βΌ CVE-2023-26057 βΌ
π Read
via "National Vulnerability Database".
An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the Configuration Dashboard page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25479 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Podlove Podlove Subscribe button plugin <=Γ 1.3.7 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26841 βΌ
π Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to change any user's password except for the user that is currently logged in.π Read
via "National Vulnerability Database".
π΄ Building a Better SBOM π΄
π Read
via "Dark Reading".
Generating an SBOM is easy. It's generating one that's comprehensive and accurate that's hard.π Read
via "Dark Reading".
Dark Reading
Building a Better SBOM
Generating an SBOM is easy. It's generating one that's comprehensive and accurate that's hard.
π’ How to reduce the risk of phishing and ransomware π’
π Read
via "ITPro".
Top security concerns and tips for mitigation π Read
via "ITPro".
ITPro
How to reduce the risk of phishing and ransomware
Top security concerns and tips for mitigation
βΌ CVE-2023-29779 βΌ
π Read
via "National Vulnerability Database".
Sengled Dimmer Switch V0.0.9 contains a denial of service (DOS) vulnerability, which allows a remote attacker to send malicious Zigbee messages to a vulnerable device and cause crashes. After receiving the malicious command, the device will keep reporting its status and finally drain its battery after receiving the 'Set_short_poll_interval' command.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27105 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the Wi-Fi file transfer module of Shanling M5S Portable Music Player with Shanling MTouch OS v4.3 and Shanling M2X Portable Music Player with Shanling MTouch OS v3.3 allows attackers to arbitrarily read, delete, or modify any critical system files via directory traversal.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2281 βΌ
π Read
via "National Vulnerability Database".
When archiving a team, Mattermost fails to sanitize the related Websocket event sent to currently connected clients. This allows the clients to see the name, display name, description, and other data about the archived team.π Read
via "National Vulnerability Database".
β Double zero-day in Chrome and Edge β check your versions now! β
π Read
via "Naked Security".
Wouldn't it be handy if there were a single version number to check for in every Chromium-based browser, on every supported platform?π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ The Decline in Ransomware: Does It Actually Increase Risks for Organizations? π΄
π Read
via "Dark Reading".
Organizations need to remain vigilant and not take the decline as reason to cut back their cybersecurity strategies.π Read
via "Dark Reading".
Dark Reading
The Decline in Ransomware: Does It Actually Increase Risks for Organizations?
Organizations need to remain vigilant and not take the decline as reason to cut back their cybersecurity strategies.
β PaperCut security vulnerabilities under active attack β vendor urges customers to patch β
π Read
via "Naked Security".
If you have the product, but you haven't patched - well, the crooks have now landed, so please don't delay. Do it today...π Read
via "Naked Security".
Naked Security
PaperCut security vulnerabilities under active attack β vendor urges customers to patch
If you have the product, but you havenβt patched β well, the crooks have now landed, so please donβt delay. Do it todayβ¦
βΌ CVE-2022-31244 βΌ
π Read
via "National Vulnerability Database".
Nokia OneNDS 17r2 has Insecure Permissions vulnerability that allows for privilege escalation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25484 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Oliver SchlΓΒΆbe Simple Yearly Archive plugin <=Γ 2.1.8 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47608 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Contact Form plugin <=Γ 8.0.3.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25313 βΌ
π Read
via "National Vulnerability Database".
OS injection vulnerability in World Wide Broadcast Network AVideo version before 12.4, allows attackers to execute arbitrary code via the video link field to the Embed a video link feature.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28847 βΌ
π Read
via "National Vulnerability Database".
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server 24.0.0 prior to 24.0.11 and 25.0.0 prior to 25.0.5; as well as Nextcloud Server Enterprise 23.0.0 prior to 23.0.12.6, 24.0.0 prior to 24.0.11, and 25.0.0 prior to 25.0.5; an attacker is not restricted in verifying passwords of share links so they can just start brute forcing the password. Nextcloud Server 24.0.11 and 25.0.5 and Nextcloud Enterprise Server 23.0.12.6, 24.0.11, and 25.0.5 contain a fix for this issue. No known workarounds are available.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30402 βΌ
π Read
via "National Vulnerability Database".
YASM v1.3.0 was discovered to contain a heap overflow via the function handle_dot_label at /nasm/nasm-token.re.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29552 βΌ
π Read
via "National Vulnerability Database".
The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25314 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in World Wide Broadcast Network AVideo before 12.4, allows attackers to gain sensitive information via the success parameter to /user.π Read
via "National Vulnerability Database".
π΄ Attackers Abuse PaperCut RCE Flaws to Take Over Enterprise Print Servers π΄
π Read
via "Dark Reading".
Customers should apply updates to the print management software used by more than 100 million organizations worldwide, with typical US customers found in the SLED sector.π Read
via "Dark Reading".
Dark Reading
Attackers Abuse PaperCut RCE Flaws to Take Over Enterprise Print Servers
Customers should apply updates to the print management software used by more than 100 million organizations worldwide, with typical US customers found in the SLED sector.
π΄ 'Good' AI Is the Only Path to True Zero-Trust Architecture π΄
π Read
via "Dark Reading".
Ultimately AI will protect the enterprise, but it's up to the cybersecurity community to protect 'good' AI in order to get there, RSA's Rohit Ghai says.π Read
via "Dark Reading".
Dark Reading
'Good' AI Is the Only Path to True Zero-Trust Architecture
Ultimately, AI will protect the enterprise, but it's up to the cybersecurity community to protect "good" AI in order to get there, RSA's Rohit Ghai says.