βΌ CVE-2022-37306 βΌ
π Read
via "National Vulnerability Database".
OX App Suite before 7.10.6-rev30 allows XSS via an upsell trigger.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34125 βΌ
π Read
via "National Vulnerability Database".
front/icon.send.php in the CMDB plugin before 3.0.3 for GLPI allows attackers to gain read access to sensitive information via a _log/ pathname in the file parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28353 βΌ
π Read
via "National Vulnerability Database".
In the External Redirect Warning Plugin 1.3 for MyBB, the redirect URL (aka external.php?url=) is vulnerable to XSS.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33990 βΌ
π Read
via "National Vulnerability Database".
Liferay Portal 6.2.5 allows Command=FileUpload&Type=File&CurrentFolder=/ requests when frmfolders.html exists.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40946 βΌ
π Read
via "National Vulnerability Database".
On D-Link DIR-819 Firmware Version 1.06 Hardware Version A1 devices, it is possible to trigger a Denial of Service via the sys_token parameter in a cgi-bin/webproc?getpage=html/index.html request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38841 βΌ
π Read
via "National Vulnerability Database".
Linksys AX3200 1.1.00 is vulnerable to OS command injection by authenticated users via shell metacharacters to the diagnostics traceroute page.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30772 βΌ
π Read
via "National Vulnerability Database".
The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/power/supply/da9150-charger.c if a physically proximate attacker unplugs a device.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34127 βΌ
π Read
via "National Vulnerability Database".
The Managentities plugin before 4.0.2 for GLPI allows reading local files via directory traversal in the inc/cri.class.php file parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38840 βΌ
π Read
via "National Vulnerability Database".
cgi-bin/xmlstatus.cgi in GΓΒΌralp MAN-EAM-0003 3.2.4 is vulnerable to an XML External Entity (XXE) issue via XML file upload, which leads to local file disclosure.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36520 βΌ
π Read
via "National Vulnerability Database".
A SQL injection vulnerability in I-Tech Trainsmart r1044 exists via a evaluation/assign-evaluation?id= URI.π Read
via "National Vulnerability Database".
βΌ CVE-2019-14942 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Cookies for GitLab Pages (which have access control) could be sent over cleartext HTTP.π Read
via "National Vulnerability Database".
π’ Why Customer Identity? π’
π Read
via "ITPro".
Learn how a renewed focus on Customer Identity can unlock innovation and inspire new capabilitiesπ Read
via "ITPro".
ITPro
Why Customer Identity?
Learn how a renewed focus on Customer Identity can unlock innovation and inspire new capabilities
π1
βΌ CVE-2023-1109 βΌ
π Read
via "National Vulnerability Database".
In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. This may lead to full control of the service.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22946 βΌ
π Read
via "National Vulnerability Database".
In Apache Spark versions prior to 3.4.0, applications using spark-submit can specify a 'proxy-user' to run as, limiting privileges. The application can execute code with the privileges of the submitting user, however, by providing malicious configuration-related classes on the classpath. This affects architectures relying on proxy-user, for example those using Apache Livy to manage submitted applications. Update to Apache Spark 3.4.0 or later, and ensure that spark.submit.proxyUser.allowCustomClasspathInClusterMode is set to its default of "false", and is not overridden by submitted applications.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30771 βΌ
π Read
via "National Vulnerability Database".
Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component on 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.4 of iotdb-web-workbench onwards.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30770 βΌ
π Read
via "National Vulnerability Database".
A stack-based buffer overflow vulnerability was found in the ASUSTOR Data Master (ADM) due to the lack of data size validation. An attacker can exploit this vulnerability to execute arbitrary code. Affected ADM versions include: 4.0.6.REG2, 4.1.0 and below as well as 4.2.0.RE71 and below.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24831 βΌ
π Read
via "National Vulnerability Database".
Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB Grafana Connector: from 0.13.0 through 0.13.3. Attackers could login without authorization. This is fixed in 0.13.4.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2017 βΌ
π Read
via "National Vulnerability Database".
Server-side Template Injection (SSTI) in Shopware 6 (<= v6.4.20.0, v6.5.0.0-rc1 <= v6.5.0.0-rc4), affecting both shopware/core and shopware/platform GitHub repositories, allows remote attackers with access to a Twig environment without the Sandbox extension to bypass the validation checks in `Shopware\Core\Framework\Adapter\Twig\SecurityExtension` and call any arbitrary PHP function and thus execute arbitrary code/commands via usage of fully-qualified names, supplied as array of strings, when referencing callables. Users are advised to upgrade to v6.4.20.1 to resolve this issue. This is a bypass of CVE-2023-22731.π Read
via "National Vulnerability Database".
π’ Build vs. buy: Is managing Customer Identity slowing your time to market? π’
π Read
via "ITPro".
Why identity should be top of mindπ Read
via "ITPro".
ITPro
Build vs. buy: Is managing Customer Identity slowing your time to market?
Why identity should be top of mind
π΄ Top 5 Data Security RSAC 2023 Sessions to Attend π΄
π Read
via "Dark Reading".
A little preconference reconnoitering of upcoming seminars, keynotes, and track sessions makes plotting your days easier. Here's one attendee's list.π Read
via "Dark Reading".
Dark Reading
Top 5 Data Security RSAC 2023 Sessions to Attend
A little preconference reconnoitering of upcoming seminars, keynotes, and track sessions makes plotting your days easier. Here's one attendee's list.
β FBI and FCC warn about βJuicejackingβ β but just how useful is their advice? β
π Read
via "Naked Security".
USB charging stations - can you trust them? What are the real risks, and how can you keep your data safe on the road?π Read
via "Naked Security".
Naked Security
FBI and FCC warn about βJuicejackingβ β but just how useful is their advice?
USB charging stations β can you trust them? What are the real risks, and how can you keep your data safe on the road?