βΌ CVE-2023-29438 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eric Martin SimpleModal Contact Form (SMCF) plugin <=Γ 1.2.9 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36631 βΌ
π Read
via "National Vulnerability Database".
** DISPUTED ** Lack of access control in wfc.exe in Malwarebytes Binisoft Windows Firewall Control 6.9.2.0 allows local unprivileged users to bypass Windows Firewall restrictions via the user interface's rules tab. NOTE: the vendor's perspective is "this is intended behavior as the application can be locked using a password."π Read
via "National Vulnerability Database".
β Aussie PM says, βShut down your phone every 24 hours for 5 minsβ β but thatβs not enough on its own β
π Read
via "Naked Security".
Don't treat rebooting your phone once a day as a cybersecurity talisman... here are 8 additional tips for better mobile phone security.π Read
via "Naked Security".
β UK hacker busted in Spain gets 5 years over Twitter hack and more β
π Read
via "Naked Security".
Not just that infamous Twitter hack, but SIM-swapping, stalking and swatting too...π Read
via "Naked Security".
Naked Security
UK hacker busted in Spain gets 5 years over Twitter hack and more
Not just that infamous Twitter hack, but SIM-swapping, stalking and swatting tooβ¦
π΄ Trojanized Super Mario Installer Goes After Gamer Data π΄
π Read
via "Dark Reading".
A legitimate installer for the popular Nintendo game infects Windows machines with various malware, including a cryptominer and an infostealer, again showcasing the importance of remote worker security hygiene.π Read
via "Dark Reading".
Dark Reading
Trojanized Super Mario Installer Goes After Gamer Data
A legitimate installer for the popular Nintendo game infects Windows machines with various malware, including a cryptominer and an infostealer, again showcasing the importance of remote worker security hygiene.
βΌ CVE-2023-36301 βΌ
π Read
via "National Vulnerability Database".
Talend Data Catalog before 8.0-20230221 contain a directory traversal vulnerability in HeaderImageServlet.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25306 βΌ
π Read
via "National Vulnerability Database".
MultiMC Launcher <= 0.6.16 is vulnerable to Directory Traversal.π Read
via "National Vulnerability Database".
π΄ How Infrastructure as Code Can Help Minimize Human Error π΄
π Read
via "Dark Reading".
Infrastructure as code lets organizations manage cloud infrastructure with the same versioning, testing, and automation processes they use for application code.π Read
via "Dark Reading".
Dark Reading
How Infrastructure as Code Can Help Minimize Human Error
Infrastructure as code lets organizations manage cloud infrastructure with the same versioning, testing, and automation processes they use for application code.
π΄ Remediation Ballet Is a Pas de Deux of Patch and Performance π΄
π Read
via "Dark Reading".
AI-generated code promises quicker fixes for vulnerabilities, but ultimately developers and security teams must balance competing interests.π Read
via "Dark Reading".
Dark Reading
Remediation Ballet Is a Pas de Deux of Patch and Performance
AI-generated code promises quicker fixes for vulnerabilities, but ultimately developers and security teams must balance competing interests.
π΄ Remediation Ballet Is a Pas de Deux of Patch and Performance π΄
π Read
via "Dark Reading".
AI-generated code promises quicker fixes for vulnerabilities, but ultimately developers and security teams must balance competing interests.π Read
via "Dark Reading".
Dark Reading
Remediation Ballet Is a Pas de Deux of Patch and Performance
AI-generated code promises quicker fixes for vulnerabilities, but ultimately developers and security teams must balance competing interests.
βΌ CVE-2023-28485 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (Stored XSS) vulnerability in file preview in WeKan before 6.75 allows remote authenticated users to inject arbitrary web script or HTML via names of file attachments. Any user can obtain the privilege to rename within their own board (where they have BoardAdmin access), and renameAttachment does not block XSS payloads.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2022-48331 βΌ
π Read
via "National Vulnerability Database".
Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_save_keys feature_name_len integer overflow and resultant buffer overflow.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29459 βΌ
π Read
via "National Vulnerability Database".
The laola.redbull application through 5.1.9-R for Android exposes the exported activity at.redbullsalzburg.android.AppMode.Default.Splash.SplashActivity, which accepts a data: URI. The target of this URI is subsequently loaded into the application's webview, thus allowing the loading of arbitrary content into the context of the application. This can occur via the fcrbs schema or an explicit intent invocation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33580 βΌ
π Read
via "National Vulnerability Database".
Phpgurukul Student Study Center Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in the "Admin Name" field on Admin Profile page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48333 βΌ
π Read
via "National Vulnerability Database".
Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_verify_keys prefix_len+feature_name_len integer overflow and resultant buffer overflow.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48336 βΌ
π Read
via "National Vulnerability Database".
Widevine Trusted Application (TA) 5.0.0 through 7.1.1 has a PRDiagParseAndStoreData integer overflow and resultant buffer overflow.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48335 βΌ
π Read
via "National Vulnerability Database".
Widevine Trusted Application (TA) 5.0.0 through 7.1.1 has a PRDiagVerifyProvisioning integer overflow and resultant buffer overflow.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48332 βΌ
π Read
via "National Vulnerability Database".
Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_save_keys file_name_len integer overflow and resultant buffer overflow.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40010 βΌ
π Read
via "National Vulnerability Database".
Tenda AC6 AC1200 Smart Dual-Band WiFi Router 15.03.06.50_multi was discovered to contain a cross-site scripting (XSS) vulnerability via the deviceId parameter in the Parental Control module.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48334 βΌ
π Read
via "National Vulnerability Database".
Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_verify_keys total_len+file_name_len integer overflow and resultant buffer overflow.π Read
via "National Vulnerability Database".
βΌ CVE-2020-20210 βΌ
π Read
via "National Vulnerability Database".
Bludit 3.9.2 is vulnerable to Remote Code Execution (RCE) via /admin/ajax/upload-images.π Read
via "National Vulnerability Database".