βΌ CVE-2023-29346 βΌ
π Read
via "National Vulnerability Database".
NTFS Elevation of Privilege Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-32029 βΌ
π Read
via "National Vulnerability Database".
Microsoft Excel Remote Code Execution Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-3203 βΌ
π Read
via "National Vulnerability Database".
The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_limit_product function. This makes it possible for unauthenticated attackers to update limit the number of product per category to use cache data in home screen via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3229 βΌ
π Read
via "National Vulnerability Database".
Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47184 βΌ
π Read
via "National Vulnerability Database".
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: 8.0.0 to 9.2.0.π Read
via "National Vulnerability Database".
π’ Dragosβ new partner program aims to turn resellers into OT experts π’
π Read
via "ITPro".
The initiative will help partners fully manage customer deployments with Dragosβ ISC/OT security offerings π Read
via "ITPro".
channelpro
Dragosβ new partner program aims to turn resellers into OT experts
The initiative will help partners fully manage customer deployments with Dragosβ ISC/OT security offerings
βΌ CVE-2023-35144 βΌ
π Read
via "National Vulnerability Database".
Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape project and build display names on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35149 βΌ
π Read
via "National Vulnerability Database".
A missing permission check in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins.π Read
via "National Vulnerability Database".
π΄ How Popular Messaging Tools Instill a False Sense of Security π΄
π Read
via "Dark Reading".
It's time to include messaging tool security in your cloud security program. Good first steps include tightening filter parameters on Slack and Teams.π Read
via "Dark Reading".
Dark Reading
How Popular Messaging Tools Instill a False Sense of Security
It's time to include messaging tool security in your cloud security program. Good first steps include tightening filter parameters on Slack and Teams.
π΄ Microsoft Fixes 69 Bugs, but None Are Zero-Days π΄
π Read
via "Dark Reading".
The June 2023 Patch Tuesday security update included fixes for a bypass for two previously addressed issues in Microsoft Exchange and a critical elevation of privilege flaw in SharePoint Server.π Read
via "Dark Reading".
Dark Reading
Microsoft Fixes 69 Bugs, but None Are Zero-Days
The June 2023 Patch Tuesday security update included fixes for a bypass for two previously addressed issues in Microsoft Exchange and a critical elevation of privilege flaw in SharePoint Server.
π΄ Fortinet: Patched Critical Flaw May Have Been Exploited π΄
π Read
via "Dark Reading".
Users urged to apply updates to FortiOS SSL-VPN after attackers may have leveraged a recently discovered vulnerability in attacks against government, manufacturing, and critical infrastructure organizations.π Read
via "Dark Reading".
Dark Reading
Fortinet: Patched Critical Flaw May Have Been Exploited
Users urged to apply updates to FortiOS SSL-VPN after attackers may have leveraged a recently discovered vulnerability in attacks against government, manufacturing, and critical infrastructure organizations.
βΌ CVE-2023-34865 βΌ
π Read
via "National Vulnerability Database".
Directory traversal vulnerability in ujcms 6.0.2 allows attackers to move files via the rename feature.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24936 βΌ
π Read
via "National Vulnerability Database".
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-35110 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered jjson thru 0.1.7 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.π Read
via "National Vulnerability Database".
β€1
π΄ Why Your SEG Could Be Your Email Security Achilles' Heel π΄
π Read
via "Dark Reading".
As business email compromise attacks continue to grow and become increasingly sophisticated, is your secure email gateway providing sufficient protection?π Read
via "Dark Reading".
Dark Reading
Why Your SEG Could Be Your Email Security Achilles' Heel
As business email compromise attacks continue to grow and become increasingly sophisticated, is your secure email gateway providing sufficient protection?
π΄ Moving the Cyber Industry Forward Requires a Novel Approach π΄
π Read
via "Dark Reading".
CISOs need to be better equipped with strategic metrics and proof points to better align their organization for defense against the ever-changing threat landscape.π Read
via "Dark Reading".
Dark Reading
Moving the Cyber Industry Forward Requires a Novel Approach
CISOs need to be better equipped with strategic metrics and proof points to better align their organization for defense against the ever-changing threat landscape.
βΌ CVE-2023-0010 βΌ
π Read
via "National Vulnerability Database".
A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software can allow a JavaScript payload to be executed in the context of an authenticated Captive Portal userΓ’β¬β’s browser when they click on a specifically crafted link.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34868 βΌ
π Read
via "National Vulnerability Database".
Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the parser_parse_for_statement_start at jerry-core/parser/js/js-parser-statm.c.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2976 βΌ
π Read
via "National Vulnerability Database".
Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31671 βΌ
π Read
via "National Vulnerability Database".
PrestaShop postfinance <= 17.1.13 is vulnerable to SQL Injection via PostfinanceValidationModuleFrontController::postProcess().π Read
via "National Vulnerability Database".
π΄ XSS Vulnerabilities Found in Microsoft Azure Cloud Services π΄
π Read
via "Dark Reading".
Microsoft quickly issued patches for the two security issues, which could allow unauthorized access to cloud sessions.π Read
via "Dark Reading".
Dark Reading
XSS Vulnerabilities Found in Microsoft Azure Cloud Services
Microsoft quickly issued patches for the two security issues, which could allow unauthorized access to cloud sessions.