βΌ CVE-2023-35844 βΌ
π Read
via "National Vulnerability Database".
packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34642 βΌ
π Read
via "National Vulnerability Database".
KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function showDirectoryPicker() which can then be used to open an unprivileged command prompt.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32201 βΌ
π Read
via "National Vulnerability Database".
Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32538 and CVE-2023-32273.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34603 βΌ
π Read
via "National Vulnerability Database".
JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryFilterTableDictInfo at org.jeecg.modules.api.controller.SystemApiController.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32542 βΌ
π Read
via "National Vulnerability Database".
Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution.π Read
via "National Vulnerability Database".
π’ Anonymous Sudan: Who are the hackers behind Microsoftβs cloud outages? π’
π Read
via "ITPro".
The highly aggressive βhacktivistβ group is thought to have links to the pro-Russian Killnet hacker collective π Read
via "ITPro".
Cloud Pro
Anonymous Sudan: Who are the hackers behind Microsoftβs cloud outages?
The highly aggressive βhacktivistβ group is thought to have links to the pro-Russian Killnet hacker collective
βΌ CVE-2023-2805 βΌ
π Read
via "National Vulnerability Database".
The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the agents[] parameter in the set_add_agent_leaves AJAX function before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25733 βΌ
π Read
via "National Vulnerability Database".
The return value from `gfx::SourceSurfaceSkia::Map()` wasn't being verified which could have potentially lead to a null pointer dereference. This vulnerability affects Firefox < 110.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25747 βΌ
π Read
via "National Vulnerability Database".
A potential use-after-free in libaudio was fixed by disabling the AAudio backend when running on Android API below version 30.*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 110.1.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2899 βΌ
π Read
via "National Vulnerability Database".
The Google Map Shortcode WordPress plugin through 3.1.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as adminπ Read
via "National Vulnerability Database".
π΄ Decoding Identity and Access Management For Organizations and Consumers π΄
π Read
via "Dark Reading".
Workforce IAM and consumer IAM are not interchangeable β they serve different purposes and constituencies.π Read
via "Dark Reading".
Dark Reading
Decoding Identity and Access Management for Organizations and Consumers
Workforce IAM and consumer IAM are not interchangeable β they serve different purposes and constituencies.
π΄ US Investors Sniffing Around Blacklisted NSO Group Assets π΄
π Read
via "Dark Reading".
Pressure mounts on the NSO Group's business viability as Khashoggi widow joins group of plaintiffs suing the Israeli firm for Pegasus spyware abuse.π Read
via "Dark Reading".
Dark Reading
US Investors Sniffing Around Blacklisted NSO Group Assets
Pressure mounts on the NSO Group's business viability as Khashoggi widow joins group of plaintiffs suing the Israeli firm for Pegasus spyware abuse.
β€1
π΄ Generative AI Has Its Risks, But the Sky Isn't Falling π΄
π Read
via "Dark Reading".
The threat organizations face with GenAI is not new, but it could speed how quickly private data reaches a wider audience.π Read
via "Dark Reading".
Dark Reading
Generative AI Has Its Risks, but the Sky Isn't Falling
The threat organizations face with GenAI is not new, but it could speed how quickly private data reaches a wider audience.
π΄ Name That Toon: Time to Spare? π΄
π Read
via "Dark Reading".
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.π Read
via "Dark Reading".
Dark Reading
Name That Toon: Time to Spare?
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
βΌ CVE-2023-3316 βΌ
π Read
via "National Vulnerability Database".
A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34373 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Dylan James Zephyr Project Manager plugin <=Γ 3.3.93 versions.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-35772 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alain Gonzalez Google Map Shortcode plugin <=Γ 3.1.2 versions.π Read
via "National Vulnerability Database".
π΄ Consumer Data: The Risk and Reward for Manufacturing Companies π΄
π Read
via "Dark Reading".
To adequately address privacy, manufacturers need to think differently about data.π Read
via "Dark Reading".
Dark Reading
Consumer Data: The Risk and Reward for Manufacturing Companies
To adequately address privacy, manufacturers need to think differently about data.
β Megaupload duo will go to prison at last, but Kim Dotcom fights onβ¦ β
π Read
via "Naked Security".
One, sadly, has died, and two are heading to prison, but for Kim Dotcom, the saga goes on...π Read
via "Naked Security".
Naked Security
Megaupload duo will go to prison at last, but Kim Dotcom fights onβ¦
One, sadly, has died, and two are heading to prison, but for Kim Dotcom, the saga goes onβ¦
βΌ CVE-2022-48489 βΌ
π Read
via "National Vulnerability Database".
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34156 βΌ
π Read
via "National Vulnerability Database".
Vulnerability of services denied by early fingerprint APIs on HarmonyOS products.Successful exploitation of this vulnerability may cause services to be denied.π Read
via "National Vulnerability Database".