βΌ CVE-2023-25933 βΌ
π Read
via "National Vulnerability Database".
A type confusion bug in TypedArray prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could have been used by a malicious attacker to execute arbitrary code via untrusted JavaScript. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.π Read
via "National Vulnerability Database".
β S3 Ep135: Sysadmin by day, extortionist by night β
π Read
via "Naked Security".
Laugh (sufficiently), learn (efficiently), and then let us know what you think in our comments (anonymously, if you wish)...π Read
via "Naked Security".
Naked Security
S3 Ep135: Sysadmin by day, extortionist by night
Laugh (sufficiently), learn (efficiently), and then let us know what you think in our comments (anonymously, if you wish)β¦
β Appleβs secret is out: 3 zero-days fixed, so be sure to patch now! β
π Read
via "Naked Security".
All Apple users have zero-days that need patching, though some have more zero-days than others.π Read
via "Naked Security".
Naked Security
Appleβs secret is out: 3 zero-days fixed, so be sure to patch now!
All Apple users have zero-days that need patching, though some have more zero-days than others.
π₯1
βΌ CVE-2023-2704 βΌ
π Read
via "National Vulnerability Database".
The BP Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.5. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28045 βΌ
π Read
via "National Vulnerability Database".
Dell CloudIQ Collector version 1.10.2 contains a missing encryption of sensitive data vulnerability. An attacker with low privileges could potentially exploit this vulnerability, leading to gain access to unauthorized data.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33240 βΌ
π Read
via "National Vulnerability Database".
Foxit PDF Reader (12.1.1.15289 and earlier) and Foxit PDF Editor (12.1.1.15289 and all previous 12.x versions, 11.2.5.53785 and all previous 11.x versions, and 10.1.11.37866 and earlier) on Windows allows Local Privilege Escalation when installed to a non-default directory because unprivileged users have access to an executable file of a system service. This is fixed in 12.1.2.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-2806 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in Weaver e-cology up to 9.0. Affected by this vulnerability is the function RequestInfoByXml of the component API. The manipulation leads to xml external entity reference. The associated identifier of this vulnerability is VDB-229411. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1618 βΌ
π Read
via "National Vulnerability Database".
Active Debug Code vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 all versions allows a remote unauthenticated attacker to bypass authentication and illegally log into the affected module by connecting to it via telnet which is hidden function and is enabled by default when shipped from the factory. As a result, a remote attacker with unauthorized login can reset the module, and if certain conditions are met, he/she can disclose or tamper with the module's configuration or rewrite the firmware.π Read
via "National Vulnerability Database".
π’ Inside the platform propping up the next generation of email crime π’
π Read
via "ITPro".
Cyber criminals are flocking to BulletProftLink for additional protections as business email compromise surges π Read
via "ITPro".
ITPro
Inside the platform propping up the next generation of email crime
Cyber criminals are flocking to BulletProftLink for additional protections as business email compromise surges
π’ ExtraHop now lets business leaders see how safely employees are using generative AI π’
π Read
via "ITPro".
The Reveal(x) platform now provides insights into potential data leaks to help protect against misuse of AI tools such as ChatGPT π Read
via "ITPro".
channelpro
ExtraHop now lets business leaders see how safely employees are using generative AI
The Reveal(x) platform now provides insights into potential data leaks to help protect against misuse of AI tools such as ChatGPT
π΄ Google Debuts Quality Ratings for Security Bug Disclosures π΄
π Read
via "Dark Reading".
New rules aim to level up the quality of submissions to Google and Android device Vulnerability Reward Program. π Read
via "Dark Reading".
Dark Reading
Google Debuts Quality Ratings for Security Bug Disclosures
New rules aim to level up the quality of submissions to Google and Android device Vulnerability Reward Program.
π΄ Keep Your Friends Close and Your Identity Closer π΄
π Read
via "Dark Reading".
As we share an increasing amount of personal information online, we create more opportunities for threat actors to steal our identities.π Read
via "Dark Reading".
Dark Reading
Keep Your Friends Close and Your Identity Closer
As we share an increasing amount of personal information online, we create more opportunities for threat actors to steal our identities.
β€1
βΌ CVE-2023-31756 βΌ
π Read
via "National Vulnerability Database".
A command injection vulnerability exists in the administrative web portal in TP-Link Archer VR1600V devices running firmware Versions <= 0.1.0. 0.9.1 v5006.0 Build 220518 Rel.32480n which allows remote attackers, authenticated to the administrative web portal as an administrator user to open an operating system level shell via the 'X_TP_IfName' parameter.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2022-30114 βΌ
π Read
via "National Vulnerability Database".
A heap-based buffer overflow in a network service in Fastweb FASTGate MediaAccess FGA2130FWB, firmware version 18.3.n.0482_FW_230_FGA2130, and DGA4131FWB, firmware version up to 18.3.n.0462_FW_261_DGA4131, allows a remote attacker to reboot the device through a crafted HTTP request, causing DoS.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26818 βΌ
π Read
via "National Vulnerability Database".
Telegram 9.3.1 and 9.4.0 allows attackers to access restricted files, microphone ,or video recording via the DYLD_INSERT_LIBRARIES flag.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31862 βΌ
π Read
via "National Vulnerability Database".
jizhicms v2.4.6 is vulnerable to Cross Site Scripting (XSS). The content of the article published in the front end is only filtered in the front end, without being filtered in the background, which allows attackers to publish an article containing malicious JavaScript scripts by modifying the request package.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22878 βΌ
π Read
via "National Vulnerability Database".
IBM InfoSphere Information Server 11.7 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 244373.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28529 βΌ
π Read
via "National Vulnerability Database".
IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 251213.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47984 βΌ
π Read
via "National Vulnerability Database".
IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 243163.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2814 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in SourceCodester Class Scheduling System 1.0. Affected is an unknown function of the file /admin/save_teacher.php of the component POST Parameter Handler. The manipulation of the argument Academic_Rank leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229428.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2815 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in SourceCodester Online Jewelry Store 1.0. Affected by this vulnerability is an unknown functionality of the file supplier.php of the component POST Parameter Handler. The manipulation of the argument suppid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229429 was assigned to this vulnerability.π Read
via "National Vulnerability Database".