βΌ CVE-2023-30135 βΌ
π Read
via "National Vulnerability Database".
Tenda AC18 v15.03.05.19(6318_)_cn was discovered to contain a command injection vulnerability via the deviceName parameter in the setUsbUnload function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30090 βΌ
π Read
via "National Vulnerability Database".
Semcms Shop v4.2 was discovered to contain an arbitrary file uplaod vulnerability via the component SEMCMS_Upfile.php. This vulnerability allows attackers to execute arbitrary code via uploading a crafted PHP file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30122 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the component /admin/ajax.php?action=save_menu of Online Food Ordering System v2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2531 βΌ
π Read
via "National Vulnerability Database".
Improper Restriction of Excessive Authentication Attempts in GitHub repository azuracast/azuracast prior to 0.18.3.π Read
via "National Vulnerability Database".
βΌ CVE-2017-20183 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in External Media without Import Plugin up to 1.0.0 on WordPress. It has been declared as problematic. This vulnerability affects the function print_media_new_panel of the file external-media-without-import.php. The manipulation of the argument url/error/width/height/mime-type leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is 9d2ecd159a6e2e3f710b4f1c28e2714f66502746. It is recommended to upgrade the affected component. VDB-227950 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
π’ Why zero trust strategies fail π’
π Read
via "ITPro".
Zero Trust is the gold standard for organizations in protecting systems from cyber attacks, but there are many common implementation pitfalls businesses must avoid π Read
via "ITPro".
ITPro
Why zero trust strategies fail
Zero Trust is the gold standard for organizations in protecting systems from cyber attacks, but there are many common implementation pitfalls businesses must avoid
βΌ CVE-2023-2535 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2540 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45048 βΌ
π Read
via "National Vulnerability Database".
Authenticated users with appropriate privileges can create policies having expressions that can exploit code execution vulnerability.Γ This issue affects Apache Ranger: 2.3.0. Users are recommended to update to version 2.4.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40331 βΌ
π Read
via "National Vulnerability Database".
An Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plugin. Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabledThis issue affects Apache Ranger Hive Plugin: from 2.0.0 through 2.3.0. Users are recommended to upgrade to version 2.4.0 or later.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2539 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32235 βΌ
π Read
via "National Vulnerability Database".
Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2536 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28068 βΌ
π Read
via "National Vulnerability Database".
Dell Command Monitor, versions 10.9 and prior, contains an improper folder permission vulnerability. A local authenticated malicious user can potentially exploit this vulnerability leading to privilege escalation by writing to a protected directory when Dell Command Monitor is installed to a non-default pathπ Read
via "National Vulnerability Database".
βΌ CVE-2023-2537 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.π Read
via "National Vulnerability Database".
π΄ Google Expands Passkey Support with Passwordless Authentication π΄
π Read
via "Dark Reading".
One year after Apple, Google and Microsoft pledged to support the FIDO Allianceβs passkeys standard, support is growing, though still early in adoption.π Read
via "Dark Reading".
Dark Reading
Google Expands Passkey Support With Passwordless Authentication
One year after Apple, Google and Microsoft pledged to support the FIDO Allianceβs passkeys standard, support is growing, though still early in adoption.
π΄ The (Security) Cost of Too Much Data Privacy π΄
π Read
via "Dark Reading".
The online fraud prevention industry has taken the brunt of increased privacy actions.π Read
via "Dark Reading".
Dark Reading
The (Security) Cost of Too Much Data Privacy
The online fraud prevention industry has taken the brunt of increased privacy actions.
π΄ 2 Years After Colonial Pipeline, US Critical Infrastructure Still Not Ready for Ransomware π΄
π Read
via "Dark Reading".
Sweeping changes implemented since the May 2021 cyberattack are helping -- but more work remains to be done, security experts say.π Read
via "Dark Reading".
Dark Reading
2 Years After Colonial Pipeline, US Critical Infrastructure Still Not Ready for Ransomware
Sweeping changes implemented since the May 2021 cyberattack are helping β but more work remains to be done, security experts say.
π1
βΌ CVE-2023-30242 βΌ
π Read
via "National Vulnerability Database".
NS-ASG v6.3 was discovered to contain a SQL injection vulnerability via the component /admin/add_ikev2.php.π Read
via "National Vulnerability Database".
π΄ New White House AI Initiatives Include AI Software-Vetting Event at DEF CON π΄
π Read
via "Dark Reading".
The Biden administration outlined its plans to ensure responsible AI development β cyber-risk is a core element.π Read
via "Dark Reading".
Dark Reading
New White House AI Initiatives Include AI Software-Vetting Event at DEF CON
The Biden administration outlined its plans to ensure responsible AI development β cyber-risk is a core element.
βΌ CVE-2022-43919 βΌ
π Read
via "National Vulnerability Database".
IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow an authenticated attacker with authorization to craft messages to cause a denial of service. IBM X-Force ID: 241354.π Read
via "National Vulnerability Database".