βΌ CVE-2023-20126 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to a missing authentication process within the firmware upgrade function. An attacker could exploit this vulnerability by upgrading an affected device to a crafted version of firmware. A successful exploit could allow the attacker to execute arbitrary code on the affected device with full privileges. Cisco has not released firmware updates to address this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31414 βΌ
π Read
via "National Vulnerability Database".
Kibana versions 8.0.0 through 8.7.0 contain an arbitrary code execution flaw. An attacker with write access to Kibana yaml or env configuration could add a specific payload that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary commands on the host system with permissions of the Kibana process.π Read
via "National Vulnerability Database".
π΄ Autocrypt Releases Comprehensive Key Management Solution for Automotive Manufacturing π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Autocrypt Releases Comprehensive Key Management Solution for Automotive Manufacturing
SEOUL, South Korea, May 4, 2023 /PRNewswire/ -- Automotive cybersecurity and mobility solutions company AUTOCRYPT released a comprehensive key management solution dedicated to the automotive industry. "AutoCrypt KEY" enables OEMs and suppliers to efficientlyβ¦
π΄ Identifying Compromised Data Can Be a Logistical Nightmare π΄
π Read
via "Dark Reading".
Being able to trace an incident backwards from breach to data source is vital in restoring and improving cybersecurity.π Read
via "Dark Reading".
Dark Reading
Identifying Compromised Data Can Be a Logistical Nightmare
Being able to trace an incident backward from breach to data source is vital in restoring and improving cybersecurity.
βΌ CVE-2023-30093 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in Open Networking Foundation ONOS from version 1.9.0 until 2.7.0 allows attackers to execute arbitrary code via uploading a crafted YAML file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30282 βΌ
π Read
via "National Vulnerability Database".
PrestaShop scexportcustomers <= 3.6.1 is vulnerable to Incorrect Access Control. Due to a lack of permissions' control, a guest can access exports from the module which can lead to leak of personal information from customer table.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1894 βΌ
π Read
via "National Vulnerability Database".
A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations.π Read
via "National Vulnerability Database".
βοΈ $10M Is Yours If You Can Get This Guy to Leave Russia βοΈ
π Read
via "Krebs on Security".
The U.S. government this week put a $10 million bounty on the head of a Russian man who for the past 18 years operated Try2Check, one of the cybercrime underground's most trusted services for checking the validity of stolen credit card data. U.S. authorities say 43-year-old Denis Kulkov's card-checking service made him at least $18 million, which he used to buy a Ferrari, Land Rover, and other luxury items.π Read
via "Krebs on Security".
Krebs on Security
$10M Is Yours If You Can Get This Guy to Leave Russia
The U.S. government this week put a $10 million bounty on the head of a Russian man who for the past 18 years operated Try2Check, one of the cybercrime underground's most trusted services for checking the validity of stolen creditβ¦
βΌ CVE-2023-30135 βΌ
π Read
via "National Vulnerability Database".
Tenda AC18 v15.03.05.19(6318_)_cn was discovered to contain a command injection vulnerability via the deviceName parameter in the setUsbUnload function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30090 βΌ
π Read
via "National Vulnerability Database".
Semcms Shop v4.2 was discovered to contain an arbitrary file uplaod vulnerability via the component SEMCMS_Upfile.php. This vulnerability allows attackers to execute arbitrary code via uploading a crafted PHP file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30122 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the component /admin/ajax.php?action=save_menu of Online Food Ordering System v2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2531 βΌ
π Read
via "National Vulnerability Database".
Improper Restriction of Excessive Authentication Attempts in GitHub repository azuracast/azuracast prior to 0.18.3.π Read
via "National Vulnerability Database".
βΌ CVE-2017-20183 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in External Media without Import Plugin up to 1.0.0 on WordPress. It has been declared as problematic. This vulnerability affects the function print_media_new_panel of the file external-media-without-import.php. The manipulation of the argument url/error/width/height/mime-type leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is 9d2ecd159a6e2e3f710b4f1c28e2714f66502746. It is recommended to upgrade the affected component. VDB-227950 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
π’ Why zero trust strategies fail π’
π Read
via "ITPro".
Zero Trust is the gold standard for organizations in protecting systems from cyber attacks, but there are many common implementation pitfalls businesses must avoid π Read
via "ITPro".
ITPro
Why zero trust strategies fail
Zero Trust is the gold standard for organizations in protecting systems from cyber attacks, but there are many common implementation pitfalls businesses must avoid
βΌ CVE-2023-2535 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2540 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45048 βΌ
π Read
via "National Vulnerability Database".
Authenticated users with appropriate privileges can create policies having expressions that can exploit code execution vulnerability.Γ This issue affects Apache Ranger: 2.3.0. Users are recommended to update to version 2.4.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40331 βΌ
π Read
via "National Vulnerability Database".
An Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plugin. Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabledThis issue affects Apache Ranger Hive Plugin: from 2.0.0 through 2.3.0. Users are recommended to upgrade to version 2.4.0 or later.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2539 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32235 βΌ
π Read
via "National Vulnerability Database".
Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2536 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.π Read
via "National Vulnerability Database".