‼ CVE-2023-29137 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. The UserImpactHandler for GrowthExperiments inadvertently returns the timezone preference for arbitrary users, which can be used to de-anonymize users.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27159 ‼
📖 Read
via "National Vulnerability Database".
Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26925 ‼
📖 Read
via "National Vulnerability Database".
An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-882 1.30. A specially crafted network request can lead to the disclosure of sensitive information.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29141 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29139 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. When a user with checkuserlog permissions makes many CheckUserLog API requests in some configurations, denial of service can occur (RequestTimeoutException or upstream request timeout).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23594 ‼
📖 Read
via "National Vulnerability Database".
An authentication bypass vulnerability in the web client interface for the CL4NX printer before firmware version 1.13.3-u724_r2 provides remote unauthenticated attackers with access to execute commands intended only for valid/authenticated users, such as file uploads and configuration changes.📖 Read
via "National Vulnerability Database".
🕴 Pro-Islam 'Anonymous Sudan' Hacktivists Likely a Front for Russia's Killnet Operation 🕴
📖 Read
via "Dark Reading".
"Anonymous Sudan" has been claiming that its DDoS attacks are in retaliation for anti-Islamic activities, but at least one security vendor is suspicious about its true motives.📖 Read
via "Dark Reading".
Dark Reading
Pro-Islam 'Anonymous Sudan' Hacktivists Likely a Front for Russia's Killnet Operation
"Anonymous Sudan" has been claiming that its DDoS attacks are in retaliation for anti-Islamic activities, but at least one security vendor is suspicious about its true motives.
🕴 Mimecast Report Reveals Nearly 60% of Companies in UAE and Saudi Arabia Need to Increase Cybersecurity Spending 🕴
📖 Read
via "Dark Reading".
The State of Email Security Report reveals cyber risk commands the C-suite's focus.📖 Read
via "Dark Reading".
Dark Reading
Mimecast Report Reveals Nearly 60% of Companies in UAE and Saudi Arabia Need to Increase Cybersecurity Spending
The State of Email Security Report reveals cyber risk commands the C-suite's focus.
🕴 Elastic Expands Cloud Security Capabilities for AWS 🕴
📖 Read
via "Dark Reading".
Launching CSPM, container workload security, and cloud vulnerability management to modernize cloud security operations.📖 Read
via "Dark Reading".
Dark Reading
Elastic Expands Cloud Security Capabilities for AWS
Launching CSPM, container workload security, and cloud vulnerability management to modernize cloud security operations.
🕴 The FDA's Medical Device Cybersecurity Overhaul Has Real Teeth, Experts Say 🕴
📖 Read
via "Dark Reading".
The physical and cyber safety issues surrounding medical devices like IV pumps is finally being meaningfully addressed by a new policy taking effect this week.📖 Read
via "Dark Reading".
Dark Reading
The FDA's Medical Device Cybersecurity Overhaul Has Real Teeth, Experts Say
The physical and cyber safety issues surrounding medical devices like IV pumps is finally being meaningfully addressed by a new policy taking effect this week.
‼ CVE-2023-26858 ‼
📖 Read
via "National Vulnerability Database".
SQL injection vulnerability found in PrestaSHp faqs v.3.1.6 allows a remote attacker to escalate privileges via the faqsBudgetModuleFrontController::displayAjaxGenerateBudget component.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1785 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Earnings and Expense Tracker App 1.0. It has been classified as critical. Affected is an unknown function of the file manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-224700.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27162 ‼
📖 Read
via "National Vulnerability Database".
openapi-generator up to v6.4.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/gen/clients/{language}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4899 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27163 ‼
📖 Read
via "National Vulnerability Database".
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1784 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in jeecg-boot 3.5.0 and classified as critical. This issue affects some unknown processing of the component API Documentation. The manipulation leads to improper authentication. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224699.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0208 ‼
📖 Read
via "National Vulnerability Database".
NVIDIA DCGM for Linux contains a vulnerability in HostEngine (server component) where a user may cause a heap-based buffer overflow through the bound socket. A successful exploit of this vulnerability may lead to denial of service and data tampering.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1789 ‼
📖 Read
via "National Vulnerability Database".
Improper Input Validation in GitHub repository firefly-iii/firefly-iii prior to 6.0.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0189 ‼
📖 Read
via "National Vulnerability Database".
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0195 ‼
📖 Read
via "National Vulnerability Database".
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer driver nvlddmkm.sys, where an can cause CWE-1284, which may lead to hypothetical Information leak of unimportant data such as local variable data of the driver📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0188 ‼
📖 Read
via "National Vulnerability Database".
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged user can cause improper restriction of operations within the bounds of a memory buffer cause an out-of-bounds read, which may lead to denial of service.📖 Read
via "National Vulnerability Database".