βΌ CVE-2022-27979 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in ToolJet v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment Body component.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27978 βΌ
π Read
via "National Vulnerability Database".
Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passwords via a crafted HTTP request.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30211 βΌ
π Read
via "National Vulnerability Database".
OURPHP <= 7.2.0 is vulnerable to SQL Injection.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30212 βΌ
π Read
via "National Vulnerability Database".
OURPHP <= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php.π Read
via "National Vulnerability Database".
β Google leaking 2FA secrets β researchers advise against new βaccount syncβ feature for now β
π Read
via "Naked Security".
You waited 13 years for this feature in Google Authenticator. Now researchers are advising you to wait a while longer, just in case...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ High-Severity SLP Flaw Can Amplify DDoS Attacks up to 2,200 Times π΄
π Read
via "Dark Reading".
More than 2,000 global organizations β including Fortune 1,000 companies β are at risk to reflective DDoS attacks that exploit a vulnerability discovered in the legacy Internet protocol.π Read
via "Dark Reading".
Dark Reading
High-Severity SLP Flaw Can Amplify DDoS Attacks up to 2,200 Times
More than 2,000 global organizations β including Fortune 1,000 companies β are at risk to reflective DDoS attacks that exploit a vulnerability discovered in the legacy Internet protocol.
π΄ Linux Shift: Chinese APT Alloy Taurus Is Back With Retooling π΄
π Read
via "Dark Reading".
An old threat actor is making its comeback, sending around their old malware with a new tint.π Read
via "Dark Reading".
Dark Reading
Linux Shift: Chinese APT Alloy Taurus Is Back With Retooling
An old threat actor is making its comeback, sending around its old malware with a new tint.
βΌ CVE-2023-29268 βΌ
π Read
via "National Vulnerability Database".
The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Statistics Services: versions 11.4.10 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, and 12.0.2, versions 12.1.0 and 12.2.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26935 βΌ
π Read
via "National Vulnerability Database".
Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via SharedFile::readBlock at /xpdf/Stream.cc.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26938 βΌ
π Read
via "National Vulnerability Database".
Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service viaSharedFile::readBlock located in goo/gfile.cc.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26937 βΌ
π Read
via "National Vulnerability Database".
Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via GString::resize located in goo/GString.ccπ Read
via "National Vulnerability Database".
βΌ CVE-2023-30841 βΌ
π Read
via "National Vulnerability Database".
Baremetal Operator (BMO) is a bare metal host provisioning integration for Kubernetes. Prior to version 0.3.0, ironic and ironic-inspector deployed within Baremetal Operator using the included `deploy.sh` store their `.htpasswd` files as ConfigMaps instead of Secrets. This causes the plain-text username and hashed password to be readable by anyone having a cluster-wide read-access to the management cluster, or access to the management cluster's Etcd storage. This issue is patched in baremetal-operator PR#1241, and is included in BMO release 0.3.0 onwards. As a workaround, users may modify the kustomizations and redeploy the BMO, or recreate the required ConfigMaps as Secrets per instructions in baremetal-operator PR#1241.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26936 βΌ
π Read
via "National Vulnerability Database".
Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via gmalloc in gmem.ccπ Read
via "National Vulnerability Database".
βΌ CVE-2023-26931 βΌ
π Read
via "National Vulnerability Database".
Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the TextOutputDev.cc function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26934 βΌ
π Read
via "National Vulnerability Database".
An issue found in XPDF v.4.04 allows an attacker to cause a denial of service via a crafted pdf file in the object.cc parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31250 βΌ
π Read
via "National Vulnerability Database".
The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing private files after updating.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30546 βΌ
π Read
via "National Vulnerability Database".
Contiki-NG is an operating system for Internet of Things devices. An off-by-one error can be triggered in the Antelope database management system in the Contiki-NG operating system in versions 4.8 and prior. The problem exists in the Contiki File System (CFS) backend for the storage of data (file os/storage/antelope/storage-cfs.c). In the functions `storage_get_index` and `storage_put_index`, a buffer for merging two strings is allocated with one byte less than the maximum size of the merged strings, causing subsequent function calls to the cfs_open function to read from memory beyond the buffer size. The vulnerability has been patched in the "develop" branch of Contiki-NG, and is expected to be included in the next release. As a workaround, the problem can be fixed by applying the patch in Contiki-NG pull request #2425.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0458 βΌ
π Read
via "National Vulnerability Database".
A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commitΓ 739790605705ddcf18f21782b9c99ad7d53a8c11π Read
via "National Vulnerability Database".
βΌ CVE-2023-26930 βΌ
π Read
via "National Vulnerability Database".
Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the PDFDoc malloc in the pdftotext.cc function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44232 βΌ
π Read
via "National Vulnerability Database".
libming 0.4.8 0.4.8 is vulnerable to Buffer Overflow. In getInt() in decompile.c unknown type may lead to denial of service. This is a different vulnerability than CVE-2018-9132 and CVE-2018-20427.π Read
via "National Vulnerability Database".
π΄ BigID and Thales Collaborate to Deliver Comprehensive Data Protection and Privacy Compliance π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
BigID and Thales Collaborate to Deliver Comprehensive Data Protection and Privacy Compliance
NEW YORK, April 26, 2023 /PRNewswire/ -- BigID, the leading data intelligence platform that enables organizations to know their enterprise data and take action for privacy, security, and governance, today announced a technology partnership with Thales, theβ¦