βΌ CVE-2023-28086 βΌ
π Read
via "National Vulnerability Database".
An HPE OneView appliance dump may expose proxy credential settingsπ Read
via "National Vulnerability Database".
βΌ CVE-2023-28087 βΌ
π Read
via "National Vulnerability Database".
An HPE OneView appliance dump may expose OneView user accountsπ Read
via "National Vulnerability Database".
βΌ CVE-2021-45111 βΌ
π Read
via "National Vulnerability Database".
Improper access control in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows remote authenticated users to trigger the creation of demonstration data, including user accounts with known credentials.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40725 βΌ
π Read
via "National Vulnerability Database".
PingID Desktop prior to the latest released version 1.7.4 contains a vulnerability that can be exploited to bypass the maximum PIN attempts permitted before the time-based lockout is activated.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30545 βΌ
π Read
via "National Vulnerability Database".
PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, it is possible for a user with access to the SQL Manager (Advanced Options -> Database) to arbitrarily read any file on the operating system when using SQL function `LOAD_FILE` in a `SELECT` request. This gives the user access to critical information. A patch is available in PrestaShop 8.0.4 and PS 1.7.8.9π Read
via "National Vulnerability Database".
βΌ CVE-2023-28090 βΌ
π Read
via "National Vulnerability Database".
An HPE OneView appliance dump may expose SNMPv3 read credentialsπ Read
via "National Vulnerability Database".
βΌ CVE-2023-30839 βΌ
π Read
via "National Vulnerability Database".
PrestaShop is an Open Source e-commerce web application. Versions prior to 8.0.4 and 1.7.8.9 contain a SQL filtering vulnerability. A BO user can write, update, and delete in the database, even without having specific rights. PrestaShop 8.0.4 and 1.7.8.9 contain a patch for this issue. There are no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23721 βΌ
π Read
via "National Vulnerability Database".
PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machine at different times.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45291 βΌ
π Read
via "National Vulnerability Database".
PWS Personal Weather Station Dashboard (PWS_Dashboard) LTS December 2020 (2012_lts) allows remote code execution by injecting PHP code into settings.php. Attacks can use the PWS_printfile.php, PWS_frame_text.php, PWS_listfile.php, PWS_winter.php, and PWS_easyweathersetup.php endpoints. A contributing factor is a hardcoded login password of support, which is not documented. (This is not the same as the documented setup password, which is 12345.) The issue was fixed in late 2022.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26263 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting (XSS) issue in Discuss app of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to inject arbitrary web script in the browser of a victim, by posting crafted contents.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28088 βΌ
π Read
via "National Vulnerability Database".
An HPE OneView appliance dump may expose SAN switch administrative credentialsπ Read
via "National Vulnerability Database".
βΌ CVE-2021-44465 βΌ
π Read
via "National Vulnerability Database".
Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier allows authenticated attackers to subscribe to receive future notifications and comments related to arbitrary business records in the system, via crafted RPC requests.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23837 βΌ
π Read
via "National Vulnerability Database".
No exception handling vulnerability which revealed sensitive or excessive information to users.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30838 βΌ
π Read
via "National Vulnerability Database".
PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, the `ValidateCore::isCleanHTML()` method of Prestashop misses hijackable events which can lead to cross-site scripting (XSS) injection, allowed by the presence of pre-setup `@keyframes` methods. This XSS, which hijacks HTML attributes, can be triggered without any interaction by the visitor/administrator, which makes it as dangerous as a trivial XSS attack. Contrary to other attacks which target HTML attributes and are triggered without user interaction (such as onload / onerror which suffer from a very limited scope), this one can hijack every HTML element, which increases the danger due to a complete HTML elements scope. Versions 8.0.4 and 1.7.8.9 contain a fix for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23166 βΌ
π Read
via "National Vulnerability Database".
A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read and write local files on the server.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45071 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, via crafted uploaded file names.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44476 βΌ
π Read
via "National Vulnerability Database".
A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read local files on the server, including sensitive configuration files.π Read
via "National Vulnerability Database".
π΄ NetWitness Partners With Palo Alto Networks, Broadcom to Launch SASE Packet Integrations at RSA Conference 2023 π΄
π Read
via "Dark Reading".
Full packet capture and log monitoring directly on SASE nodes maintains enterprise-grade security, no matter where the data originates.π Read
via "Dark Reading".
Dark Reading
NetWitness Partners With Palo Alto Networks, Broadcom to Launch SASE Packet Integrations at RSA Conference 2023
Full packet capture and log monitoring directly on SASE nodes maintains enterprise-grade security, no matter where the data originates.
π΄ ReliaQuest Adds AI Capabilities to GreyMatter Intelligent Analysis π΄
π Read
via "Dark Reading".
Integration of AI can lead to reduction of up to 90% in meantime to resolve security incidents.π Read
via "Dark Reading".
Dark Reading
ReliaQuest Adds AI Capabilities to GreyMatter Intelligent Analysis
Integration of AI can lead to reduction of up to 90% in meantime to resolve security incidents.
π΄ Forcepoint Delivers Data Security Everywhere, Extending DLP Policies From Endpoints to the Cloud π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Forcepoint Delivers Data Security Everywhere, Extending DLP Policies From Endpoints to the Cloud
AUSTIN, Texas β April 25, 2023 β Global security leader Forcepoint today extended the depth and breadth of its Data-first SASE (Secure Access Service Edge) offering with the launch of Forcepoint Data Security Everywhere. Forcepoint is simplifying enterpriseβ¦