π΄ Getting Over the DNS Security Awareness Gap π΄
π Read
via "Dark Reading".
To properly secure DNS infrastructure, organizations need strong security hygiene around DNS infrastructure and records management as well as closely monitoring and filtering DNS traffic.π Read
via "Dark Reading".
Dark Reading
Getting Over the DNS Security Awareness Gap
To properly secure DNS infrastructure, organizations need strong security hygiene and records management, as well as DNS traffic monitoring and filtering.
βΌ CVE-2023-35790 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in dec_patch_dictionary.cc in libjxl before 0.8.2. An integer underflow in patch decoding can lead to a denial of service, such as an infinite loop.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-33438 βΌ
π Read
via "National Vulnerability Database".
A stored Cross-site scripting (XSS) vulnerability in Wolters Kluwer TeamMate+ 35.0.11.0 allows remote attackers to inject arbitrary web script or HTML.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-34459 βΌ
π Read
via "National Vulnerability Database".
OpenZeppelin Contracts is a library for smart contract development. Starting in version 4.7.0 and prior to version 4.9.2, when the `verifyMultiProof`, `verifyMultiProofCalldata`, `procesprocessMultiProof`, or `processMultiProofCalldat` functions are in use, it is possible to construct merkle trees that allow forging a valid multiproof for an arbitrary set of leaves.A contract may be vulnerable if it uses multiproofs for verification and the merkle tree that is processed includes a node with value 0 at depth 1 (just under the root). This could happen inadvertedly for balanced trees with 3 leaves or less, if the leaves are not hashed. This could happen deliberately if a malicious tree builder includes such a node in the tree.A contract is not vulnerable if it uses single-leaf proving (`verify`, `verifyCalldata`, `processProof`, or `processProofCalldata`), or if it uses multiproofs with a known tree that has hashed leaves. Standard merkle trees produced or validated with the @openzeppelin/merkle-tree library are safe.The problem has been patched in version 4.9.2.Some workarounds are available. For those using multiproofs: When constructing merkle trees hash the leaves and do not insert empty nodes in your trees. Using the @openzeppelin/merkle-tree package eliminates this issue. Do not accept user-provided merkle roots without reconstructing at least the first level of the tree. Verify the merkle tree structure by reconstructing it from the leaves.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28287 βΌ
π Read
via "National Vulnerability Database".
Microsoft Publisher Remote Code Execution Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-35811 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. Two SQL Injection vectors have been identified in the REST API. By using crafted requests, custom SQL code can be injected through the REST API because of missing input validation. Regular user privileges can use used for exploitation. Editions other than Enterprise are also affected.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-35810 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Second-Order PHP Object Injection vulnerability has been identified in the DocuSign module. By using crafted requests, custom PHP code can be injected and executed through the DocuSign module because of missing input validation. Admin user privileges are required to exploit this vulnerability. Editions other than Enterprise are also affected.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3308 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in whaleal IceFrog 1.1.8. Affected is an unknown function of the component Aviator Template Engine. The manipulation leads to deserialization. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231804.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3305 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in C-DATA Web Management System up to 20230607. It has been classified as critical. This affects an unknown part of the file /cgi-bin/jumpto.php?class=user&page=config_save&isphp=1 of the component User Creation Handler. The manipulation of the argument user/newpassword leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231801 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3309 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in SourceCodester Resort Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file ?page=rooms of the component Manage Room Page. The manipulation of the argument Cottage Number leads to cross site scripting. The attack can be launched remotely. The identifier VDB-231805 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-3311 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in SourceCodester Advance Charity Management System 1.0. This affects an unknown part of the file addsuppliers.php. The manipulation of the argument First name leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-231807.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35825 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel before 6.3.4. A use-after-free was found in r592_remove in drivers/memstick/host/r592.c.π Read
via "National Vulnerability Database".
β€2
βΌ CVE-2023-35827 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35852 βΌ
π Read
via "National Vulnerability Database".
In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem. This is addressed in 6.0.13 by requiring allow-absolute-filenames and allow-write (in the datasets rules configuration section) if an installation requires traversal/writing in this situation.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-35844 βΌ
π Read
via "National Vulnerability Database".
packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34642 βΌ
π Read
via "National Vulnerability Database".
KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function showDirectoryPicker() which can then be used to open an unprivileged command prompt.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32201 βΌ
π Read
via "National Vulnerability Database".
Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32538 and CVE-2023-32273.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34603 βΌ
π Read
via "National Vulnerability Database".
JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryFilterTableDictInfo at org.jeecg.modules.api.controller.SystemApiController.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32542 βΌ
π Read
via "National Vulnerability Database".
Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution.π Read
via "National Vulnerability Database".
π’ Anonymous Sudan: Who are the hackers behind Microsoftβs cloud outages? π’
π Read
via "ITPro".
The highly aggressive βhacktivistβ group is thought to have links to the pro-Russian Killnet hacker collective π Read
via "ITPro".
Cloud Pro
Anonymous Sudan: Who are the hackers behind Microsoftβs cloud outages?
The highly aggressive βhacktivistβ group is thought to have links to the pro-Russian Killnet hacker collective
βΌ CVE-2023-2805 βΌ
π Read
via "National Vulnerability Database".
The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the agents[] parameter in the set_add_agent_leaves AJAX function before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.π Read
via "National Vulnerability Database".