‼ CVE-2023-2631 ‼
📖 Read
via "National Vulnerability Database".
A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30510 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability exists in the Aruba EdgeConnect Enterprise web management interface that allows remote authenticated users to issue arbitrary URL requests from the Aruba EdgeConnect Enterprise instance. The impact of this vulnerability is limited to a subset of URLs which can result in the possible disclosure of data due to the network position of the Aruba EdgeConnect Enterprise instance.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2722 ‼
📖 Read
via "National Vulnerability Database".
Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30508 ‼
📖 Read
via "National Vulnerability Database".
Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2195 ‼
📖 Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) vulnerability in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2724 ‼
📖 Read
via "National Vulnerability Database".
Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2721 ‼
📖 Read
via "National Vulnerability Database".
Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30509 ‼
📖 Read
via "National Vulnerability Database".
Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2632 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30503 ‼
📖 Read
via "National Vulnerability Database".
Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30505 ‼
📖 Read
via "National Vulnerability Database".
Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.📖 Read
via "National Vulnerability Database".
🕴 XM Cyber Announces Partnership With SAP to Deliver Robust Security for Hybrid Environments 🕴
📖 Read
via "Dark Reading".
Partnership will provide SAP customers with comprehensive exposure management capabilities and in-depth visibility of attack surfaces.📖 Read
via "Dark Reading".
Dark Reading
XM Cyber Announces Partnership With SAP to Deliver Robust Security for Hybrid Environments
Partnership will provide SAP customers with comprehensive exposure management capabilities and in-depth visibility of attack surfaces.
🕴 Attackers Target MacOS With 'Geacon' Cobalt Strike Tool 🕴
📖 Read
via "Dark Reading".
Threat actors seen using Go-language implementation of the red-teaming tool on Intel and Apple silicon-based macOS systems.📖 Read
via "Dark Reading".
Dark Reading
Attackers Target macOS With 'Geacon' Cobalt Strike Tool
Threat actors seen using Go-language implementation of the red-teaming tool on Intel and Apple silicon-based macOS systems.
♟️ Russian Hacker “Wazawaka” Indicted for Ransomware ♟️
📖 Read
via "Krebs on Security".
A Russian man identified by KrebsOnSecurity in January 2022 as a prolific and vocal member of several top ransomware groups was the subject of two indictments unsealed by the Justice Department today. U.S. prosecutors say Mikhail Pavolovich Matveev, a.k.a. "Wazawaka" and "Boriselcin" worked with three different ransomware gangs that extorted hundreds of millions of dollars from companies, schools, hospitals and government agencies.📖 Read
via "Krebs on Security".
Krebs on Security
Russian Hacker “Wazawaka” Indicted for Ransomware
A Russian man identified by KrebsOnSecurity in January 2022 as a prolific and vocal member of several top ransomware groups was the subject of two indictments unsealed by the Justice Department today. U.S. prosecutors say Mikhail Pavolovich Matveev, a.k.a.…
‼ CVE-2023-30189 ‼
📖 Read
via "National Vulnerability Database".
Prestashop posstaticblocks <= 1.0.0 is vulnerable to SQL Injection via posstaticblocks::getPosCurrentHook().📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29927 ‼
📖 Read
via "National Vulnerability Database".
Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side. Low-privileged Sage users, particularly those on a workstation setup in the "Windows Peer-to-Peer Network" or "Client Server Network" Sage 300 configurations, could recover the SQL connection strings being used by Sage 300 and interact directly with the underlying database(s) to create, update, and delete all company records, bypassing the program’s role-based access controls.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27131 ‼
📖 Read
via "National Vulnerability Database".
Moodle 3.10.1 is vulnerable to persistent/stored cross-site scripting (XSS) due to the improper input sanitization on the "Additional HTML Section" via "Header and Footer" parameter in /admin/settings.php. This vulnerability is leading an attacker to steal admin and all user account cookies by storing the malicious XSS payload in Header and Footer.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-31544 ‼
📖 Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in alkacon-OpenCMS v11.0.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field under the Upload Image module.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30281 ‼
📖 Read
via "National Vulnerability Database".
Insecure permissions in the ps_customer table of Prestashop scquickaccounting before v3.7.3 allows attackers to access sensitive information stored in the component.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27742 ‼
📖 Read
via "National Vulnerability Database".
IDURAR ERP/CRM v1 was discovered to contain a SQL injection vulnerability via the component /api/login.📖 Read
via "National Vulnerability Database".
🕴 Unpatched Wemo Smart Plug Bug Opens Countless Networks to Cyberattacks 🕴
📖 Read
via "Dark Reading".
Cyberattckers can easily exploit a command-injection bug in the popular device, but Belkin has no plans to address the security vulnerability.📖 Read
via "Dark Reading".
Dark Reading
Unpatched Wemo Smart Plug Bug Opens Countless Networks to Cyberattacks
Cyberattckers can easily exploit a command-injection bug in the popular device, but Belkin has no plans to address the security vulnerability.