βΌ CVE-2023-30093 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in Open Networking Foundation ONOS from version 1.9.0 until 2.7.0 allows attackers to execute arbitrary code via uploading a crafted YAML file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30282 βΌ
π Read
via "National Vulnerability Database".
PrestaShop scexportcustomers <= 3.6.1 is vulnerable to Incorrect Access Control. Due to a lack of permissions' control, a guest can access exports from the module which can lead to leak of personal information from customer table.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1894 βΌ
π Read
via "National Vulnerability Database".
A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations.π Read
via "National Vulnerability Database".
βοΈ $10M Is Yours If You Can Get This Guy to Leave Russia βοΈ
π Read
via "Krebs on Security".
The U.S. government this week put a $10 million bounty on the head of a Russian man who for the past 18 years operated Try2Check, one of the cybercrime underground's most trusted services for checking the validity of stolen credit card data. U.S. authorities say 43-year-old Denis Kulkov's card-checking service made him at least $18 million, which he used to buy a Ferrari, Land Rover, and other luxury items.π Read
via "Krebs on Security".
Krebs on Security
$10M Is Yours If You Can Get This Guy to Leave Russia
The U.S. government this week put a $10 million bounty on the head of a Russian man who for the past 18 years operated Try2Check, one of the cybercrime underground's most trusted services for checking the validity of stolen creditβ¦
βΌ CVE-2023-30135 βΌ
π Read
via "National Vulnerability Database".
Tenda AC18 v15.03.05.19(6318_)_cn was discovered to contain a command injection vulnerability via the deviceName parameter in the setUsbUnload function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30090 βΌ
π Read
via "National Vulnerability Database".
Semcms Shop v4.2 was discovered to contain an arbitrary file uplaod vulnerability via the component SEMCMS_Upfile.php. This vulnerability allows attackers to execute arbitrary code via uploading a crafted PHP file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30122 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the component /admin/ajax.php?action=save_menu of Online Food Ordering System v2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2531 βΌ
π Read
via "National Vulnerability Database".
Improper Restriction of Excessive Authentication Attempts in GitHub repository azuracast/azuracast prior to 0.18.3.π Read
via "National Vulnerability Database".
βΌ CVE-2017-20183 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in External Media without Import Plugin up to 1.0.0 on WordPress. It has been declared as problematic. This vulnerability affects the function print_media_new_panel of the file external-media-without-import.php. The manipulation of the argument url/error/width/height/mime-type leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is 9d2ecd159a6e2e3f710b4f1c28e2714f66502746. It is recommended to upgrade the affected component. VDB-227950 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
π’ Why zero trust strategies fail π’
π Read
via "ITPro".
Zero Trust is the gold standard for organizations in protecting systems from cyber attacks, but there are many common implementation pitfalls businesses must avoid π Read
via "ITPro".
ITPro
Why zero trust strategies fail
Zero Trust is the gold standard for organizations in protecting systems from cyber attacks, but there are many common implementation pitfalls businesses must avoid
βΌ CVE-2023-2535 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2540 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45048 βΌ
π Read
via "National Vulnerability Database".
Authenticated users with appropriate privileges can create policies having expressions that can exploit code execution vulnerability.Γ This issue affects Apache Ranger: 2.3.0. Users are recommended to update to version 2.4.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40331 βΌ
π Read
via "National Vulnerability Database".
An Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plugin. Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabledThis issue affects Apache Ranger Hive Plugin: from 2.0.0 through 2.3.0. Users are recommended to upgrade to version 2.4.0 or later.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2539 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32235 βΌ
π Read
via "National Vulnerability Database".
Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2536 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28068 βΌ
π Read
via "National Vulnerability Database".
Dell Command Monitor, versions 10.9 and prior, contains an improper folder permission vulnerability. A local authenticated malicious user can potentially exploit this vulnerability leading to privilege escalation by writing to a protected directory when Dell Command Monitor is installed to a non-default pathπ Read
via "National Vulnerability Database".
βΌ CVE-2023-2537 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.π Read
via "National Vulnerability Database".
π΄ Google Expands Passkey Support with Passwordless Authentication π΄
π Read
via "Dark Reading".
One year after Apple, Google and Microsoft pledged to support the FIDO Allianceβs passkeys standard, support is growing, though still early in adoption.π Read
via "Dark Reading".
Dark Reading
Google Expands Passkey Support With Passwordless Authentication
One year after Apple, Google and Microsoft pledged to support the FIDO Allianceβs passkeys standard, support is growing, though still early in adoption.
π΄ The (Security) Cost of Too Much Data Privacy π΄
π Read
via "Dark Reading".
The online fraud prevention industry has taken the brunt of increased privacy actions.π Read
via "Dark Reading".
Dark Reading
The (Security) Cost of Too Much Data Privacy
The online fraud prevention industry has taken the brunt of increased privacy actions.