βΌ CVE-2023-2166 βΌ
π Read
via "National Vulnerability Database".
A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux. ml_priv may not be initialized in the receive path of CAN frames. A local user could use this flaw to crash the system or potentially cause a denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2084 βΌ
π Read
via "National Vulnerability Database".
Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed passwords.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33971 βΌ
π Read
via "National Vulnerability Database".
Qihoo 360 (https://www.360.cn/) Qihoo 360 Safeguard (https://www.360.cn/) Qihoo 360 Total Security (http://www.360totalsecurity.com/) is affected by: Buffer Overflow. The impact is: execute arbitrary code (local). The component is: This is a set of vulnerabilities affecting popular software, "360 Safeguard(12.1.0.1004,12.1.0.1005,13.1.0.1001)" , "360 Total Security(10.8.0.1060,10.8.0.1213)", "360 Safe Browser & 360 Chrome(13.0.2170.0)". The attack vector is: On the browser vulnerability, just open a link to complete the vulnerability exploitation remotely; on the client software, you need to locally execute the vulnerability exploitation program, which of course can be achieved with the full chain of browser vulnerability. ΓΒΆΓΒΆ This is a set of the most serious vulnerabilities that exist on Qihoo 360's PC client a variety of popular software, remote vulnerabilities can be completed by opening a link to arbitrary code execution on both security browsers, with the use of local vulnerabilities, not only help the vulnerability code constitutes an escalation of privileges, er can make the spyware persistent without being scanned permanently resides on the target PC computer (because local vulnerability against Qihoo 360 company's antivirus kernel flaws); this group of remote and local vulnerability of the perfect match, to achieve an information security fallacy, in Qihoo 360's antivirus vulnerability, not only can not be scanned out of the virus, but will help the virus persistently control the target computer, while Qihoo 360 claims to be a safe browser, which exists in the kernel vulnerability but helped the composition of the remote vulnerability. (Security expert "Memory Corruptor" have reported this set of vulnerabilities to the corresponding vendor, all vulnerabilities have been fixed and the vendor rewarded thousands of dollars to the security experts)π Read
via "National Vulnerability Database".
βΌ CVE-2023-23451 βΌ
π Read
via "National Vulnerability Database".
The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW., SICK UE410-EN1 FLEXI ETHERNET GATEW., SICK UE410-EN3S04 FLEXI ETHERNET GATEW., SICK UE410-EN4 FLEXI ETHERNET GATEW., SICK FX0-GENT00000 FLEXISOFT EIP GATEW., SICK FX0-GMOD00000 FLEXISOFT MOD GATEW., SICK FX0-GPNT00000 FLEXISOFT PNET GATEW., SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2, SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 and SICK FX0-GMOD00010 FLEXISOFT MOD GW. have Telnet enabled by factory default. No password is set in the default configuration. Gateways with a serial number >2311xxxx have the Telnet interface disabled by factory default.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1382 βΌ
π Read
via "National Vulnerability Database".
A data race flaw was found in the Linux kernel, between where con is allocated and con->sock is set. This issue leads to a NULL pointer dereference when accessing con->sock->sk in net/tipc/topsrv.c in the tipc protocol in the Linux kernel.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28327 βΌ
π Read
via "National Vulnerability Database".
A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unix_diag_get_exact in the Linux Kernel. The newly allocated skb does not have sk, leading to a NULL pointer. This flaw allows a local user to crash or potentially cause a denial of service.π Read
via "National Vulnerability Database".
π1
π’ Capita finally admits breach affecting 4% of its servers π’
π Read
via "ITPro".
It also allegedly misled the public about when the breach took placeπ Read
via "ITPro".
ITPro
Capita finally admits breach affecting 4% of its servers
It also allegedly misled the public about when the breach took place
βΌ CVE-2023-2193 βΌ
π Read
via "National Vulnerability Database".
Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28047 βΌ
π Read
via "National Vulnerability Database".
Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder creation vulnerability during installation. A local low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code on the operating system with high privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0384 βΌ
π Read
via "National Vulnerability Database".
User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption for a scheduled job.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0383 βΌ
π Read
via "National Vulnerability Database".
User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption.π Read
via "National Vulnerability Database".
βΌ CVE-2014-125099 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in I Recommend This Plugin up to 3.7.2 on WordPress and classified as critical. Affected by this vulnerability is an unknown functionality of the file dot-irecommendthis.php. The manipulation leads to sql injection. The attack can be launched remotely. Upgrading to version 3.7.3 is able to address this issue. The name of the patch is 058b3ef5c7577bf557557904a53ecc8599b13649. It is recommended to upgrade the affected component. The identifier VDB-226309 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4942 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in mportuga eslint-detailed-reporter up to 0.9.0 and classified as problematic. Affected by this issue is the function renderIssue in the library lib/template-generator.js. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The name of the patch is 505c190efd4905990db6207863bdcbd9b1d7e1bd. It is recommended to apply a patch to fix this issue. VDB-226310 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2112 βΌ
π Read
via "National Vulnerability Database".
Desktop component service allows lateral movement between sessions in M-Files before 23.4.12455.0.Γ π Read
via "National Vulnerability Database".
π’ Walking the line: GitOps and Shift Left security π’
π Read
via "ITPro".
Scalable, developer-centric supply chain security solutionsπ Read
via "ITPro".
ITPro
Walking the line: GitOps and Shift Left security
Scalable, developer-centric supply chain security solutions
π’ Beat cyber criminals at their own game π’
π Read
via "ITPro".
A guide to winning the vulnerability race and protection your organizationπ Read
via "ITPro".
ITPro
Beat cyber criminals at their own game
A guide to winning the vulnerability race and protection your organization
π’ Off-the-shelf ransomware is spurring a new era in the Ukraine war π’
π Read
via "ITPro".
Experts agreed Russian forces could be overwhelmed, forced to use less sophisticated tools to meet the regime's demandsπ Read
via "ITPro".
ITPro
Off-the-shelf ransomware is spurring a new era in the Ukraine war
Experts agreed Russian forces could be overwhelmed, forced to use less sophisticated tools to meet the regime's demands
π’ Quantifying the public vulnerability market: 2022 edition π’
π Read
via "ITPro".
An analysis of vulnerability disclosures, impact severity, and product analysisπ Read
via "ITPro".
ITPro
Quantifying the public vulnerability market: 2022 edition
An analysis of vulnerability disclosures, impact severity, and product analysis
π’ Three ways to evolve your security operations π’
π Read
via "ITPro".
Why current approaches arenβt workingπ Read
via "ITPro".
ITPro
Three ways to evolve your security operations
Why current approaches arenβt working
βΌ CVE-2023-1767 βΌ
π Read
via "National Vulnerability Database".
The Snyk Advisor website (https://snyk.io/advisor/) was vulnerable to a stored XSS prior to 28th March 2023. A feature of Snyk Advisor is to display the contents of a scanned package's Readme on its package health page. An attacker could create a package in NPM with an associated markdown README file containing XSS-able HTML tags. Upon Snyk Advisor importing the package, the XSS would run each time an end user browsed to the package's page on Snyk Advisor.π Read
via "National Vulnerability Database".
π΄ Newer Authentication Tech a Priority for 2023 π΄
π Read
via "Dark Reading".
Organizations are planning on newer multifactor authentication methods such as invisible MFA and passwordless, says SecureAuth in its State of Authentication report.π Read
via "Dark Reading".
Dark Reading
Newer Authentication Tech a Priority for 2023
Organizations are planning on newer multifactor authentication methods, such as invisible MFA and passwordless, says SecureAuth in its "State of Authentication" report.