π΄ Making Sure Lost Data Stays Lost π΄
π Read
via "Dark Reading".
Retired hardware and forgotten cloud virtual machines are a trove of insecure confidential data. Here's how to ameliorate that weakness.π Read
via "Dark Reading".
Dark Reading
Making Sure Lost Data Stays Lost
Retired hardware and forgotten cloud virtual machines are a trove of insecure confidential data. Here's how to ameliorate that weakness.
π΄ An Analyst View of XM Cyberβs Acquisition of Confluera π΄
π Read
via "Dark Reading".
The deal will enhance the capabilities of both companies and provide customers with a more comprehensive way to protect their digital assets.π Read
via "Dark Reading".
Dark Reading
An Analyst View of XM Cyberβs Acquisition of Confluera
The deal will enhance the capabilities of both companies and provide customers with a more comprehensive way to protect their digital assets.
βΌ CVE-2023-2457 βΌ
π Read
via "National Vulnerability Database".
Out of bounds write in ChromeOS Audio Server in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker to potentially exploit heap corruption via crafted audio file. (Chromium security severity: High)π Read
via "National Vulnerability Database".
βΌ CVE-2023-32306 βΌ
π Read
via "National Vulnerability Database".
Time Tracker is an open source time tracking system. A time-based blind injection vulnerability existed in Time Tracker reports in versions prior to 1.22.13.5792. This was happening because the `reports.php` page was not validating all parameters in POST requests. Because some parameters were not checked, it was possible to craft POST requests with malicious SQL for Time Tracker database. This issue is fixed in version 1.22.13.5792. As a workaround, use the fixed code in `ttReportHelper.class.php` from version 1.22.13.5792.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32305 βΌ
π Read
via "National Vulnerability Database".
aiven-extras is a PostgreSQL extension. Versions prior to 1.1.9 contain a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages missing schema qualifiers on privileged functions called by the aiven-extras extension. A low privileged user can create objects that collide with existing function names, which will then be executed instead. Exploiting this vulnerability could allow a low privileged user to acquire `superuser` privileges, which would allow full, unrestricted access to all data and database functions. And could lead to arbitrary code execution or data access on the underlying host as the `postgres` user. The issue has been patched as of version 1.1.9.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30247 βΌ
π Read
via "National Vulnerability Database".
File Upload vulnerability found in Oretnom23 Storage Unit Rental Management System v.1.0 allows a remote attacker to execute arbitrary code via the update_settings parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25927 βΌ
π Read
via "National Vulnerability Database".
IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and 10.0.5 could allow an attacker to crash the webseald process using specially crafted HTTP requests resulting in loss of access to the system. IBM X-Force ID: 247635.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27863 βΌ
π Read
via "National Vulnerability Database".
IBM Spectrum Protect Plus Server 10.1.13, under specific configurations, could allow an elevated user to obtain SMB credentials that may be used to access vSnap data stores. IBM X-Force ID: 249325.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2458 βΌ
π Read
via "National Vulnerability Database".
Use after free in ChromeOS Camera in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: High)π Read
via "National Vulnerability Database".
π΄ WordPress Plugin Used in 1M+ Websites Patched to Close Critical Bug π΄
π Read
via "Dark Reading".
The privilege escalation flaw is one in thousands that researchers have disclosed in recent years.π Read
via "Dark Reading".
Dark Reading
WordPress Plug-in Used in 1M+ Websites Patched to Close Critical Bug
The privilege escalation flaw is one in thousands that researchers have disclosed in recent years.
βΌ CVE-2023-20880 βΌ
π Read
via "National Vulnerability Database".
VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25005 βΌ
π Read
via "National Vulnerability Database".
A maliciously crafted DLL file can be forced to read beyond allocated boundaries in Autodesk InfraWorks 2023, and 2021 when parsing the DLL files could lead to a resource injection vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20878 βΌ
π Read
via "National Vulnerability Database".
VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20879 βΌ
π Read
via "National Vulnerability Database".
VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20877 βΌ
π Read
via "National Vulnerability Database".
VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25008 βΌ
π Read
via "National Vulnerability Database".
A malicious actor may convince a user to open a malicious USD file that may trigger an out-of-bounds read vulnerability which could result in code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2088 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25006 βΌ
π Read
via "National Vulnerability Database".
A malicious actor may convince a user to open a malicious USD file that may trigger a use-after-free vulnerability which could result in code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25007 βΌ
π Read
via "National Vulnerability Database".
A malicious actor may convince a user to open a malicious USD file that may trigger an uninitialized pointer which could result in code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25009 βΌ
π Read
via "National Vulnerability Database".
A malicious actor may convince a user to open a malicious USD file that may trigger an out-of-bounds write vulnerability which could result in code execution.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-32303 βΌ
π Read
via "National Vulnerability Database".
Planet is software that provides satellite data. The secret file stores the user's Planet API authentication information. It should only be accessible by the user, but before version 2.0.1, its permissions allowed the user's group and non-group to read the file as well. This issue was patched in version 2.0.1. As a workaround, set the secret file permissions to only user read/write by hand.π Read
via "National Vulnerability Database".