βΌ CVE-2023-36630 βΌ
π Read
via "National Vulnerability Database".
In CloudPanel before 2.3.1, insecure file upload leads to privilege escalation and authentication bypass.π Read
via "National Vulnerability Database".
βΌ CVE-2015-20109 βΌ
π Read
via "National Vulnerability Database".
end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash), as demonstrated by use of the fnmatch library function with the **(!() pattern. NOTE: this is not the same as CVE-2015-8984; also, some Linux distributions have fixed CVE-2015-8984 but have not fixed this additional fnmatch issue.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36632 βΌ
π Read
via "National Vulnerability Database".
The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address. NOTE: email.utils.parseaddr is categorized as a Legacy API in the documentation of the Python email package. Applications should instead use the email.parser.BytesParser or email.parser.Parser class.π Read
via "National Vulnerability Database".
π2
βΌ CVE-2023-36663 βΌ
π Read
via "National Vulnerability Database".
it-novum openITCOCKPIT (aka open IT COCKPIT) 4.6.4 before 4.6.5 allows SQL Injection (by authenticated users) via the sort parameter of the API interface.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36660 βΌ
π Read
via "National Vulnerability Database".
The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory corruption.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36664 βΌ
π Read
via "National Vulnerability Database".
Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).π Read
via "National Vulnerability Database".
π΄ How Active Directory Bridging Extends Security Automation to Hybrid IT Environments π΄
π Read
via "Dark Reading".
AD bridging extends the reach of your AD domain to non-Windows systems, providing centralized security, single sign-on, and compliance.π Read
via "Dark Reading".
Dark Reading
How Active Directory Bridging Extends Security Automation to Hybrid IT Environments
AD bridging extends the reach of your AD domain to non-Windows systems, providing centralized security, single sign-on, and compliance.
π€1
βΌ CVE-2023-36675 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-29424 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Plainware ShiftController Employee Shift Scheduling plugin <=Γ 4.9.23 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28988 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Direct checkout, Add to cart redirect, Quick purchase button, Buy now button, Quick View button for WooCommerce plugin <=Γ 2.1.48 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29430 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CTHthemes TheRoof plugin <=Γ 1.0.3 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3398 βΌ
π Read
via "National Vulnerability Database".
Denial of Service in GitHub repository jgraph/drawio prior to 18.1.3.π Read
via "National Vulnerability Database".
π΄ 3 Steps to Successfully & Ethically Navigate a Data Breach π΄
π Read
via "Dark Reading".
In this day of "not if, but when" for breaches, transparency and full disclosure are important to salvage a company's reputation and keep public trust.π Read
via "Dark Reading".
Dark Reading
3 Steps to Successfully & Ethically Navigate a Data Breach
In this day of "not if, but when" for breaches, transparency and full disclosure are important to salvage a company's reputation and keep public trust.
βΌ CVE-2023-29438 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eric Martin SimpleModal Contact Form (SMCF) plugin <=Γ 1.2.9 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36631 βΌ
π Read
via "National Vulnerability Database".
** DISPUTED ** Lack of access control in wfc.exe in Malwarebytes Binisoft Windows Firewall Control 6.9.2.0 allows local unprivileged users to bypass Windows Firewall restrictions via the user interface's rules tab. NOTE: the vendor's perspective is "this is intended behavior as the application can be locked using a password."π Read
via "National Vulnerability Database".
β Aussie PM says, βShut down your phone every 24 hours for 5 minsβ β but thatβs not enough on its own β
π Read
via "Naked Security".
Don't treat rebooting your phone once a day as a cybersecurity talisman... here are 8 additional tips for better mobile phone security.π Read
via "Naked Security".
β UK hacker busted in Spain gets 5 years over Twitter hack and more β
π Read
via "Naked Security".
Not just that infamous Twitter hack, but SIM-swapping, stalking and swatting too...π Read
via "Naked Security".
Naked Security
UK hacker busted in Spain gets 5 years over Twitter hack and more
Not just that infamous Twitter hack, but SIM-swapping, stalking and swatting tooβ¦
π΄ Trojanized Super Mario Installer Goes After Gamer Data π΄
π Read
via "Dark Reading".
A legitimate installer for the popular Nintendo game infects Windows machines with various malware, including a cryptominer and an infostealer, again showcasing the importance of remote worker security hygiene.π Read
via "Dark Reading".
Dark Reading
Trojanized Super Mario Installer Goes After Gamer Data
A legitimate installer for the popular Nintendo game infects Windows machines with various malware, including a cryptominer and an infostealer, again showcasing the importance of remote worker security hygiene.
βΌ CVE-2023-36301 βΌ
π Read
via "National Vulnerability Database".
Talend Data Catalog before 8.0-20230221 contain a directory traversal vulnerability in HeaderImageServlet.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25306 βΌ
π Read
via "National Vulnerability Database".
MultiMC Launcher <= 0.6.16 is vulnerable to Directory Traversal.π Read
via "National Vulnerability Database".
π΄ How Infrastructure as Code Can Help Minimize Human Error π΄
π Read
via "Dark Reading".
Infrastructure as code lets organizations manage cloud infrastructure with the same versioning, testing, and automation processes they use for application code.π Read
via "Dark Reading".
Dark Reading
How Infrastructure as Code Can Help Minimize Human Error
Infrastructure as code lets organizations manage cloud infrastructure with the same versioning, testing, and automation processes they use for application code.