‼ CVE-2022-48332 ‼
📖 Read
via "National Vulnerability Database".
Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_save_keys file_name_len integer overflow and resultant buffer overflow.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40010 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC6 AC1200 Smart Dual-Band WiFi Router 15.03.06.50_multi was discovered to contain a cross-site scripting (XSS) vulnerability via the deviceId parameter in the Parental Control module.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48334 ‼
📖 Read
via "National Vulnerability Database".
Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_verify_keys total_len+file_name_len integer overflow and resultant buffer overflow.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-20210 ‼
📖 Read
via "National Vulnerability Database".
Bludit 3.9.2 is vulnerable to Remote Code Execution (RCE) via /admin/ajax/upload-images.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-23065 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting vulnerabiltiy in eZ Systems AS uZPublish Platform v.5.4 and eZ Publish Legacy v.5.4 allows a remote authenticated attacker to execute arbitrary code via the video-js.swf.swf.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-23064 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting vulnerability in jQuery v.2.2.0 thru v.3.5.0 allows a remote attacker to execute arbitrary code via the <options> element.📖 Read
via "National Vulnerability Database".
🕴 Cl0p in Your Network? Here's How to Find Out 🕴
📖 Read
via "Dark Reading".
Companies targeted by hacking groups with Cl0p ransomware typically have several chances to catch the attack prior to the payload being deployed, experts say.📖 Read
via "Dark Reading".
Dark Reading
Cl0p in Your Network? Here's How to Find Out
Companies targeted by hacking groups with Cl0p ransomware typically have several chances to catch the attack prior to the payload being deployed, experts say.
🕴 It's Open Season on Law Firms for Ransomware & Cyberattacks 🕴
📖 Read
via "Dark Reading".
Law firms have an ethical responsibility to protect their clients' sensitive information, but a recent swell of cyberattacks does not seem to be enough to convince law firms to shore up cybersecurity.📖 Read
via "Dark Reading".
Dark Reading
It's Open Season on Law Firms for Ransomware & Cyberattacks
Law firms have an ethical responsibility to protect their clients' sensitive information, but a recent swell of cyberattacks does not seem to be enough to convince law firms to shore up cybersecurity.
🕴 Twitter Celeb Account Hacker Heads to Jail for 5 Years 🕴
📖 Read
via "Dark Reading".
Extradited from Spain, PlugWalkJoe has been sentenced in US court and is now headed to federal prison on a raft of charges related to account hijacking and cyber stalking.📖 Read
via "Dark Reading".
Dark Reading
Twitter Celeb Account Hacker Heads to Jail for 5 Years
Extradited from Spain, PlugWalkJoe has been sentenced in US court and is now headed to federal prison on a raft of charges related to account hijacking and cyber stalking.
🕴 Genworth Financial Reports Data Breach Leaking SSNs Belonging to 2.7M Policyholders and Customers 🕴
📖 Read
via "Dark Reading".
📖 Read
via "Dark Reading".
Dark Reading
Genworth Financial Reports Data Breach Leaking SSNs Belonging to 2.7M Policyholders and Customers
MARLTON, N.J. , June 23, 2023 /PRNewswire/ -- Between 2.5 to 2.7 million consumers are being notified that their Social Security numbers and other confidential information were compromised when hackers were able to exploit a vulnerability in software used…
‼ CVE-2023-33176 ‼
📖 Read
via "National Vulnerability Database".
BigBlueButton is an open source virtual classroom designed to help teachers teach and learners learn. In affected versions are affected by a Server-Side Request Forgery (SSRF) vulnerability. In an `insertDocument` API request the user is able to supply a URL from which the presentation should be downloaded. This URL was being used without having been successfully validated first. An update to the `followRedirect` method in the `PresentationUrlDownloadService` has been made to validate all URLs to be used for presentation download. Two new properties `presentationDownloadSupportedProtocols` and `presentationDownloadBlockedHosts` have also been added to `bigbluebutton.properties` to allow administrators to define what protocols a URL must use and to explicitly define hosts that a presentation cannot be downloaded from. All URLs passed to `insertDocument` must conform to the requirements of the two previously mentioned properties. Additionally, these URLs must resolve to valid addresses, and these addresses must not be local or loopback addresses. There are no workarounds. Users are advised to upgrade to a patched version of BigBlueButton.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-34422 ‼
📖 Read
via "National Vulnerability Database".
A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically crafted web API call due to insufficient input validation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32525 ‼
📖 Read
via "National Vulnerability Database".
Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.This is similar to, but not identical to CVE-2023-32526.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32605 ‼
📖 Read
via "National Vulnerability Database".
Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Please note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability.This is similar to, but not identical to CVE-2023-32604.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-34147 ‼
📖 Read
via "National Vulnerability Database".
An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations.Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.This is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34148.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32534 ‼
📖 Read
via "National Vulnerability Database".
Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers.This is similar to, but not identical to CVE-2023-32531 through 32535.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32530 ‼
📖 Read
via "National Vulnerability Database".
Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection that could lead to remote code execution.Please note: an attacker must first obtain authentication on the target system in order to exploit these vulnerabilities.This is similar to, but not identical to CVE-2023-32529.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32556 ‼
📖 Read
via "National Vulnerability Database".
A link following vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to disclose sensitive information.Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32521 ‼
📖 Read
via "National Vulnerability Database".
A path traversal exists in a specific service dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an unauthenticated remote attacker to delete arbitrary files.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32557 ‼
📖 Read
via "National Vulnerability Database".
A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an unauthenticated attacker to upload an arbitrary file to the Management Server which could lead to remote code execution with system privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32532 ‼
📖 Read
via "National Vulnerability Database".
Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers.This is similar to, but not identical to CVE-2023-32531 through 32535.📖 Read
via "National Vulnerability Database".