โผ CVE-2015-10103 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in InternalError503 Forget It up to 1.3. This affects an unknown part of the file js/settings.js. The manipulation of the argument setForgetTime with the input 0 leads to infinite loop. It is possible to launch the attack on the local host. Upgrading to version 1.4 is able to address this issue. The name of the patch is adf0c7fd59b9c935b4fd675c556265620124999c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-226119.๐ Read
via "National Vulnerability Database".
โผ CVE-2015-10102 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in Freshdesk Plugin 1.7 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to open redirect. The attack may be launched remotely. Upgrading to version 1.8 is able to address this issue. The name of the patch is 2aaecd4e0c7c6c1dc4e6a593163d5f7aa0fa5d5b. It is recommended to upgrade the affected component. VDB-226118 is the identifier assigned to this vulnerability.๐ Read
via "National Vulnerability Database".
๐ด NSA's National Centers for Academic Excellent (NCAE) Cyber Games to Hold National Finals on April 22 ๐ด
๐ Read
via "Dark Reading".
๐ Read
via "Dark Reading".
Dark Reading
NSA's National Centers for Academic Excellent (NCAE) Cyber Games to Hold National Finals on April 22
Cyber Florida at the University of South Florida - Tampa will host the national championship round of the NCAE Cyber Games on April 22 on the University of South Florida-Tampa campus. The event will be live-streamed via Twitch at https://www.twitch.tv/ncโฆ
๐ด lockr Raises $2.5M ๐ด
๐ Read
via "Dark Reading".
lockr preserves open access to information across the Internet while honoring consumer privacy and choice.๐ Read
via "Dark Reading".
Dark Reading
lockr Raises $2.5M
lockr preserves open access to information across the Internet while honoring consumer privacy and choice.
๐ด Google Issues Emergency Chrome Update for Zero-Day Bug ๐ด
๐ Read
via "Dark Reading".
Because the security vulnerability is under active exploit, Google isn't releasing full details of the flaw while users could remain vulnerable.๐ Read
via "Dark Reading".
Dark Reading
Google Issues Emergency Chrome Update for Zero-Day Bug
Because the security vulnerability is under active exploit, Google isn't releasing full details of the flaw while users could remain vulnerable.
๐ด FIN7, Former Conti Gang Members Collaborate on 'Domino' Malware ๐ด
๐ Read
via "Dark Reading".
Members of the former ransomware group are using a FIN7 backdoor to deliver malware โincluding Cobalt Strike โ to victim systems.๐ Read
via "Dark Reading".
Dark Reading
FIN7, Former Conti Gang Members Collaborate on 'Domino' Malware
Members of the former ransomware group are using a FIN7 backdoor to deliver malware โincluding Cobalt Strike โ to victim systems.
โผ CVE-2023-27907 โผ
๐ Read
via "National Vulnerability Database".
A malicious actor may convince a victim to open a malicious USD file that may trigger an out-of-bounds write vulnerability which may result in code execution.๐ Read
via "National Vulnerability Database".
โค1
โผ CVE-2023-25010 โผ
๐ Read
via "National Vulnerability Database".
A malicious actor may convince a victim to open a malicious USD file that may trigger an uninitialized variable which may result in code execution.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-27910 โผ
๐ Read
via "National Vulnerability Database".
A user may be tricked into opening a malicious FBX file that may exploit a stack buffer overflow vulnerability in Autodeskรยฎ FBXรยฎ SDK 2020 or prior which may lead to code execution.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-30548 โผ
๐ Read
via "National Vulnerability Database".
gatsby-plugin-sharp is a plugin for the gatsby framework which exposes functions built on the Sharp image processing library. The gatsby-plugin-sharp plugin prior to versions 5.8.1 and 4.25.1 contains a path traversal vulnerability exposed when running the Gatsby develop server (`gatsby develop`). It should be noted that by default gatsby develop is only accessible via the localhost 127.0.0.1, and one would need to intentionally expose the server to other interfaces to exploit this vulnerability by using server options such as --host 0.0.0.0, -H 0.0.0.0, or the GATSBY_HOST=0.0.0.0 environment variable. Attackers exploiting this vulnerability will have read access to all files within the scope of the server process. A patch has been introduced in gatsby-plugin-sharp@5.8.1 and gatsby-plugin-sharp@4.25.1 which mitigates the issue by ensuring that included paths remain within the project directory. As stated above, by default gatsby develop is only exposed to the localhost 127.0.0.1. For those using the develop server in the default configuration no risk is posed. If other ranges are required, preventing the develop server from being exposed to untrusted interfaces or IP address ranges would mitigate the risk from this vulnerability. Users are non the less encouraged to upgrade to a safe version.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-30769 โผ
๐ Read
via "National Vulnerability Database".
Vulnerability discovered is related to the peer-to-peer (p2p) communications, attackers can craft consensus messages, send it to individual nodes and take them offline. An attacker can crawl the network peers using getaddr message and attack the unpatched nodes.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-27911 โผ
๐ Read
via "National Vulnerability Database".
A user may be tricked into opening a malicious FBX file that may exploit a heap buffer overflow vulnerability in Autodeskรยฎ FBXรยฎ SDK 2020 or prior which may lead to code execution.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-2130 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in SourceCodester Purchase Order Management System 1.0. Affected is an unknown function of the file /admin/suppliers/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226206 is the identifier assigned to this vulnerability.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-27906 โผ
๐ Read
via "National Vulnerability Database".
A malicious actor may convince a victim to open a malicious USD file that may trigger an out-of-bounds read vulnerability which may result in code execution.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-27909 โผ
๐ Read
via "National Vulnerability Database".
An Out-Of-Bounds Write Vulnerability in Autodeskรยฎ FBXรยฎ SDK version 2020 or prior may lead to code execution through maliciously crafted FBX files or information disclosure.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-29197 โผ
๐ Read
via "National Vulnerability Database".
guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to improper header parsing. An attacker could sneak in a newline (\n) into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n. This is a follow-up to CVE-2022-24775 where the fix was incomplete. The issue has been patched in versions 1.9.1 and 2.4.5. There are no known workarounds for this vulnerability. Users are advised to upgrade.๐ Read
via "National Vulnerability Database".
โค1
โผ CVE-2023-28963 โผ
๐ Read
via "National Vulnerability Database".
An Improper Authentication vulnerability in cert-mgmt.php, used by the J-Web component of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to read arbitrary files from temporary folders on the device. This issue affects Juniper Networks Junos OS: All versions prior to 19.1R3-S10; 19.2 versions prior to 19.2R3-S7; 19.3 versions prior to 19.3R3-S8; 19.4 versions prior to 19.4R3-S11; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S7; 20.3 version 20.3R1 and later versions; 20.4 versions prior to 20.4R3-S6; 21.1 versions prior to 21.1R3-S5; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S3; 22.1 versions prior to 22.1R3-S1; 22.2 versions prior to 22.2R2-S1, 22.2R3; 22.3 versions prior to 22.3R1-S2, 22.3R2.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-30536 โผ
๐ Read
via "National Vulnerability Database".
slim/psr7 is a PSR-7 implementation for use with Slim 4. In versions prior to 1.6.1 an attacker could sneak in a newline (\n) into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n. An attacker that is able to control the header names that are passed to Slilm-Psr7 would be able to intentionally craft invalid messages, possibly causing application errors or invalid HTTP requests being sent out with an PSR-18 HTTP client. The latter might present a denial of service vector if a remote serviceรขโฌโขs web application firewall bans the application due to the receipt of malformed requests. The issue has been patched in version 1.6.1. There are no known workarounds to this issue. Users are advised to upgrade.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-24502 โผ
๐ Read
via "National Vulnerability Database".
Electra Central AC unit รขโฌโ The unit opens an AP with an easily calculated password.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-28968 โผ
๐ Read
via "National Vulnerability Database".
An Improperly Controlled Sequential Memory Allocation vulnerability in the Juniper Networks Deep Packet Inspection-Decoder (JDPI-Decoder) Application Signature component of Junos OS's AppID service on SRX Series devices will stop the JDPI-Decoder from identifying dynamic application traffic, allowing an unauthenticated network-based attacker to send traffic to the target device using the JDPI-Decoder, designed to inspect dynamic application traffic and take action upon this traffic, to instead begin to not take action and to pass the traffic through. An example session can be seen by running the following command and evaluating the output. user@device# run show security flow session source-prefix <address/mask> extensive Session ID: <session ID>, Status: Normal, State: Active Policy name: <name of policy> Dynamic application: junos:UNKNOWN, <<<<< LOOK HERE Please note, the JDPI-Decoder and the AppID SigPack are both affected and both must be upgraded along with the operating system to address the matter. By default, none of this is auto-enabled for automatic updates. This issue affects: Juniper Networks any version of the JDPI-Decoder Engine prior to version 5.7.0-47 with the JDPI-Decoder enabled using any version of the AppID SigPack prior to version 1.550.2-31 (SigPack 3533) on Junos OS on SRX Series: All versions prior to 19.1R3-S10; 19.2 versions prior to 19.2R3-S7; 19.3 versions prior to 19.3R3-S8; 19.4 versions prior to 19.4R3-S11; 20.1 version 20.1R1 and later versions prior to 20.2R3-S7; 20.3 version 20.3R1 and later versions prior to 20.4R3-S6; 21.1 versions prior to 21.1R3-S5; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S3; 22.1 versions prior to 22.1R3-S1; 22.2 versions prior to 22.2R2-S1, 22.2R3; 22.3 versions prior to 22.3R1-S2, 22.3R2;๐ Read
via "National Vulnerability Database".
โผ CVE-2023-28959 โผ
๐ Read
via "National Vulnerability Database".
An Improper Check or Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on QFX10002 allows an unauthenticated, adjacent attacker on the local broadcast domain sending a malformed packet to the device, causing all PFEs other than the inbound PFE to wedge and to eventually restart, resulting in a Denial of Service (DoS) condition. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue can only be triggered by sending a specific malformed packet to the device. Transit traffic does not trigger this issue. An indication of this issue occurring can be seen through the following log messages: fpc0 expr_hostbound_packet_handler: Receive pe 73? fpc0 Cmerror Op Set: PE Chip: PE0[0]: PGQ:misc_intr: 0x00000020: Enqueue of a packet with out-of-range VOQ in 192K-VOQ mode (URI: /fpc/0/pfe/0/cm/0/PE_Chip/0/PECHIP_CMERROR_PGQ_MISC_INT_EVENTS_ENQ_192K_VIOL) The logs list below can also be observed when this issue occurs fpc0 Error: /fpc/0/pfe/0/cm/0/PE_Chip/0/PECHIP_CMERROR_PGQ_MISC_INT_EVENTS_ENQ_192K_VIOL (0x210107), scope: pfe, category: functional, severity: major, module: PE Chip, type: Description for PECHIP_CMERROR_PGQ_MISC_INT_EVENTS_ENQ_192K_VIOL fpc0 Performing action cmalarm for error /fpc/0/pfe/0/cm/0/PE_Chip/0/PECHIP_CMERROR_PGQ_MISC_INT_EVENTS_ENQ_192K_VIOL (0x210107) in module: PE Chip with scope: pfe category: functional level: major fpc0 Error: /fpc/0/pfe/0/cm/0/PE_Chip/0/PECHIP_CMERROR_CM_INT_REG_DCHK_PIPE (0x21011a), scope: pfe, category: functional, severity: fatal, module: PE Chip, type: Description for PECHIP_CMERROR_CM_INT_REG_DCHK_PIPE fpc0 Performing action cmalarm for error /fpc/0/pfe/0/cm/0/PE_Chip/0/PECHIP_CMERROR_CM_INT_REG_DCHK_PIPE (0x21011a) in module: PE Chip with scope: pfe category: functional level: fatal fpc0 Performing action disable-pfe for error /fpc/0/pfe/0/cm/0/PE_Chip/0/PECHIP_CMERROR_CM_INT_REG_DCHK_PIPE (0x21011a) in module: PE Chip with scope: pfe category: functional level: fatal This issue affects Juniper Networks Junos OS on QFX10002: All versions prior to 19.1R3-S10; 19.4 versions prior to 19.4R3-S11; 20.2 versions prior to 20.2R3-S7; 20.4 versions prior to 20.4R3-S6; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S2; 22.1 versions prior to 22.1R3-S1; 22.2 versions prior to 22.2R2-S1, 22.2R3; 22.3 versions prior to 22.3R1-S2, 22.3R2.๐ Read
via "National Vulnerability Database".