βΌ CVE-2023-24032 βΌ
π Read
via "National Vulnerability Database".
In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker (who has initial user access to a Zimbra server instance) can execute commands as root by passing one of JVM arguments, leading to local privilege escalation (LPE).π Read
via "National Vulnerability Database".
βΌ CVE-2023-33243 βΌ
π Read
via "National Vulnerability Database".
RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the password instead of the cleartext password. While storing password hashes instead of cleartext passwords in an application's database generally has become best practice to protect users' passwords in case of a database compromise, this is rendered ineffective when allowing to authenticate using the password hash.π Read
via "National Vulnerability Database".
π΄ How Do I Protect My API Keys From Appearing in GitHub Search Results? π΄
π Read
via "Dark Reading".
A few lines of code can help you prevent accidental exposure, manage sensitive information, and maintain different configurations for various environments.π Read
via "Dark Reading".
Dark Reading
How Do I Protect My API Keys From Appearing in Search Results?
A few lines of code can help you prevent accidental exposure, manage sensitive information, and maintain different configurations for various environments.
βΌ CVE-2023-28810 βΌ
π Read
via "National Vulnerability Database".
Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2080 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud allows Blind SQL Injection.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-32025 βΌ
π Read
via "National Vulnerability Database".
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-29349 βΌ
π Read
via "National Vulnerability Database".
Microsoft ODBC and OLE DB Remote Code Execution Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-32027 βΌ
π Read
via "National Vulnerability Database".
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-34845 βΌ
π Read
via "National Vulnerability Database".
Bludit v3.14.1 was discovered to contain an arbitrary file upload vulnerability in the component /admin/new-content. This vulnerability allows attackers to execute arbitrary web scripts or HTML via uploading a crafted SVG file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32026 βΌ
π Read
via "National Vulnerability Database".
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-3291 βΌ
π Read
via "National Vulnerability Database".
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2788 βΌ
π Read
via "National Vulnerability Database".
Mattermost fails to check if an admin user account active after an oauth2 flow is started, allowing an attacker with admin privileges to retain persistent access to Mattermost by obtaining an oauth2 access token while the attacker's account is deactivated.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34154 βΌ
π Read
via "National Vulnerability Database".
Vulnerability of undefined permissions in HUAWEI VR screen projection.Successful exploitation of this vulnerability will cause third-party apps to create windows in an arbitrary way, consuming system resources.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2786 βΌ
π Read
via "National Vulnerability Database".
Mattermost fails to properly check theΓ permissions when executing commands allowing a member with no permissionsΓ to post a message in a channel to actually post it by executing channel commands.π Read
via "National Vulnerability Database".
π’ Latest arrest places LockBit firmly in the crosshairs of international cyber police π’
π Read
via "ITPro".
The threat group could be set for a fate reminiscent of REvil π Read
via "ITPro".
ITPro
Latest arrest places LockBit firmly in the crosshairs of international cyber police
The threat group could be set for a fate reminiscent of REvil
βΌ CVE-2023-2785 βΌ
π Read
via "National Vulnerability Database".
Mattermost fails to properly truncate the postgres error log message of a search query failure allowing an attacker to cause the creation ofΓ large log filesπ Read
via "National Vulnerability Database".
βΌ CVE-2023-2793 βΌ
π Read
via "National Vulnerability Database".
Mattermost fails to validate links on external websites when constructing a preview for a linked website, allowing an attacker to cause a denial-of-service by a linking to a specially crafted webpage in a message.π Read
via "National Vulnerability Database".
π1
π΄ HashiCorp Expands PAM, Secrets Management Capabilities π΄
π Read
via "Dark Reading".
The new privileged access management and secrets management capabilities tackles access issues and secret sprawl across the cloud environment.π Read
via "Dark Reading".
Dark Reading
HashiCorp Expands PAM, Secrets Management Capabilities
The new privileged access management and secrets management capabilities tackles access issues and secret sprawl across the cloud environment.
π΄ Cybercrime Doesn't Take a Vacation π΄
π Read
via "Dark Reading".
Organizations need to prepare for security threats as summer holidays approach.π Read
via "Dark Reading".
Dark Reading
Cybercrime Doesn't Take a Vacation
Organizations need to prepare for security threats as summer holidays approach.
βΌ CVE-2023-26537 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nicolly WP No External Links plugin <=Γ 1.0.2 versions.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-26527 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPIndeed Debug Assistant plugin <=Γ 1.4 versions.π Read
via "National Vulnerability Database".
β€2