βΌ CVE-2023-31415 βΌ
π Read
via "National Vulnerability Database".
Kibana version 8.7.0 contains an arbitrary code execution flaw. An attacker with All privileges to the Uptime/Synthetics feature could send a request that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary commands on the host system with permissions of the Kibana process.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25458 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GMO Internet Group, Inc. TypeSquare Webfonts for ConoHa plugin <=Γ 2.0.3 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30097 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the private task field.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30399 βΌ
π Read
via "National Vulnerability Database".
Insecure permissions in the settings page of GARO Wallbox GLB/GTB/GTC before v189 allows attackers to redirect users to a crafted update package link via a man-in-the-middle attack.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21503 βΌ
π Read
via "National Vulnerability Database".
Potential buffer overflow vulnerability in mm_LteInterRatManagement.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30094 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in TotalJS Flow v10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field in the settings module.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21508 βΌ
π Read
via "National Vulnerability Database".
Out-of-bounds Write vulnerability while processing BC_TUI_CMD_SEND_RESOURCE_DATA command in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30264 βΌ
π Read
via "National Vulnerability Database".
CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via application/admin/controller/Template.php:update.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25982 βΌ
π Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Eirudo Simple YouTube Responsive plugin <=Γ 2.5 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30268 βΌ
π Read
via "National Vulnerability Database".
CLTPHP <=6.0 is vulnerable to Improper Input Validation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20126 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to a missing authentication process within the firmware upgrade function. An attacker could exploit this vulnerability by upgrading an affected device to a crafted version of firmware. A successful exploit could allow the attacker to execute arbitrary code on the affected device with full privileges. Cisco has not released firmware updates to address this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31414 βΌ
π Read
via "National Vulnerability Database".
Kibana versions 8.0.0 through 8.7.0 contain an arbitrary code execution flaw. An attacker with write access to Kibana yaml or env configuration could add a specific payload that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary commands on the host system with permissions of the Kibana process.π Read
via "National Vulnerability Database".
π΄ Autocrypt Releases Comprehensive Key Management Solution for Automotive Manufacturing π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Autocrypt Releases Comprehensive Key Management Solution for Automotive Manufacturing
SEOUL, South Korea, May 4, 2023 /PRNewswire/ -- Automotive cybersecurity and mobility solutions company AUTOCRYPT released a comprehensive key management solution dedicated to the automotive industry. "AutoCrypt KEY" enables OEMs and suppliers to efficientlyβ¦
π΄ Identifying Compromised Data Can Be a Logistical Nightmare π΄
π Read
via "Dark Reading".
Being able to trace an incident backwards from breach to data source is vital in restoring and improving cybersecurity.π Read
via "Dark Reading".
Dark Reading
Identifying Compromised Data Can Be a Logistical Nightmare
Being able to trace an incident backward from breach to data source is vital in restoring and improving cybersecurity.
βΌ CVE-2023-30093 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in Open Networking Foundation ONOS from version 1.9.0 until 2.7.0 allows attackers to execute arbitrary code via uploading a crafted YAML file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30282 βΌ
π Read
via "National Vulnerability Database".
PrestaShop scexportcustomers <= 3.6.1 is vulnerable to Incorrect Access Control. Due to a lack of permissions' control, a guest can access exports from the module which can lead to leak of personal information from customer table.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1894 βΌ
π Read
via "National Vulnerability Database".
A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations.π Read
via "National Vulnerability Database".
βοΈ $10M Is Yours If You Can Get This Guy to Leave Russia βοΈ
π Read
via "Krebs on Security".
The U.S. government this week put a $10 million bounty on the head of a Russian man who for the past 18 years operated Try2Check, one of the cybercrime underground's most trusted services for checking the validity of stolen credit card data. U.S. authorities say 43-year-old Denis Kulkov's card-checking service made him at least $18 million, which he used to buy a Ferrari, Land Rover, and other luxury items.π Read
via "Krebs on Security".
Krebs on Security
$10M Is Yours If You Can Get This Guy to Leave Russia
The U.S. government this week put a $10 million bounty on the head of a Russian man who for the past 18 years operated Try2Check, one of the cybercrime underground's most trusted services for checking the validity of stolen creditβ¦
βΌ CVE-2023-30135 βΌ
π Read
via "National Vulnerability Database".
Tenda AC18 v15.03.05.19(6318_)_cn was discovered to contain a command injection vulnerability via the deviceName parameter in the setUsbUnload function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30090 βΌ
π Read
via "National Vulnerability Database".
Semcms Shop v4.2 was discovered to contain an arbitrary file uplaod vulnerability via the component SEMCMS_Upfile.php. This vulnerability allows attackers to execute arbitrary code via uploading a crafted PHP file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30122 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the component /admin/ajax.php?action=save_menu of Online Food Ordering System v2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.π Read
via "National Vulnerability Database".