βΌ CVE-2023-2899 βΌ
π Read
via "National Vulnerability Database".
The Google Map Shortcode WordPress plugin through 3.1.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as adminπ Read
via "National Vulnerability Database".
π΄ Decoding Identity and Access Management For Organizations and Consumers π΄
π Read
via "Dark Reading".
Workforce IAM and consumer IAM are not interchangeable β they serve different purposes and constituencies.π Read
via "Dark Reading".
Dark Reading
Decoding Identity and Access Management for Organizations and Consumers
Workforce IAM and consumer IAM are not interchangeable β they serve different purposes and constituencies.
π΄ US Investors Sniffing Around Blacklisted NSO Group Assets π΄
π Read
via "Dark Reading".
Pressure mounts on the NSO Group's business viability as Khashoggi widow joins group of plaintiffs suing the Israeli firm for Pegasus spyware abuse.π Read
via "Dark Reading".
Dark Reading
US Investors Sniffing Around Blacklisted NSO Group Assets
Pressure mounts on the NSO Group's business viability as Khashoggi widow joins group of plaintiffs suing the Israeli firm for Pegasus spyware abuse.
β€1
π΄ Generative AI Has Its Risks, But the Sky Isn't Falling π΄
π Read
via "Dark Reading".
The threat organizations face with GenAI is not new, but it could speed how quickly private data reaches a wider audience.π Read
via "Dark Reading".
Dark Reading
Generative AI Has Its Risks, but the Sky Isn't Falling
The threat organizations face with GenAI is not new, but it could speed how quickly private data reaches a wider audience.
π΄ Name That Toon: Time to Spare? π΄
π Read
via "Dark Reading".
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.π Read
via "Dark Reading".
Dark Reading
Name That Toon: Time to Spare?
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
βΌ CVE-2023-3316 βΌ
π Read
via "National Vulnerability Database".
A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34373 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Dylan James Zephyr Project Manager plugin <=Γ 3.3.93 versions.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-35772 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alain Gonzalez Google Map Shortcode plugin <=Γ 3.1.2 versions.π Read
via "National Vulnerability Database".
π΄ Consumer Data: The Risk and Reward for Manufacturing Companies π΄
π Read
via "Dark Reading".
To adequately address privacy, manufacturers need to think differently about data.π Read
via "Dark Reading".
Dark Reading
Consumer Data: The Risk and Reward for Manufacturing Companies
To adequately address privacy, manufacturers need to think differently about data.
β Megaupload duo will go to prison at last, but Kim Dotcom fights onβ¦ β
π Read
via "Naked Security".
One, sadly, has died, and two are heading to prison, but for Kim Dotcom, the saga goes on...π Read
via "Naked Security".
Naked Security
Megaupload duo will go to prison at last, but Kim Dotcom fights onβ¦
One, sadly, has died, and two are heading to prison, but for Kim Dotcom, the saga goes onβ¦
βΌ CVE-2022-48489 βΌ
π Read
via "National Vulnerability Database".
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34156 βΌ
π Read
via "National Vulnerability Database".
Vulnerability of services denied by early fingerprint APIs on HarmonyOS products.Successful exploitation of this vulnerability may cause services to be denied.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34162 βΌ
π Read
via "National Vulnerability Database".
Version update determination vulnerability in the user profile module.Successful exploitation of this vulnerability may cause repeated HMS Core updates and cause services to fail.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34167 βΌ
π Read
via "National Vulnerability Database".
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3022 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the IPv6 module of the Linux kernel. The arg.result was not used consistently in fib6_rule_lookup, sometimes holding rt6_info and other times fib6_info. This was not accounted for in other parts of the code where rt6_info was expected unconditionally, potentially leading to a kernel panic in fib6_rule_suppress.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-32659 βΌ
π Read
via "National Vulnerability Database".
SUBNET PowerSYSTEM Center versions 2020 U10 and prior contain a cross-site scripting vulnerability that may allow an attacker to inject malicious code into report header graphic files that could propagate out of the system and reach users who are subscribed to email notifications.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3320 βΌ
π Read
via "National Vulnerability Database".
The WP Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation in the ~/admin/views/admin.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-26427 βΌ
π Read
via "National Vulnerability Database".
Default permissions for a properties file were too permissive. Local system users could read potentially sensitive information. We updated the default permissions for noreply.properties set during package installation. No publicly available exploits are known.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3325 βΌ
π Read
via "National Vulnerability Database".
The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the 'cmsc_add_site' function in versions up to, and including, 2.287. This makes it possible for unauthenticated attackers to the plugin to change the '_cmsc_public_key' in the plugin config, providing access to the plugin's remote control functionalities, such as creating an admin access URL, which can be used for privilege escalation. This can only be exploited if the plugin has not been configured yet, however, if combined with another arbitrary plugin installation and activation vulnerability, the impact can be severe.π Read
via "National Vulnerability Database".
β Megaupload duo will go to prison at last, but Kim Dotcom fights onβ¦ β
π Read
via "Naked Security".
One, sadly, has died, and two are heading to prison, but for Kim Dotcom, the saga goes on...π Read
via "Naked Security".
Naked Security
Megaupload duo will go to prison at last, but Kim Dotcom fights onβ¦
One, sadly, has died, and two are heading to prison, but for Kim Dotcom, the saga goes onβ¦
π’ Researchers uncover novel RDStealer malware targeting remote desktop protocol π’
π Read
via "ITPro".
Bitdefender's experts said the level of disguise observed in this campaign βsurpasses anything witnessed thus farβ π Read
via "ITPro".
IT Pro
Researchers uncover novel RDStealer malware targeting remote desktop protocol
Bitdefender's experts said the level of disguise observed in this campaign βsurpasses anything witnessed thus farβ