βΌ CVE-2023-33991 βΌ
π Read
via "National Vulnerability Database".
SAP UI5 Variant Management - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, does not sufficiently encode user-controlled inputs on reading data from the server, resulting in Stored Cross-Site Scripting (Stored XSS) vulnerability. After successful exploitation, an attacker with user level access can cause high impact on confidentiality, modify some information and can cause unavailability of the application at user level.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-33124 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain a memory corruption vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33919 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2022-41327 βΌ
π Read
via "National Vulnerability Database".
A cleartext transmission of sensitive information vulnerability [CWE-319] in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.8, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.8 allows an authenticated attacker with readonly superadmin privileges to intercept traffic in order to obtain other adminstrators cookies via diagnose CLI commands.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30766 βΌ
π Read
via "National Vulnerability Database".
Hidden functionality issue exists in KB-AHR series and KB-IRIP series. If this vulnerability is exploited, an arbitrary OS command may be executed on the product or the device settings may be altered. Affected products and versions are as follows: KB-AHR04D versions prior to 91110.1.101106.78, KB-AHR08D versions prior to 91210.1.101106.78, KB-AHR16D versions prior to 91310.1.101106.78, KB-IRIP04A versions prior to 95110.1.100290.78A, KB-IRIP08A versions prior to 95210.1.100290.78A, and KB-IRIP16A versions prior to 95310.1.100290.78A.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29167 βΌ
π Read
via "National Vulnerability Database".
Out-of-bound reads vulnerability exists in FRENIC RHC Loader v1.1.0.3. If a user opens a specially crafted FNE file, sensitive information on the system where the affected product is installed may be disclosed or arbitrary code may be executed.π Read
via "National Vulnerability Database".
π’ Capita handed Β£50m London police contract weeks after losing pension data π’
π Read
via "ITPro".
The outsourcer will provide digital fraud reporting services after its cyber incident disclosure drew criticism π Read
via "ITPro".
ITPro
Capita handed Β£50m London police contract weeks after losing pension data
The outsourcer will provide digital fraud reporting services after its cyber incident disclosure drew criticism
π2
βΌ CVE-2023-3050 βΌ
π Read
via "National Vulnerability Database".
Reliance on Cookies without Validation and Integrity Checking in a Security Decision vulnerability in TMT Lockcell allows Privilege Abuse, Authentication Bypass.This issue affects Lockcell: before 15.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3049 βΌ
π Read
via "National Vulnerability Database".
Unrestricted Upload of File with Dangerous Type vulnerability in TMT Lockcell allows Command Injection.This issue affects Lockcell: before 15.π Read
via "National Vulnerability Database".
π΄ Why Critical Infrastructure Remains a Ransomware Target π΄
π Read
via "Dark Reading".
While protecting critical infrastructure seems daunting, here are some critical steps the industry can take now to become more cyber resilient and mitigate risks.π Read
via "Dark Reading".
Dark Reading
Why Critical Infrastructure Remains a Ransomware Target
While protecting critical infrastructure seems daunting, here are some critical steps the industry can take now to become more cyber resilient and mitigate risks.
βΌ CVE-2023-33568 βΌ
π Read
via "National Vulnerability Database".
An issue in Dolibarr v16.0.0 to v16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35064 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Satos Satos Mobile allows SQL Injection through SOAP Parameter Tampering.This issue affects Satos Mobile: before 20230607.π Read
via "National Vulnerability Database".
β History revisited: US DOJ unseals Mt. Gox cybercrime charges β
π Read
via "Naked Security".
Though the mills of the Law grind slowly/Yet they grind exceeding small/Though with patience they stand waiting/With exactness grind they all...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Gozi banking malware βIT chiefβ finally jailed after more than 10 years β
π Read
via "Naked Security".
Gozi threesome from way back in the late 2000s and early 2010s now all charged, convicted and sentenced. The DOJ got there in the end...π Read
via "Naked Security".
Naked Security
Gozi banking malware βIT chiefβ finally jailed after more than 10 years
Gozi threesome from way back in the late 2000s and early 2010s now all charged, convicted and sentenced. The DOJ got there in the endβ¦
π΄ How Security Leaders Should Approach Cybersecurity Startups π΄
π Read
via "Dark Reading".
Vendors and buyers both have the power to make the industry a better place. What's needed is more collaboration, mutual support, and respect.π Read
via "Dark Reading".
Dark Reading
How Security Leaders Should Approach Cybersecurity Startups
Vendors and buyers both have the power to make the industry a better place. What's needed is more collaboration, mutual support, and respect.
π1
βΌ CVE-2022-31635 βΌ
π Read
via "National Vulnerability Database".
Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33620 βΌ
π Read
via "National Vulnerability Database".
GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in its communications which allows attackers to eavesdrop via a man-in-the-middle attack.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27836 βΌ
π Read
via "National Vulnerability Database".
TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the devicePwd parameter in the function sub_ 40A80C.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34122 βΌ
π Read
via "National Vulnerability Database".
Improper input validation in the installer for Zoom for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local access.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3214 βΌ
π Read
via "National Vulnerability Database".
Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)π Read
via "National Vulnerability Database".
βοΈ Microsoft Patch Tuesday, June 2023 Edition βοΈ
π Read
via "Krebs on Security".
Microsoft Corp. today released software updates to fix dozens of security vulnerabilities in its Windows operating systems and other software. This month's relatively light patch load has another added bonus for system administrators everywhere: It appears to be the first Patch Tuesday since March 2022 that isn't marred by the active exploitation of a zero-day vulnerability in Microsoft's products.π Read
via "Krebs on Security".
Krebs on Security
Microsoft Patch Tuesday, June 2023 Edition
Microsoft Corp. today released software updates to fix dozens of security vulnerabilities in its Windows operating systems and other software. This month's relatively light patch load has another added bonus for system administrators everywhere: It appearsβ¦