βΌ CVE-2023-27078 βΌ
π Read
via "National Vulnerability Database".
A command injection issue was found in TP-Link MR3020 v.1_150921 that allows a remote attacker to execute arbitrary commands via a crafted request to the tftp endpoint.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27077 βΌ
π Read
via "National Vulnerability Database".
Stack Overflow vulnerability found in 360 D901 allows a remote attacker to cause a Distributed Denial of Service (DDOS) via a crafted HTTP package.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22702 βΌ
π Read
via "National Vulnerability Database".
Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in WPMobile.App WPMobile.App Γ’β¬β Android and iOS Mobile Application plugin <= 11.13 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47589 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in this.Functional CTT Expresso para WooCommerce plugin <= 3.2.11 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28493 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in TOTOLINK CP900 V6.3c.566 allows attackers to start the Telnet service,π Read
via "National Vulnerability Database".
βΌ CVE-2023-28772 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27135 βΌ
π Read
via "National Vulnerability Database".
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the enabled parameter at /setting/setWanIeCfg.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22715 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Lester 'GaMerZ' Chan WP-CommentNavi plugin <= 1.12.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23650 βΌ
π Read
via "National Vulnerability Database".
Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in MainWP MainWP Code Snippets Extension plugin <= 4.0.2 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27655 βΌ
π Read
via "National Vulnerability Database".
xpdf v4.04 was discovered to contain a stack overflow in the component pdftotext.π Read
via "National Vulnerability Database".
π΄ MITRE Rolls Out Supply Chain Security Prototype π΄
π Read
via "Dark Reading".
Cloud-based System of Trust application now available for test-driving quantitative risk assessment of suppliers of hardware, software, services.π Read
via "Dark Reading".
Dark Reading
MITRE Rolls Out Supply Chain Security Prototype
Cloud-based System of Trust application now available for test-driving quantitative risk assessment of suppliers of hardware, software, services.
π΄ Epidemic of Insecure Storage, Backup Devices Is a Windfall for Cybercriminals π΄
π Read
via "Dark Reading".
Enterprise storage devices have 14 security weaknesses on average, putting them at risk of compromise by cyberattackers and especially ransomware attacks.π Read
via "Dark Reading".
Dark Reading
Epidemic of Insecure Storage, Backup Devices Is a Windfall for Cybercriminals
Enterprise storage devices have 14 security weaknesses on average, putting them at risk of compromise by cyberattackers and especially ransomware attacks.
π΄ The Board of Directors Will See You Now π΄
π Read
via "Dark Reading".
Help the board understand where the business is vulnerable, where controls end, and where exposure begins.π Read
via "Dark Reading".
Dark Reading
The Board of Directors Will See You Now
Help the board understand where the business is vulnerable, where controls end, and where exposure begins.
β S3 Ep127: When you chop someone out of a photo, but there they are anywayβ¦ β
π Read
via "Naked Security".
Listen now - latest episode. Full transcript inside.π Read
via "Naked Security".
Naked Security
S3 Ep127: When you chop someone out of a photo, but there they are anywayβ¦
Listen now β latest episode. Full transcript inside.
βΌ CVE-2023-20055 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the management API of Cisco DNA Center could allow an authenticated, remote attacker to elevate privileges in the context of the web-based management interface on an affected device. This vulnerability is due to the unintended exposure of sensitive information. An attacker could exploit this vulnerability by inspecting the responses from the API. Under certain circumstances, a successful exploit could allow the attacker to access the API with the privileges of a higher-level user account. To successfully exploit this vulnerability, the attacker would need at least valid Observer credentials.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47145 βΌ
π Read
via "National Vulnerability Database".
Reflected Cross-Site Scripting (XSS) vulnerability in Blockonomics WordPress Bitcoin Payments Γ’β¬β Blockonomics plugin <= 3.5.7 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28610 βΌ
π Read
via "National Vulnerability Database".
The update process in OMICRON StationGuard and OMICRON StationScout before 2.21 can be exploited by providing a modified firmware update image. This allows a remote attacker to gain root access to the system.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20097 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in Cisco access points (AP) software could allow an authenticated, local attacker to inject arbitrary commands and execute them with root privileges. This vulnerability is due to improper input validation of commands that are issued from a wireless controller to an AP. An attacker with Administrator access to the CLI of the controller could exploit this vulnerability by issuing a command with crafted arguments. A successful exploit could allow the attacker to gain full root access on the AP.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20072 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the fragmentation handling code of tunnel protocol packets in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected system to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to the improper handling of large fragmented tunnel protocol packets. One example of a tunnel protocol is Generic Routing Encapsulation (GRE). An attacker could exploit this vulnerability by sending crafted fragmented packets to an affected system. A successful exploit could allow the attacker to cause the affected system to reload, resulting in a DoS condition. Note: Only traffic directed to the affected system can be used to exploit this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20065 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the Cisco IOx application hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to insufficient restrictions on the hosted application. An attacker could exploit this vulnerability by logging in to and then escaping the Cisco IOx application container. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20113 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. These actions could include modifying the system configuration and deleting accounts.π Read
via "National Vulnerability Database".