βΌ CVE-2023-21141 βΌ
π Read
via "National Vulnerability Database".
In several functions of several files, there is a possible way to access developer mode traces due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-262244249π Read
via "National Vulnerability Database".
βΌ CVE-2023-21124 βΌ
π Read
via "National Vulnerability Database".
In run of multiple files, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-265798353π Read
via "National Vulnerability Database".
βΌ CVE-2023-29322 βΌ
π Read
via "National Vulnerability Database".
Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.π Read
via "National Vulnerability Database".
π΄ Vulcan Cyber Is a Launch Partner for Wiz Integrations (WIN) Platform π΄
π Read
via "Dark Reading".
Vulcan Connector for Wiz enables mutual customers to reduce cloud risk at scale.π Read
via "Dark Reading".
Dark Reading
Vulcan Cyber Is a Launch Partner for Wiz Integrations (WIN) Platform
Vulcan Connector for Wiz enables mutual customers to reduce cloud risk at scale.
π΄ Critical Barracuda ESG Zero-Day Linked to Novel Chinese APT π΄
π Read
via "Dark Reading".
A PRC-aligned actor used a trio of custom malware to take advantage of inherent weaknesses in edge appliances.π Read
via "Dark Reading".
Dark Reading
Critical Barracuda ESG Zero-Day Linked to Novel Chinese APT
A PRC-aligned actor used a trio of custom malware to take advantage of inherent weaknesses in edge appliances.
π΄ Coalition Releases Security Vulnerability Exploit Scoring System π΄
π Read
via "Dark Reading".
Coalition ESS uses AI to generate dynamic risk scores to help organizations mitigate their most critical risks faster.π Read
via "Dark Reading".
Dark Reading
Coalition Releases Security Vulnerability Exploit Scoring System
Coalition ESS uses AI to generate dynamic risk scores to help organizations mitigate their most critical risks faster.
π΄ Action1 Announces $20M Investment in Its Patch Management Platform π΄
π Read
via "Dark Reading".
The company aims to empower enterprises to securely manage their endpoints and remediate vulnerabilities from the cloud, enabling a work-from-anywhere environment with confidence.π Read
via "Dark Reading".
Dark Reading
Action1 Announces $20M Investment in Its Patch Management Platform
The company aims to empower enterprises to securely manage their endpoints and remediate vulnerabilities from the cloud, enabling a work-from-anywhere environment with confidence.
β MOVEit mayhem 3: βDisable HTTP and HTTPS traffic immediatelyβ β
π Read
via "Naked Security".
Twice more unto the breach... patch being tested, in the meantime, shut down web access.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2023-24032 βΌ
π Read
via "National Vulnerability Database".
In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker (who has initial user access to a Zimbra server instance) can execute commands as root by passing one of JVM arguments, leading to local privilege escalation (LPE).π Read
via "National Vulnerability Database".
βΌ CVE-2023-33243 βΌ
π Read
via "National Vulnerability Database".
RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the password instead of the cleartext password. While storing password hashes instead of cleartext passwords in an application's database generally has become best practice to protect users' passwords in case of a database compromise, this is rendered ineffective when allowing to authenticate using the password hash.π Read
via "National Vulnerability Database".
π΄ How Do I Protect My API Keys From Appearing in GitHub Search Results? π΄
π Read
via "Dark Reading".
A few lines of code can help you prevent accidental exposure, manage sensitive information, and maintain different configurations for various environments.π Read
via "Dark Reading".
Dark Reading
How Do I Protect My API Keys From Appearing in Search Results?
A few lines of code can help you prevent accidental exposure, manage sensitive information, and maintain different configurations for various environments.
βΌ CVE-2023-28810 βΌ
π Read
via "National Vulnerability Database".
Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2080 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud allows Blind SQL Injection.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-32025 βΌ
π Read
via "National Vulnerability Database".
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-29349 βΌ
π Read
via "National Vulnerability Database".
Microsoft ODBC and OLE DB Remote Code Execution Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-32027 βΌ
π Read
via "National Vulnerability Database".
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-34845 βΌ
π Read
via "National Vulnerability Database".
Bludit v3.14.1 was discovered to contain an arbitrary file upload vulnerability in the component /admin/new-content. This vulnerability allows attackers to execute arbitrary web scripts or HTML via uploading a crafted SVG file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32026 βΌ
π Read
via "National Vulnerability Database".
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-3291 βΌ
π Read
via "National Vulnerability Database".
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2788 βΌ
π Read
via "National Vulnerability Database".
Mattermost fails to check if an admin user account active after an oauth2 flow is started, allowing an attacker with admin privileges to retain persistent access to Mattermost by obtaining an oauth2 access token while the attacker's account is deactivated.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34154 βΌ
π Read
via "National Vulnerability Database".
Vulnerability of undefined permissions in HUAWEI VR screen projection.Successful exploitation of this vulnerability will cause third-party apps to create windows in an arbitrary way, consuming system resources.π Read
via "National Vulnerability Database".