βΌ CVE-2023-29950 βΌ
π Read
via "National Vulnerability Database".
swfrender v0.9.2 was discovered to contain a heap buffer overflow in the function enumerateUsedIDs_fillstyle at modules/swftools.cπ Read
via "National Vulnerability Database".
βΌ CVE-2022-25091 βΌ
π Read
via "National Vulnerability Database".
Infopop Ultimate Bulletin Board up to v5.47a was discovered to allow all messages posted inside private forums to be disclosed by unauthenticated users via the quote reply feature.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25437 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in vTech VCS754 version 1.1.1.A before 1.1.1.H, allows attackers to gain escalated privileges and gain sensitive information due to cleartext passwords passed in the raw HTML.π Read
via "National Vulnerability Database".
π΄ Tessian Fully Integrates With M365 To Provide Threat Protection and Insider Risk Protection π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Tessian Fully Integrates With M365 To Provide Threat Protection and Insider Risk Protection
BOSTON, April 25, 2023 /PRNewswire/ -- Tessian, a leading Integrated Cloud Email Security company, today announced the release of a new M365 Add-in, simplifying the deployment of the Tessian Cloud Email Security Platform. Tessian's M365 Integration is theβ¦
βΌ CVE-2023-28882 βΌ
π Read
via "National Vulnerability Database".
Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs cause a segfault in the Transaction class for some configurations.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2356 βΌ
π Read
via "National Vulnerability Database".
Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27557 βΌ
π Read
via "National Vulnerability Database".
IBM Counter Fraud Management for Safer Payments 6.1.0.00 through 6.1.1.02, 6.2.0.00 through 6.2.2.02, 6.3.0.00 through 6.3.1.02, 6.4.0.00 through 6.4.2.01, and 6.5.0.00 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 249192.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31436 βΌ
π Read
via "National Vulnerability Database".
qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28528 βΌ
π Read
via "National Vulnerability Database".
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 251207.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27556 βΌ
π Read
via "National Vulnerability Database".
IBM Counter Fraud Management for Safer Payments 6.1.0.00, 6.2.0.00, 6.3.0.00 through 6.3.1.03, 6.4.0.00 through 6.4.2.02 and 6.5.0.00 does not properly allocate resources without limits or throttling which could allow a remote attacker to cause a denial of service. IBM X-Force ID: 249190.π Read
via "National Vulnerability Database".
βΌ CVE-2020-4729 βΌ
π Read
via "National Vulnerability Database".
IBM Counter Fraud Management for Safer Payments 5.7.0.00 through 5.7.0.10, 6.0.0.00 through 6.0.0.07, 6.1.0.00 through 6.1.0.05, and 6.2.0.00 through 6.2.1.00 could allow an authenticated attacker under special circumstances to send multiple specially crafted API requests that could cause the application to crash. IBM X-Force ID: 188052.π Read
via "National Vulnerability Database".
π’ Morgan Advanced Materials still unable to restore systems after January cyber attack π’
π Read
via "ITPro".
Billion-pound manufacturing firmβs sites are still running processes manually nearly five months after its suspected ransomware attack π Read
via "ITPro".
ITPro
Morgan Advanced Materials still unable to restore systems after January cyber attack
Billion-pound manufacturing firmβs sites are still running processes manually nearly five months after its suspected ransomware attack
βΌ CVE-2023-2361 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.π Read
via "National Vulnerability Database".
π΄ Cyber Certainty: Investing in Resilience During a Post Correction Market π΄
π Read
via "Dark Reading".
In 2023, there is massive innovation being developed in all sectors, from cybersecurity to AI and quantum computing to IT management and information security, and in all the ways they intersect.π Read
via "Dark Reading".
Dark Reading
Cyber Certainty: Investing in Resilience During a Post-Correction Market
While difficult, these time periods are a return to the reality of where the market truly is or should be. And all the while, the innovation economy continues to boom.
βΌ CVE-2023-30466 βΌ
π Read
via "National Vulnerability Database".
This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to a weak password reset mechanism at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http requests on the targeted device.Successful exploitation of this vulnerability could allow remote attacker to account takeover on the targeted device.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2363 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in SourceCodester Resort Reservation System 1.0. This issue affects some unknown processing of the file view_room.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227639.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2364 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in SourceCodester Resort Reservation System 1.0. Affected is an unknown function of the file registration.php. The manipulation of the argument fullname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227640.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30467 βΌ
π Read
via "National Vulnerability Database".
This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to improper authorization at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http requests on the targeted device.Successful exploitation of this vulnerability could allow remote attacker to perform unauthorized activities on the targeted device.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48481 βΌ
π Read
via "National Vulnerability Database".
In JetBrains Toolbox App before 1.28 a DYLIB injection on macOS was possibleπ Read
via "National Vulnerability Database".
π΄ SOSSA and CRA Spell Trouble for Open Source Software π΄
π Read
via "Dark Reading".
The lack of understanding around open source poses a threat when legislation is considered. Governments can help by offering funding to help remediate vulnerabilities and supporting in open source's long-term development.π Read
via "Dark Reading".
Dark Reading
SOSSA and CRA Spell Trouble for Open Source Software
The lack of understanding around open source poses a threat when legislation is considered. Governments can help by offering funding to help remediate vulnerabilities and supporting in open source's long-term development.