π΄ Dig Security Announces New Integration With CrowdStrike π΄
π Read
via "Dark Reading".
New CrowdStrike Falcon platform integration delivers multi-cloud visibility and protection of data assets with layered malware detection and file scanning to stop modern attacks.π Read
via "Dark Reading".
Dark Reading
Dig Security Announces New Integration With CrowdStrike
New CrowdStrike Falcon platform integration delivers multi-cloud visibility and protection of data assets with layered malware detection and file scanning to stop modern attacks.
βΌ CVE-2023-30842 βΌ
π Read
via "National Vulnerability Database".
AVideo is an open-source video platform. Prior to version 12.4, AVideo is vulnerable to remote code execution when an attacker embeds a malicious video link. This issue is fixed in version 12.4.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0045 βΌ
π Read
via "National Vulnerability Database".
The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set Γ function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall. Γ The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176.We recommend upgrading past commitΓ a664ec9158eeddd75121d39c9a0758016097fa96π Read
via "National Vulnerability Database".
βΌ CVE-2023-20870 βΌ
π Read
via "National Vulnerability Database".
VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20869 βΌ
π Read
via "National Vulnerability Database".
VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31223 βΌ
π Read
via "National Vulnerability Database".
Dradis before 4.8.0 allows persistent XSS by authenticated author users, related to avatars.π Read
via "National Vulnerability Database".
π΄ CISOs Rethink Data Security with Info-Centric Framework π΄
π Read
via "Dark Reading".
The Data Security Maturity Model ditches application, network, and device silos when it comes to architecting a data security strategy.π Read
via "Dark Reading".
Dark Reading
CISOs Rethink Data Security With Info-Centric Framework
The Data Security Maturity Model ditches application, network, and device silos when it comes to architecting a data security strategy.
βΌ CVE-2023-30404 βΌ
π Read
via "National Vulnerability Database".
Aigital Wireless-N Repeater Mini_Router v0.131229 was discovered to contain a remote code execution (RCE) vulnerability via the sysCmd parameter in the formSysCmd function. This vulnerability is exploited via a crafted HTTP request.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2012-5873 βΌ
π Read
via "National Vulnerability Database".
ARC (aka ARC2) through 2011-12-01 allows reflected XSS via the end_point.php query parameter in an output=htmltab action.π Read
via "National Vulnerability Database".
βΌ CVE-2012-5872 βΌ
π Read
via "National Vulnerability Database".
ARC (aka ARC2) through 2011-12-01 allows blind SQL Injection in getTriplePatternSQL in ARC2_StoreSelectQueryHandler.php via comments in a SPARQL WHERE clause.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41739 βΌ
π Read
via "National Vulnerability Database".
IBM Spectrum Scale (IBM Spectrum Scale Container Native Storage Access 5.1.2.1 through 5.1.6.0) could allow programs running inside the container to overcome isolation mechanism and gain additional capabilities or access sensitive information on the host. IBM X-Force ID: 237815.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27843 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability found in PrestaShop askforaquote v.5.4.2 and before allow a remote attacker to gain privileges via the QuotesProduct::deleteProduct component.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26735 βΌ
π Read
via "National Vulnerability Database".
blackbox_exporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26560 βΌ
π Read
via "National Vulnerability Database".
Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36769 βΌ
π Read
via "National Vulnerability Database".
IBM Cloud Pak for Data 4.5 and 4.6 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 232034.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30106 βΌ
π Read
via "National Vulnerability Database".
Sourcecodester Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS) via page=about.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30111 βΌ
π Read
via "National Vulnerability Database".
Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS).π Read
via "National Vulnerability Database".
π΄ Effects of the Hive Ransomware Group Takedown π΄
π Read
via "Dark Reading".
Despite some success in limiting damage from Hive, there's no time to relax security vigilance. π Read
via "Dark Reading".
Dark Reading
Effects of the Hive Ransomware Group Takedown
Despite some success in limiting damage from Hive, there's no time to relax security vigilance.
βΌ CVE-2023-24796 βΌ
π Read
via "National Vulnerability Database".
Password vulnerability found in Vinga WR-AC1200 81.102.1.4370 and before allows a remote attacker to execute arbitrary code via the password parameter at the /goform/sysTools and /adm/systools.asp endpoints.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26286 βΌ
π Read
via "National Vulnerability Database".
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX runtime services library to execute arbitrary commands. IBM X-Force ID: 248421.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29257 βΌ
π Read
via "National Vulnerability Database".
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance. IBM X-Force ID: 252011.π Read
via "National Vulnerability Database".