βΌ CVE-2022-42336 βΌ
π Read
via "National Vulnerability Database".
Mishandling of guest SSBD selection on AMD hardware The current logic to set SSBD on AMD Family 17h and Hygon Family 18h processors requires that the setting of SSBD is coordinated at a core level, as the setting is shared between threads. Logic was introduced to keep track of how many threads require SSBD active in order to coordinate it, such logic relies on using a per-core counter of threads that have SSBD active. When running on the mentioned hardware, it's possible for a guest to under or overflow the thread counter, because each write to VIRT_SPEC_CTRL.SSBD by the guest gets propagated to the helper that does the per-core active accounting. Underflowing the counter causes the value to get saturated, and thus attempts for guests running on the same core to set SSBD won't have effect because the hypervisor assumes it's already active.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1764 βΌ
π Read
via "National Vulnerability Database".
Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) allows an attacker to acquire sensitive information on the Wi-Fi connection setup of the printer from the communication of the software.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30452 βΌ
π Read
via "National Vulnerability Database".
The MoroSystems EasyMind - Mind Maps plugin before 2.15.0 for Confluence allows persistent XSS when saving a Mind Map with the hyperlink parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2608 βΌ
π Read
via "National Vulnerability Database".
The Multiple Page Generator Plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to missing nonce verification on the projects_list function and insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries leading to resource exhaustion via a forged request granted they can trick an administrator into performing an action such as clicking on a link. Version 3.3.18 addresses the SQL Injection, which drastically reduced the severity.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1763 βΌ
π Read
via "National Vulnerability Database".
Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) allows an attacker to acquire sensitive information on the Wi-Fi connection setup of the printer from the software.π Read
via "National Vulnerability Database".
π’ JD Sports details cyber security revamp following January attack π’
π Read
via "ITPro".
It hopes a multi-vendor approach will substantially improve its cyber resilience π Read
via "ITPro".
ITPro
JD Sports details cyber security revamp following January attack
It hopes a multi-vendor approach will substantially improve its cyber resilience
βΌ CVE-2023-2469 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0864 βΌ
π Read
via "National Vulnerability Database".
Cleartext Transmission of Sensitive Information vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE) Terra AC Juno CE, ABB Terra AC wallbox (CE) Terra AC PTB, ABB Terra AC wallbox (CE) Symbiosis, ABB Terra AC wallbox (JP).This issue affects Terra AC wallbox (UL40/80A): from 1.0;0 through 1.5.5; Terra AC wallbox (UL32A) : from 1.0;0 through 1.6.5; Terra AC wallbox (CE) (Terra AC MID): from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC Juno CE: from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC PTB : from 1.0;0 through 1.5.25; Terra AC wallbox (CE) Symbiosis: from 1.0;0 through 1.2.7; Terra AC wallbox (JP): from 1.0;0 through 1.6.5.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2753 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2745 βΌ
π Read
via "National Vulnerability Database".
WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the Γ’β¬Λwp_langΓ’β¬β’ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such as via an upload form, this could be also used to perform a Cross-Site Scripting attack.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2752 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0863 βΌ
π Read
via "National Vulnerability Database".
Improper Authentication vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE) Terra AC Juno CE, ABB Terra AC wallbox (CE) Terra AC PTB, ABB Terra AC wallbox (CE) Symbiosis, ABB Terra AC wallbox (JP).This issue affects Terra AC wallbox (UL40/80A): from 1.0;0 through 1.5.5; Terra AC wallbox (UL32A) : from 1.0;0 through 1.6.5; Terra AC wallbox (CE) (Terra AC MID): from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC Juno CE: from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC PTB : from 1.0;0 through 1.5.25; Terra AC wallbox (CE) Symbiosis: from 1.0;0 through 1.2.7; Terra AC wallbox (JP): from 1.0;0 through 1.6.5.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2509 βΌ
π Read
via "National Vulnerability Database".
A Cross-Site Scripting(XSS) vulnerability was found on ADM, LooksGood and SoundsGood Apps. An attacker can exploit this vulnerability to inject malicious scripts into the target applications to access any cookies or sensitive information retained by the browser and used with that application. Affected products and versions include: ADM 4.0.6.REG2, 4.1.0 and below as well as ADM 4.2.1.RGE2 and below, LooksGood 2.0.0.R129 and below and SoundsGood 2.3.0.r1027 and below.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31208 βΌ
π Read
via "National Vulnerability Database".
Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk < 2.0.0p36, < 2.1.0p28, and < 2.2.0b8 (beta) allows arbitrary livestatus command execution for authorized users.π Read
via "National Vulnerability Database".
β€1
π’ US identifies and places $10 million bounty on LockBit, Hive ransomware kingpin π’
π Read
via "ITPro".
Mikhail Pavlovich Matveev was linked to specific ransomware attacks, including a 2021 raid on the DC police department π Read
via "ITPro".
ITPro
US identifies and places $10 million bounty on LockBit, Hive ransomware kingpin
Mikhail Pavlovich Matveev was linked to specific ransomware attacks, including a 2021 raid on the DC police department
βΌ CVE-2023-2756 βΌ
π Read
via "National Vulnerability Database".
SQL Injection in GitHub repository pimcore/customer-data-framework prior to 3.3.10.π Read
via "National Vulnerability Database".
π΄ Microsoft Digital Defense Report: Nation-State Threats and Cyber Mercenaries π΄
π Read
via "Dark Reading".
In part three of this three-part series, Microsoft dissects these twinned threats and what organizations can do to reduce or eliminate their risk.π Read
via "Dark Reading".
Dark Reading
Microsoft Digital Defense Report: Nation-State Threats and Cyber Mercenaries
In part three of this three-part series, Microsoft dissects these twinned threats and what organizations can do to reduce or eliminate their risk.
π1
π΄ I Was an RSAC Innovation Sandbox Judge β Here's What I Learned π΄
π Read
via "Dark Reading".
Three pieces of advice to startups serious about winning funding and support for their nascent companies: Articulate your key message clearly, have the founder speak, and don't use a canned demo.π Read
via "Dark Reading".
Dark Reading
I Was an RSAC Innovation Sandbox Judge β Here's What I Learned
Three pieces of advice to startups serious about winning funding and support for their nascent companies: Articulate your key message clearly, have the founder speak, and don't use a canned demo.
βΌ CVE-2023-31699 βΌ
π Read
via "National Vulnerability Database".
ChurchCRM v4.5.4 is vulnerable to Reflected Cross-Site Scripting (XSS) via image file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31702 βΌ
π Read
via "National Vulnerability Database".
SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-31698 βΌ
π Read
via "National Vulnerability Database".
Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo.π Read
via "National Vulnerability Database".