‼ CVE-2023-29917 ‼
📖 Read
via "National Vulnerability Database".
H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via go parameter at /goform/aspForm.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29905 ‼
📖 Read
via "National Vulnerability Database".
H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the UpdateSnat interface at /goform/aspForm.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48150 ‼
📖 Read
via "National Vulnerability Database".
Shopware v5.5.10 was discovered to contain a cross-site scripting (XSS) vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29915 ‼
📖 Read
via "National Vulnerability Database".
H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via CMD parameter at /goform/aspForm.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29910 ‼
📖 Read
via "National Vulnerability Database".
H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the UpdateMacClone interface at /goform/aspForm.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26876 ‼
📖 Read
via "National Vulnerability Database".
SQL injection vulnerability found in Piwigo v.13.5.0 and before allows a remote attacker to execute arbitrary code via the filter_user_id parameter to the admin.php?page=history&filter_image_id=&filter_user_id endpoint.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29908 ‼
📖 Read
via "National Vulnerability Database".
H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the SetMobileAPInfoById interface at /goform/aspForm.📖 Read
via "National Vulnerability Database".
🕴 Shadow IT, SaaS Pose Security Liability for Enterprises 🕴
📖 Read
via "Dark Reading".
Software written or acquired outside of IT's purview is software that IT can't evaluate for security or compliance.📖 Read
via "Dark Reading".
Dark Reading
Shadow IT, SaaS Pose Security Liability for Enterprises
Software written or acquired outside of IT's purview is software that IT can't evaluate for security or compliance.
👍1🔥1
⚠ S3 Ep131: Can you really have fun with FORTRAN? ⚠
📖 Read
via "Naked Security".
Loop-the-loop in this week's episode. Entertaining, educational and all in plain English. Transcript inside.📖 Read
via "Naked Security".
Naked Security
S3 Ep131: Can you really have fun with FORTRAN?
Loop-the-loop in this week’s episode. Entertaining, educational and all in plain English. Transcript inside.
🛠 FortiGate Brute Forcer 🛠
📖 Read
via "Packet Storm Security".
This python script is a slow brute forcing utility to check passwords against FortiGate appliances. Check the homepage link for more information on how this was used to slowly bypass brute force protections.📖 Read
via "Packet Storm Security".
Packetstormsecurity
FortiGate Brute Forcer ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
⚠ VMware patches break-and-enter hole in logging tools: update now! ⚠
📖 Read
via "Naked Security".
You know jolly well/What we're going to say/And that's "Do not delay/Simply do it today."📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
👍1
‼ CVE-2023-2140 ‼
📖 Read
via "National Vulnerability Database".
A Server-Side Request Forgery vulnerability in DELMIA Apriso Release 2017 through Release 2022 could allow an unauthenticated attacker to issue requests to arbitrary hosts on behalf of the server running the DELMIA Apriso application.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30798 ‼
📖 Read
via "National Vulnerability Database".
There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2023-2139 ‼
📖 Read
via "National Vulnerability Database".
A reflected Cross-site Scripting (XSS) Vulnerability in DELMIA Apriso Release 2017 through Release 2022 allows an attacker to execute arbitrary script code.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2141 ‼
📖 Read
via "National Vulnerability Database".
An unsafe .NET object deserialization in DELMIA Apriso Release 2017 through Release 2022 could lead to post-authentication remote code execution.📖 Read
via "National Vulnerability Database".
🕴 Intel Prioritizes Security in Latest vPro Chips 🕴
📖 Read
via "Dark Reading".
While Intel is building more hardware protections directly into the chips, enterprises still need a strategy for applying security updates on these components.📖 Read
via "Dark Reading".
Dark Reading
Intel Prioritizes Security in Latest vPro Chips
While Intel is building more hardware protections directly into the chips, enterprises still need a strategy for applying security updates on these components.
👎1
🕴 North Korea's Kimsuky APT Keeps Growing, Despite Public Outing 🕴
📖 Read
via "Dark Reading".
Kim Jong Un's Swiss Army knife APT continues to spread its tendrils around the world, showing it's not intimidated by the researchers closing in.📖 Read
via "Dark Reading".
Dark Reading
North Korea's Kimsuky APT Keeps Growing, Despite Public Outing
Kim Jong Un's Swiss Army knife APT continues to spread its tendrils around the world, showing it's not intimidated by the researchers closing in.
🕴 EvilExtractor Infostealer Campaign Targeting Windows OS 🕴
📖 Read
via "Dark Reading".
Uptick in EvilExtractor activity aims to compromise endpoints to steal browser from targets across Europe and the US, researchers say.📖 Read
via "Dark Reading".
Dark Reading
'EvilExtractor' All-in-One Stealer Campaign Targets Windows User Data
An uptick in EvilExtractor activity aims to compromise endpoints to steal browser from targets across Europe and the US, researchers say.
‼ CVE-2022-47930 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session id, context, or random nonce in the generation of the challenge. This could allow a malicious user or an eavesdropper to replay a valid proof sent in the past.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26557 ‼
📖 Read
via "National Vulnerability Database".
io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is in crypto/paillier/paillier.go. (bnb-chain/tss-lib and thorchain/tss are also affected.)📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26556 ‼
📖 Read
via "National Vulnerability Database".
io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time (there is an if statement in a loop). One leak is in ecdsa/keygen/round_2.go. (bnb-chain/tss-lib and thorchain/tss are also affected.)📖 Read
via "National Vulnerability Database".