Database".
OpenDoas through 6.8.2, when TIOCSTI is available, allows privilege escalation because of sharing a terminal with the original session. NOTE: TIOCSTI is unavailable in OpenBSD 6.0 and later, and can be made unavailable in the Linux kernel 6.2 and later.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27588 βΌ
π Read
via "National Vulnerability Database".
Hasura is an open-source product that provides users GraphQL or REST APIs. A path traversal vulnerability has been discovered within Hasura GraphQL Engine prior to versions 1.3.4, 2.55.1, 2.20.1, and 2.21.0-beta1. Projects running on Hasura Cloud were not vulnerable. Self-hosted Hasura Projects with deployments that are publicly exposed and not protected by a WAF or other HTTP protection layer should be upgraded to version 1.3.4, 2.55.1, 2.20.1, or 2.21.0-beta1 to receive a patch.π Read
via "National Vulnerability Database".
π΄ LockBit Threatens to Leak Stolen SpaceX Schematics π΄
π Read
via "Dark Reading".
The ransomware group sent a message directly to Elon Musk: Pay or the confidential SpaceX information goes up for grabs on the Dark Web.π Read
via "Dark Reading".
Dark Reading
LockBit Threatens to Leak Stolen SpaceX Schematics
The ransomware group sent a message directly to Elon Musk: Pay or the confidential SpaceX information goes up for grabs on the Dark Web.
π’ 17 Windows 10 problems and how to fix them π’
π Read
via "ITPro".
Tips and tricks to help you solve the most common Windows 10 problems, whether that's freeing up storage or handling safe modeπ Read
via "ITPro".
ITPro
17 common Windows 10 problems and how to fix them
Tips and tricks to help you solve the most common Windows 10 problems, whether that's freeing up storage or handling safe mode
π΄ Samsung Next Invests in Mitiga, Brings Total Funding to $45M π΄
π Read
via "Dark Reading".
Financing will help support increasing customer demand while continuing to transform incident response for cloud and SaaS environmentsπ Read
via "Dark Reading".
Dark Reading
Samsung Next Invests in Mitiga, Brings Total Funding to $45M
Financing will help support increasing customer demand while continuing to transform incident response for cloud and SaaS environments
π΄ Microsoft Zero-Day Bugs Allow Security Feature Bypass π΄
π Read
via "Dark Reading".
Security vendors urge organizations to fix the actively exploited bugs, in Microsoft Outlook and the Mark of the Web feature, immediately.π Read
via "Dark Reading".
Dark Reading
Microsoft Zero-Day Bugs Allow Security Feature Bypass
Security vendors urge organizations to fix the actively exploited bugs, in Microsoft Outlook and the Mark of the Web feature, immediately.
π΄ Camozzi Group and Radiflow Announce Collaboration on Industrial Systems Cybersecurity π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Camozzi Group and Radiflow Announce Collaboration on Industrial Systems Cybersecurity
Brescia, Istanbul, Tel Aviv, March 14th, 2023 β Camozzi Group, a leading provider of Industrial Automation solutions, and Radiflow, part of Sabanci Holding and a global player in Industrial Cybersecurity and Operational Technology (OT), have announced a collaborationβ¦
βΌ CVE-2023-28343 βΌ
π Read
via "National Vulnerability Database".
OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/set_timezone timezone parameter, because of set_timezone in models/management_model.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26262 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Sitecore XP/XM 10.3. As an authenticated Sitecore user, a unrestricted language file upload vulnerability exists the can lead to direct code execution on the content management (CM) server.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27590 βΌ
π Read
via "National Vulnerability Database".
Rizin is a UNIX-like reverse engineering framework and command-line toolset. In version 0.5.1 and prior, converting a GDB registers profile file into a Rizin register profile can result in a stack-based buffer overflow when the `name`, `type`, or `groups` fields have longer values than expected. Users opening untrusted GDB registers files (e.g. with the `drpg` or `arpg` commands) are affected by this flaw. Commit d6196703d89c84467b600ba2692534579dc25ed4 contains a patch for this issue. As a workaround, review the GDB register profiles before loading them with `drpg`/`arpg` commands.π Read
via "National Vulnerability Database".