βΌ CVE-2023-34224 βΌ
π Read
via "National Vulnerability Database".
In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possibleπ Read
via "National Vulnerability Database".
βΌ CVE-2023-3014 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in BeipyVideoResolution up to 2.6. Affected is an unknown function of the file admin/admincore.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-230358 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
π΄ New eID Scheme Gives EU Citizens Easy Access to Public Services Online π΄
π Read
via "Dark Reading".
The European Commission voted a new electronic identification scheme that creates new opportunities for EU citizens and businesses.π Read
via "Dark Reading".
Dark Reading
New eID Scheme Gives EU Citizens Easy Access to Public Services Online
The European Commission voted a new electronic identification scheme that creates new opportunities for EU citizens and businesses.
π΄ Checkmarx Announces GenAI-powered AppSec Platform, Empowering Developers and AppSec Teams to Find and Fix Vulnerabilities Faster π΄
π Read
via "Dark Reading".
Powered by GPT-4, innovative new AI-driven capabilities lower application security (AppSec) risk and help security teams "shift everywhere" with speed and accuracy.π Read
via "Dark Reading".
Dark Reading
Checkmarx Announces GenAI-powered AppSec Platform, Empowering Developers and AppSec Teams to Find and Fix Vulnerabilities Faster
Powered by GPT-4, innovative new AI-driven capabilities lower application security (AppSec) risk and help security teams "shift everywhere" with speed and accuracy.
β€1
β Serious Security: That KeePass βmaster password crackβ, and what we can learn from it β
π Read
via "Naked Security".
Here, in an admittedly discursive nutshell, is the fascinating story of CVE-2023-32784. (Short version: Don't panic.)π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2023-29747 βΌ
π Read
via "National Vulnerability Database".
Story Saver for Instragram - Video Downloader 1.0.6 for Android exists exposed component, the component provides the method to modify the SharedPreference file. The attacker can use the method to modify the data in any SharedPreference file, these data will be loaded into the memory when the application is opened. Depending on how the data is used, this can result in various attack consequences, such as ad display exceptions.π Read
via "National Vulnerability Database".
π2
βΌ CVE-2023-3021 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository mkucej/i-librarian-free prior to 5.10.4.π Read
via "National Vulnerability Database".
π΄ Ways to Help Cybersecurity's Essential Workers Avoid Burnout π΄
π Read
via "Dark Reading".
To support and retain the people who protect assets against bad actors, organizations should create a more defensible environment.π Read
via "Dark Reading".
Dark Reading
Ways to Help Cybersecurity's Essential Workers Avoid Burnout
To support and retain the people who protect assets against bad actors, organizations should create a more defensible environment.
π1
π΄ MacOS 'Migraine' Bug: Big Headache for Device System Integrity π΄
π Read
via "Dark Reading".
Microsoft says the vulnerability could allow cyberattackers with root access to bypass security protections and install malware.π Read
via "Dark Reading".
Dark Reading
MacOS 'Migraine' Bug: Big Headache for Device System Integrity
Microsoft says the vulnerability could allow cyberattackers with root access to bypass security protections and install malware.
βΌ CVE-2022-35746 βΌ
π Read
via "National Vulnerability Database".
Windows Digital Media Receiver Elevation of Privilege Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-33967 βΌ
π Read
via "National Vulnerability Database".
EaseProbe is a tool that can do health/status checking. An SQL injection issue was discovered in EaseProbe before 2.1.0 when using MySQL/PostgreSQL data checking. This problem has been fixed in v2.1.0.π Read
via "National Vulnerability Database".
π΄ Can Cloud Services Encourage Better Login Security? Netflix's Accidental Model π΄
π Read
via "Dark Reading".
Netflix's unpopular password-sharing policy change had a positive cybersecurity silver lining. Can more B2C service providers nudge their users toward secure authentication?π Read
via "Dark Reading".
Dark Reading
Can Cloud Services Encourage Better Login Security? Netflix's Accidental Model
Netflix's unpopular password-sharing policy change had a positive cybersecurity silver lining. Can more B2C service providers nudge their users toward secure authentication?
π΄ Yet Another Toyota Cloud Data Breach Jeopardizes Thousands of Customers π΄
π Read
via "Dark Reading".
The newly found misconfigured cloud services are discovered just two weeks after an initial data breach affecting millions came to light.π Read
via "Dark Reading".
Dark Reading
Yet Another Toyota Cloud Data Breach Jeopardizes Thousands of Customers
The newly found misconfigured cloud services are discovered just two weeks after an initial data breach affecting millions came to light.
βΌ CVE-2023-33627 βΌ
π Read
via "National Vulnerability Database".
H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the UpdateSnat interface at /goform/aspForm.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33732 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) in the New Policy form in Microworld Technologies eScan management console 14.0.1400.2281 allows a remote attacker to inject arbitrary code via the vulnerable parameters type, txtPolicyType, and Deletefileval.π Read
via "National Vulnerability Database".
β€2
βΌ CVE-2023-23954 βΌ
π Read
via "National Vulnerability Database".
Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Stored Cross-Site Scripting vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29159 βΌ
π Read
via "National Vulnerability Database".
Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette.π Read
via "National Vulnerability Database".
βΌ CVE-2010-10010 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in Stars Alliance PsychoStats up to 3.2.2a. This affects an unknown part of the file upload/admin/login.php. The manipulation of the argument ref leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 3.2.2b is able to address this issue. The name of the patch is 5d3b7311fd5085ec6ea1b1bfa9a05285964e07e4. It is recommended to upgrade the affected component. The identifier VDB-230265 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4332 βΌ
π Read
via "National Vulnerability Database".
In Sprecher Automation SPRECON-E-C/P/T3 CPU in variant PU244x aΓ vulnerable firmware verification has been identified. Through physical access and hardware manipulation, an attacker might be able to bypass hardware-based code verification and thus inject and execute arbitrary code and gain full access of the device.π Read
via "National Vulnerability Database".
π’ Barracuda network appliance vulnerability βactively exploitedβ for seven months π’
π Read
via "ITPro".
The company has issued a patch, but warned customers that the vulnerability left them exposed for over half a year π Read
via "ITPro".
ITPro
Barracuda network appliance vulnerability βactively exploitedβ for seven months
The company has issued a patch, but warned customers that the vulnerability left them exposed for over half a year
π’ Amazon's Ring agrees to $5.8m settlement over alleged use of its cameras to spy on female customers π’
π Read
via "ITPro".
The firm will also pay $25m for allegations Alexa stored child voice recordings indefinitely π Read
via "ITPro".
ITPro
Amazon's Ring agrees to $5.8m settlement over alleged use of its cameras to spy on female customers
The firm will also pay $25m for allegations Alexa stored child voice recordings indefinitely