‼ CVE-2023-34345 ‼
📖 Read
via "National Vulnerability Database".
AMI BMC contains a vulnerability in the SPX REST API, where anattacker with the required privileges can access arbitrary files, which maylead to information disclosure.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2023-28933 ‼
📖 Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in StPeteDesign Call Now Accessibility Button plugin <=Â 1.1 versions.📖 Read
via "National Vulnerability Database".
❤1
🕴 10 Important Security Tasks You Shouldn't Skip 🕴
📖 Read
via "Dark Reading".
Time and money are valuable and finite, but some actions are well worth spending those resources on.📖 Read
via "Dark Reading".
Dark Reading
10 Important Security Tasks You Shouldn't Skip
Time and money are valuable and finite, but some actions are well worth spending those resources on.
‼ CVE-2023-2568 ‼
📖 Read
via "National Vulnerability Database".
The Photo Gallery by Ays WordPress plugin before 5.1.7 does not escape some parameters before outputting it back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin📖 Read
via "National Vulnerability Database".
‼ CVE-2023-34334 ‼
📖 Read
via "National Vulnerability Database".
AMI BMC contains a vulnerability in the SPX REST API, where anattacker with the required privileges can inject arbitrary shell commands,which may lead to code execution, denial of service, information disclosure, ordata tampering. 📖 Read
via "National Vulnerability Database".
❤1
🕴 Use of Multifactor Authentication (MFA) Nearly Doubles Since 2020, Okta Secure Sign-in Trends Reports Finds 🕴
📖 Read
via "Dark Reading".
Okta platform data-based study finds FastPass and WebAuthn offer far stronger security and faster, more reliable user experiences.📖 Read
via "Dark Reading".
Dark Reading
Use of Multifactor Authentication (MFA) Nearly Doubles Since 2020, Okta Secure Sign-in Trends Report Finds
Okta platform data-based study finds FastPass and WebAuthn offer far stronger security and faster, more reliable user experiences.
‼ CVE-2023-3161 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-33624 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-31472. Reason: This record is a reservation duplicate of CVE-2023-31472. Notes: All CVE users should reference CVE-2023-31472 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.📖 Read
via "National Vulnerability Database".
🕴 Researchers Report First Instance of Automated SaaS Ransomware Extortion 🕴
📖 Read
via "Dark Reading".
The attack highlights growing interest among threat actors to target data from software-as-a-service providers.📖 Read
via "Dark Reading".
Dark Reading
Researchers Report First Instance of Automated SaaS Ransomware Extortion
The attack highlights growing interest among threat actors to target data from software-as-a-service providers.
‼ CVE-2023-26297 ‼
📖 Read
via "National Vulnerability Database".
Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26298 ‼
📖 Read
via "National Vulnerability Database".
Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2277 ‼
📖 Read
via "National Vulnerability Database".
The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to missing or incorrect nonce validation on the 'insert' function. This makes it possible for unauthenticated attackers to update the plugin's settings and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2023-33991 ‼
📖 Read
via "National Vulnerability Database".
SAP UI5 Variant Management - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, does not sufficiently encode user-controlled inputs on reading data from the server, resulting in Stored Cross-Site Scripting (Stored XSS) vulnerability. After successful exploitation, an attacker with user level access can cause high impact on confidentiality, modify some information and can cause unavailability of the application at user level.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2023-33124 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain a memory corruption vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-33919 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2022-41327 ‼
📖 Read
via "National Vulnerability Database".
A cleartext transmission of sensitive information vulnerability [CWE-319] in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.8, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.8 allows an authenticated attacker with readonly superadmin privileges to intercept traffic in order to obtain other adminstrators cookies via diagnose CLI commands.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30766 ‼
📖 Read
via "National Vulnerability Database".
Hidden functionality issue exists in KB-AHR series and KB-IRIP series. If this vulnerability is exploited, an arbitrary OS command may be executed on the product or the device settings may be altered. Affected products and versions are as follows: KB-AHR04D versions prior to 91110.1.101106.78, KB-AHR08D versions prior to 91210.1.101106.78, KB-AHR16D versions prior to 91310.1.101106.78, KB-IRIP04A versions prior to 95110.1.100290.78A, KB-IRIP08A versions prior to 95210.1.100290.78A, and KB-IRIP16A versions prior to 95310.1.100290.78A.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29167 ‼
📖 Read
via "National Vulnerability Database".
Out-of-bound reads vulnerability exists in FRENIC RHC Loader v1.1.0.3. If a user opens a specially crafted FNE file, sensitive information on the system where the affected product is installed may be disclosed or arbitrary code may be executed.📖 Read
via "National Vulnerability Database".
📢 Capita handed £50m London police contract weeks after losing pension data 📢
📖 Read
via "ITPro".
The outsourcer will provide digital fraud reporting services after its cyber incident disclosure drew criticism 📖 Read
via "ITPro".
ITPro
Capita handed £50m London police contract weeks after losing pension data
The outsourcer will provide digital fraud reporting services after its cyber incident disclosure drew criticism
👍2
‼ CVE-2023-3050 ‼
📖 Read
via "National Vulnerability Database".
Reliance on Cookies without Validation and Integrity Checking in a Security Decision vulnerability in TMT Lockcell allows Privilege Abuse, Authentication Bypass.This issue affects Lockcell: before 15.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3049 ‼
📖 Read
via "National Vulnerability Database".
Unrestricted Upload of File with Dangerous Type vulnerability in TMT Lockcell allows Command Injection.This issue affects Lockcell: before 15.📖 Read
via "National Vulnerability Database".