βΌ CVE-2023-25792 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in XiaoMac WP Open Social plugin <=Γ 5.0 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25784 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bon Plan Gratos Sticky Ad Bar pluginΓ <= 1.3.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25797 βΌ
π Read
via "National Vulnerability Database".
Auth. Stored Cross-Site Scripting (XSS) vulnerability in Mr.Vibe vSlider Multi Image Slider for WordPress plugin <=Γ 4.1.2 versions.π Read
via "National Vulnerability Database".
π΄ Palo Alto Networks Unveils New Cloud Firewall for Azure π΄
π Read
via "Dark Reading".
The next-generation cloud firewall is a fully managed Azure-native ISV service. π Read
via "Dark Reading".
Dark Reading
Palo Alto Networks Unveils New Cloud Firewall for Azure
The next-generation cloud firewall is a fully managed Azure-native ISV service.
π΄ Hotels at Risk From Bug in Oracle Property Management Software π΄
π Read
via "Dark Reading".
Oracle's characterization of the vulnerability in its Opera software as complex and hard to exploit is incorrect, researchers who found the flaw and reported it say.π Read
via "Dark Reading".
Dark Reading
Hotels at Risk From Bug in Oracle Property Management Software
Oracle's characterization of the vulnerability in its Opera software as complex and hard to exploit is incorrect, researchers who found the flaw and reported it say.
π΄ Meta Expunges Multiple APT, Cybercrime Groups from Facebook, Instagram π΄
π Read
via "Dark Reading".
The company has removed three APTs and six potentially criminal networks from its platforms who leveraged elaborate campaigns of fake personas and profiles to lure and compromise users.π Read
via "Dark Reading".
Dark Reading
Meta Expunges Multiple APT, Cybercrime Groups From Facebook, Instagram
The company has removed three APTs and six potentially criminal networks from its platforms who leveraged elaborate campaigns of fake personas and profiles to lure and compromise users.
π΄ Legitimate Software Abuse: A Disturbing Trend in Ransomware Attacks π΄
π Read
via "Dark Reading".
Build a culture of security so that everyone is on the lookout for suspect behavior. Implement least privilege, improve visibility.π Read
via "Dark Reading".
Dark Reading
Legitimate Software Abuse: A Disturbing Trend in Ransomware Attacks
Build a culture of security so that everyone is on the lookout for suspect behavior. Implement least privilege, improve visibility.
βΌ CVE-2022-40302 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22713 βΌ
π Read
via "National Vulnerability Database".
Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress Download Manager Gutenberg Blocks by WordPress Download Manager plugin <=Γ 2.1.8 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43681 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), the FRR code reads of out of the bounds of the packet, throwing a SIGABRT signal and exiting. This results in a bgpd daemon restart, causing a Denial-of-Service condition.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23820 βΌ
π Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team ProfilePress plugin <=Γ 4.5.4 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25796 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Include WP BaiDu Submit plugin <=Γ 1.2.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25798 βΌ
π Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Olevmedia Olevmedia Shortcodes plugin <=Γ 1.1.9 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40318 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case. NOTE: this behavior occurs in bgp_open_option_parse in the bgp_open.c file, a different location (with a different attack vector) relative to CVE-2022-40302.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1383 βΌ
π Read
via "National Vulnerability Database".
An Improper Enforcement of Behavioral Workflow vulnerability in the exchangeDeviceServices function on the amzn.dmgr service allowed an attacker to register services that are only locally accessible.This issue affects:Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS versions prior to 7.6.3.3.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23708 βΌ
π Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Themeisle Visualizer: Tables and Charts Manager for WordPress plugin <=Γ 3.9.4 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1384 βΌ
π Read
via "National Vulnerability Database".
The setMediaSource function on the amzn.thin.pl service does not sanitize the "source" parameter allowing for arbitrary javascript code to be runThis issue affects:Amazon Fire TV Stick 3rd genΓ versions prior to 6.2.9.5.Insignia TV with FireOSΓ versions prior to 7.6.3.3.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1385 βΌ
π Read
via "National Vulnerability Database".
Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services.This issue affects:Amazon Fire TV Stick 3rd genΓ versions prior to 6.2.9.5.Insignia TV with FireOSΓ 7.6.3.3.π Read
via "National Vulnerability Database".
π΄ Anatomy of a Malicious Package Attack π΄
π Read
via "Dark Reading".
Malicious packages are hard to avoid and hard to detect β unless you know what to look for.π Read
via "Dark Reading".
Dark Reading
Anatomy of a Malicious Package Attack
Malicious packages are hard to avoid and hard to detect β unless you know what to look for.
βΌ CVE-2023-26017 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BlueGlass Jobs for WordPress plugin <=Γ 2.5.10.2 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23875 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Himanshu Bing Site Verification plugin using Meta Tag plugin <=Γ 1.0 versions.π Read
via "National Vulnerability Database".