βΌ CVE-2023-36663 βΌ
π Read
via "National Vulnerability Database".
it-novum openITCOCKPIT (aka open IT COCKPIT) 4.6.4 before 4.6.5 allows SQL Injection (by authenticated users) via the sort parameter of the API interface.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36660 βΌ
π Read
via "National Vulnerability Database".
The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory corruption.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36664 βΌ
π Read
via "National Vulnerability Database".
Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).π Read
via "National Vulnerability Database".
π΄ How Active Directory Bridging Extends Security Automation to Hybrid IT Environments π΄
π Read
via "Dark Reading".
AD bridging extends the reach of your AD domain to non-Windows systems, providing centralized security, single sign-on, and compliance.π Read
via "Dark Reading".
Dark Reading
How Active Directory Bridging Extends Security Automation to Hybrid IT Environments
AD bridging extends the reach of your AD domain to non-Windows systems, providing centralized security, single sign-on, and compliance.
π€1
βΌ CVE-2023-36675 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-29424 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Plainware ShiftController Employee Shift Scheduling plugin <=Γ 4.9.23 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28988 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Direct checkout, Add to cart redirect, Quick purchase button, Buy now button, Quick View button for WooCommerce plugin <=Γ 2.1.48 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29430 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CTHthemes TheRoof plugin <=Γ 1.0.3 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3398 βΌ
π Read
via "National Vulnerability Database".
Denial of Service in GitHub repository jgraph/drawio prior to 18.1.3.π Read
via "National Vulnerability Database".
π΄ 3 Steps to Successfully & Ethically Navigate a Data Breach π΄
π Read
via "Dark Reading".
In this day of "not if, but when" for breaches, transparency and full disclosure are important to salvage a company's reputation and keep public trust.π Read
via "Dark Reading".
Dark Reading
3 Steps to Successfully & Ethically Navigate a Data Breach
In this day of "not if, but when" for breaches, transparency and full disclosure are important to salvage a company's reputation and keep public trust.
βΌ CVE-2023-29438 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eric Martin SimpleModal Contact Form (SMCF) plugin <=Γ 1.2.9 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36631 βΌ
π Read
via "National Vulnerability Database".
** DISPUTED ** Lack of access control in wfc.exe in Malwarebytes Binisoft Windows Firewall Control 6.9.2.0 allows local unprivileged users to bypass Windows Firewall restrictions via the user interface's rules tab. NOTE: the vendor's perspective is "this is intended behavior as the application can be locked using a password."π Read
via "National Vulnerability Database".
β Aussie PM says, βShut down your phone every 24 hours for 5 minsβ β but thatβs not enough on its own β
π Read
via "Naked Security".
Don't treat rebooting your phone once a day as a cybersecurity talisman... here are 8 additional tips for better mobile phone security.π Read
via "Naked Security".
β UK hacker busted in Spain gets 5 years over Twitter hack and more β
π Read
via "Naked Security".
Not just that infamous Twitter hack, but SIM-swapping, stalking and swatting too...π Read
via "Naked Security".
Naked Security
UK hacker busted in Spain gets 5 years over Twitter hack and more
Not just that infamous Twitter hack, but SIM-swapping, stalking and swatting tooβ¦
π΄ Trojanized Super Mario Installer Goes After Gamer Data π΄
π Read
via "Dark Reading".
A legitimate installer for the popular Nintendo game infects Windows machines with various malware, including a cryptominer and an infostealer, again showcasing the importance of remote worker security hygiene.π Read
via "Dark Reading".
Dark Reading
Trojanized Super Mario Installer Goes After Gamer Data
A legitimate installer for the popular Nintendo game infects Windows machines with various malware, including a cryptominer and an infostealer, again showcasing the importance of remote worker security hygiene.
βΌ CVE-2023-36301 βΌ
π Read
via "National Vulnerability Database".
Talend Data Catalog before 8.0-20230221 contain a directory traversal vulnerability in HeaderImageServlet.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25306 βΌ
π Read
via "National Vulnerability Database".
MultiMC Launcher <= 0.6.16 is vulnerable to Directory Traversal.π Read
via "National Vulnerability Database".
π΄ How Infrastructure as Code Can Help Minimize Human Error π΄
π Read
via "Dark Reading".
Infrastructure as code lets organizations manage cloud infrastructure with the same versioning, testing, and automation processes they use for application code.π Read
via "Dark Reading".
Dark Reading
How Infrastructure as Code Can Help Minimize Human Error
Infrastructure as code lets organizations manage cloud infrastructure with the same versioning, testing, and automation processes they use for application code.
π΄ Remediation Ballet Is a Pas de Deux of Patch and Performance π΄
π Read
via "Dark Reading".
AI-generated code promises quicker fixes for vulnerabilities, but ultimately developers and security teams must balance competing interests.π Read
via "Dark Reading".
Dark Reading
Remediation Ballet Is a Pas de Deux of Patch and Performance
AI-generated code promises quicker fixes for vulnerabilities, but ultimately developers and security teams must balance competing interests.
π΄ Remediation Ballet Is a Pas de Deux of Patch and Performance π΄
π Read
via "Dark Reading".
AI-generated code promises quicker fixes for vulnerabilities, but ultimately developers and security teams must balance competing interests.π Read
via "Dark Reading".
Dark Reading
Remediation Ballet Is a Pas de Deux of Patch and Performance
AI-generated code promises quicker fixes for vulnerabilities, but ultimately developers and security teams must balance competing interests.
βΌ CVE-2023-28485 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (Stored XSS) vulnerability in file preview in WeKan before 6.75 allows remote authenticated users to inject arbitrary web script or HTML via names of file attachments. Any user can obtain the privilege to rename within their own board (where they have BoardAdmin access), and renameAttachment does not block XSS payloads.π Read
via "National Vulnerability Database".
β€1