βΌ CVE-2023-28848 βΌ
π Read
via "National Vulnerability Database".
user_oidc is the OIDC connect user backend for Nextcloud, an open source collaboration platform. A vulnerability in versions 1.0.0 until 1.3.0 effectively allowed an attacker to bypass the state protection as they could just copy the expected state token from the first request to their second request. Users should upgrade user_oidc to 1.3.0 to receive a patch for the issue. No known workarounds are available.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29000 βΌ
π Read
via "National Vulnerability Database".
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.7.0, by trusting that the server will return a certificate that belongs to the keypair of the user, a malicious server could get the desktop client to encrypt files with a key known to the attacker. This issue is fixed in Nextcloud Desktop 3.7.0. No known workarounds are available.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2020-20914 βΌ
π Read
via "National Vulnerability Database".
SQL Injection vulnerability found in San Luan PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via the sql parameter.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-27768 βΌ
π Read
via "National Vulnerability Database".
An issue found in Wondershare Technology Co.,Ltd PDFelement v9.1.1 allows a remote attacker to execute arbitrary commands via the pdfelement-pro_setup_full5239.exe file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27766 βΌ
π Read
via "National Vulnerability Database".
An issue found in Wondershare Technology Co.,Ltd Anireel 1.5.4 allows a remote attacker to execute arbitrary commands via the anireel_setup_full9589.exe file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27762 βΌ
π Read
via "National Vulnerability Database".
An issue found in Wondershare Technology Co., Ltd DemoCreator v.6.0.0 allows a remote attacker to execute arbitrary commands via the democreator_setup_full7743.exe file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27769 βΌ
π Read
via "National Vulnerability Database".
An issue found in Wondershare Technology Co.,Ltd PDF Reader v.1.0.1 allows a remote attacker to execute arbitrary commands via the pdfreader_setup_full13143.exe file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27771 βΌ
π Read
via "National Vulnerability Database".
An issue found in Wondershare Technology Co.,Ltd Creative Centerr v.1.0.8 allows a remote attacker to execute arbitrary commands via the wondershareCC_setup_full10819.exe file.π Read
via "National Vulnerability Database".
β Researchers claim they can bypass Wi-Fi encryption (briefly, at least) β
π Read
via "Naked Security".
They can't read much of your data, but even a few stray network packets could tell them something they're not supposed to know.π Read
via "Naked Security".
Naked Security
Researchers claim they can bypass Wi-Fi encryption (briefly, at least)
They canβt read much of your data, but even a few stray network packets could tell them something theyβre not supposed to know.
π΄ What RASP Should Have Been π΄
π Read
via "Dark Reading".
When runtime application self-protection is held to a higher standard, it can secure thousands of applications and prevent burnout in security teams.π Read
via "Dark Reading".
Dark Reading
What RASP Should Have Been
When runtime application self-protection is held to a higher standard, it can secure thousands of applications and prevent burnout in security teams.
β Einstein tilings β the amazing βHatβ shape that never repeats! β
π Read
via "Naked Security".
Imagine tiling a whole football field using a single shape... yet not being able to produce a repeating pattern, even if you wanted to.π Read
via "Naked Security".
Naked Security
Einstein tilings β the amazing βHatβ shape that never repeats!
Imagine tiling a whole football field using a single shape⦠yet not being able to produce a repeating pattern, even if you wanted to.
π΄ 15M+ Services & Apps Remain Sitting Ducks for Known Exploits π΄
π Read
via "Dark Reading".
Scans of the Internet find that millions of computers, virtual machines, and containers are vulnerable to one or more of the hundreds of cyberattacks currently used in the wild, despite being patchable.π Read
via "Dark Reading".
Dark Reading
15M+ Services & Apps Remain Sitting Ducks for Known Exploits
Scans of the Internet find that millions of computers, virtual machines, and containers are vulnerable to one or more of the hundreds of cyberattacks currently used in the wild, despite being patchable.
βΌ CVE-2023-1752 βΌ
π Read
via "National Vulnerability Database".
The listed versions of Nexx Smart Home devices could allow any user to register an already registered alarm or associated device with only the deviceΓ’β¬β’s MAC address.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48227 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Acuant AsureID Sentinel before 5.2.149. It allows elevation of privileges because it opens Notepad after the installation of AssureID, Identify x64, and Identify x86, aka CORE-7361.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1749 βΌ
π Read
via "National Vulnerability Database".
The listed versions of Nexx Smart Home devices lack proper access control when executing actions. An attacker with a valid NexxHome deviceId could send API requests that the affected devices would execute.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1748 βΌ
π Read
via "National Vulnerability Database".
The listed versions of Nexx Smart Home devices use hard-coded credentials. An attacker with unauthenticated access to the Nexx Home mobile application or the affected firmware could view the credentials and access the MQ Telemetry Server (MQTT) server and the ability to remotely control garage doors or smart plugs for any customer.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1750 βΌ
π Read
via "National Vulnerability Database".
The listed versions of Nexx Smart Home devices lack proper access control when executing actions. An attacker with a valid NexxHome deviceId could retrieve device history, set device settings, and retrieve device information.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27487 βΌ
π Read
via "National Vulnerability Database".
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the client may bypass JSON Web Token (JWT) checks and forge fake original paths. The header `x-envoy-original-path` should be an internal header, but Envoy does not remove this header from the request at the beginning of request processing when it is sent from an untrusted client. The faked header would then be used for trace logs and grpc logs, as well as used in the URL used for `jwt_authn` checks if the `jwt_authn` filter is used, and any other upstream use of the x-envoy-original-path header. Attackers may forge a trusted `x-envoy-original-path` header. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 have patches for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28613 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Samsung Exynos Mobile Processor and Baseband Modem Processor for Exynos 1280, Exynos 2200, and Exynos Modem 5300. An integer overflow in IPv4 fragment handling can occur due to insufficient parameter validation when reassembling these fragments.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1751 βΌ
π Read
via "National Vulnerability Database".
The listed versions of Nexx Smart Home devices use a WebSocket server that does not validate if the bearer token in the Authorization header belongs to the device attempting to associate. This could allow any authorized user to receive alarm information and signals meant for other devices which leak a deviceId.π Read
via "National Vulnerability Database".
π΄ Mysterious 'Rorschach' Ransomware Doubles Known Encryption Speeds π΄
π Read
via "Dark Reading".
The malware is one of the most sophisticated ransomwares ever seen in the wild, and marks a leap ahead for cybercrime.π Read
via "Dark Reading".
Dark Reading
Mysterious 'Rorschach' Ransomware Doubles Known Encryption Speeds
The malware is one of the most sophisticated ransomwares ever seen in the wild, and marks a leap ahead for cybercrime.