βΌ CVE-2023-35932 βΌ
π Read
via "National Vulnerability Database".
jcvi is a Python library to facilitate genome assembly, annotation, and comparative genomics. A configuration injection happens when user input is considered by the application in an unsanitized format and can reach the configuration file. A malicious user may craft a special payload that may lead to a command injection. The impact of a configuration injection may vary. Under some conditions, it may lead to command injection if there is for instance shell code execution from the configuration file values. This vulnerability does not currently have a fix.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3197 βΌ
π Read
via "National Vulnerability Database".
The MStore API plugin for WordPress is vulnerable to Unauthenticated Blind SQL Injection via the 'id' parameter in versions up to, and including, 4.0.1 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1721 βΌ
π Read
via "National Vulnerability Database".
Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators.π Read
via "National Vulnerability Database".
β€1π1
βΌ CVE-2023-36612 βΌ
π Read
via "National Vulnerability Database".
Directory traversal can occur in the Basecamp com.basecamp.bc3 application before 4.2.1 for Android, which may allow an attacker to write arbitrary files in the application's private directory. Additionally, by using a malicious intent, the attacker may redirect the server's responses (containing sensitive information) to third-party applications by using a custom-crafted deeplink scheme.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36630 βΌ
π Read
via "National Vulnerability Database".
In CloudPanel before 2.3.1, insecure file upload leads to privilege escalation and authentication bypass.π Read
via "National Vulnerability Database".
βΌ CVE-2015-20109 βΌ
π Read
via "National Vulnerability Database".
end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash), as demonstrated by use of the fnmatch library function with the **(!() pattern. NOTE: this is not the same as CVE-2015-8984; also, some Linux distributions have fixed CVE-2015-8984 but have not fixed this additional fnmatch issue.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36632 βΌ
π Read
via "National Vulnerability Database".
The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address. NOTE: email.utils.parseaddr is categorized as a Legacy API in the documentation of the Python email package. Applications should instead use the email.parser.BytesParser or email.parser.Parser class.π Read
via "National Vulnerability Database".
π2
βΌ CVE-2023-36663 βΌ
π Read
via "National Vulnerability Database".
it-novum openITCOCKPIT (aka open IT COCKPIT) 4.6.4 before 4.6.5 allows SQL Injection (by authenticated users) via the sort parameter of the API interface.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36660 βΌ
π Read
via "National Vulnerability Database".
The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory corruption.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36664 βΌ
π Read
via "National Vulnerability Database".
Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).π Read
via "National Vulnerability Database".
π΄ How Active Directory Bridging Extends Security Automation to Hybrid IT Environments π΄
π Read
via "Dark Reading".
AD bridging extends the reach of your AD domain to non-Windows systems, providing centralized security, single sign-on, and compliance.π Read
via "Dark Reading".
Dark Reading
How Active Directory Bridging Extends Security Automation to Hybrid IT Environments
AD bridging extends the reach of your AD domain to non-Windows systems, providing centralized security, single sign-on, and compliance.
π€1
βΌ CVE-2023-36675 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-29424 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Plainware ShiftController Employee Shift Scheduling plugin <=Γ 4.9.23 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28988 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Direct checkout, Add to cart redirect, Quick purchase button, Buy now button, Quick View button for WooCommerce plugin <=Γ 2.1.48 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29430 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CTHthemes TheRoof plugin <=Γ 1.0.3 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3398 βΌ
π Read
via "National Vulnerability Database".
Denial of Service in GitHub repository jgraph/drawio prior to 18.1.3.π Read
via "National Vulnerability Database".
π΄ 3 Steps to Successfully & Ethically Navigate a Data Breach π΄
π Read
via "Dark Reading".
In this day of "not if, but when" for breaches, transparency and full disclosure are important to salvage a company's reputation and keep public trust.π Read
via "Dark Reading".
Dark Reading
3 Steps to Successfully & Ethically Navigate a Data Breach
In this day of "not if, but when" for breaches, transparency and full disclosure are important to salvage a company's reputation and keep public trust.
βΌ CVE-2023-29438 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eric Martin SimpleModal Contact Form (SMCF) plugin <=Γ 1.2.9 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36631 βΌ
π Read
via "National Vulnerability Database".
** DISPUTED ** Lack of access control in wfc.exe in Malwarebytes Binisoft Windows Firewall Control 6.9.2.0 allows local unprivileged users to bypass Windows Firewall restrictions via the user interface's rules tab. NOTE: the vendor's perspective is "this is intended behavior as the application can be locked using a password."π Read
via "National Vulnerability Database".
β Aussie PM says, βShut down your phone every 24 hours for 5 minsβ β but thatβs not enough on its own β
π Read
via "Naked Security".
Don't treat rebooting your phone once a day as a cybersecurity talisman... here are 8 additional tips for better mobile phone security.π Read
via "Naked Security".
β UK hacker busted in Spain gets 5 years over Twitter hack and more β
π Read
via "Naked Security".
Not just that infamous Twitter hack, but SIM-swapping, stalking and swatting too...π Read
via "Naked Security".
Naked Security
UK hacker busted in Spain gets 5 years over Twitter hack and more
Not just that infamous Twitter hack, but SIM-swapping, stalking and swatting tooβ¦