βΌ CVE-2023-3445 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository spinacms/spina prior to 2.15.1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20120 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30259 βΌ
π Read
via "National Vulnerability Database".
A Buffer Overflow vulnerability in importshp plugin in LibreCAD 2.2.0 allows attackers to obtain sensitive information via a crafted DBF file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20188 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the web-based management interface of Cisco Small Business 200 Series Smart Switches, Cisco Small Business 300 Series Managed Switches, and Cisco Small Business 500 Series Stackable Managed Switches could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need to have valid credentials to access the web-based management interface of the affected device. Cisco has not released software updates to address this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36467 βΌ
π Read
via "National Vulnerability Database".
AWS data.all is an open source development framework to help users build a data marketplace on Amazon Web Services. data.all versions 1.2.0 through 1.5.1 do not prevent remote code execution when a user injects Python commands into the Γ’β¬ΛTemplateΓ’β¬β’ field when configuring a data pipeline. The issue can only be triggered by authenticated users. A fix for this issue is available in data.all version 1.5.2 and later. There is no recommended work around.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26615 βΌ
π Read
via "National Vulnerability Database".
D-Link DIR-823G firmware version 1.02B05 has a password reset vulnerability, which originates from the SetMultipleActions API, allowing unauthorized attackers to reset the WEB page management password.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34936 βΌ
π Read
via "National Vulnerability Database".
A stack overflow in the UpdateMacClone function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34933 βΌ
π Read
via "National Vulnerability Database".
A stack overflow in the UpdateWanParams function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.π Read
via "National Vulnerability Database".
π΄ Generative AI Projects Pose Major Cybersecurity Risk to Enterprises π΄
π Read
via "Dark Reading".
Developers' enthusiasm for ChatGPT and other LLM tools leaves most organizations largely unprepared to defend against the vulnerabilities that the nascent technology creates.π Read
via "Dark Reading".
Dark Reading
Generative AI Projects Pose Major Cybersecurity Risk to Enterprises
Developers' enthusiasm for ChatGPT and other LLM tools leaves most organizations largely unprepared to defend against the vulnerabilities that the nascent technology creates.
π΄ Saudi Arabia's Cyber Capabilities Ranked Second Globally π΄
π Read
via "Dark Reading".
Saudi Arabia is one of the world's leaders in cybersecurity development and preparedness, according to the latest rankings.π Read
via "Dark Reading".
Dark Reading
Saudi Arabia's Cyber Capabilities Ranked Second Globally
Saudi Arabia is one of the world's leaders in cybersecurity development and preparedness, according to the latest rankings.
π΄ FIDO Alliance Publishes Guidance for Deploying Passkeys in the Enterprise π΄
π Read
via "Dark Reading".
Half-day virtual Authenticate Summit to educate on how passkeys can fit into a variety of enterprise environments.π Read
via "Dark Reading".
Dark Reading
FIDO Alliance Publishes Guidance for Deploying Passkeys in the Enterprise
Half-day virtual Authenticate Summit to educate on how passkeys can fit into a variety of enterprise environments.
β Interested in $10,000,000? Ready to turn in the Clop ransomware crew? β
π Read
via "Naked Security".
Technically, it's "up to $10 million", but it's potentially a LOT of money, nevertheless...π Read
via "Naked Security".
Naked Security
Interested in $10,000,000? Ready to turn in the Clop ransomware crew?
Technically, itβs βup to $10 millionβ, but itβs potentially a LOT of money, neverthelessβ¦
π΄ Malwarebytes ChatGPT Survey Reveals 81% are Concerned by Generative AI Security Risks π΄
π Read
via "Dark Reading".
Survey also uncovers 63% of respondents distrust ChatGPT while 51% question AI's ability to improve Internet safety.π Read
via "Dark Reading".
π1
βΌ CVE-2023-2625 βΌ
π Read
via "National Vulnerability Database".
A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN. To exploit the vulnerability the attacker can inject shell commands through a particular field of the web user interface that will be executed by the system.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27866 βΌ
π Read
via "National Vulnerability Database".
IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when driver code or the application using the driver do not verify supplied LDAP URL in Connect String. IBM X-Force ID: 249511.π Read
via "National Vulnerability Database".
π΄ Cato Networks Revolutionizes Network Security With Real-Time, Machine Learning-Powered Protection π΄
π Read
via "Dark Reading".
The combination of data science expertise, cloud resources, and Cato's vast data lake enables real-time, ML-powered protection against evasive cyberattacks, reducing risk and improving security.π Read
via "Dark Reading".
Dark Reading
Cato Networks Revolutionizes Network Security With Real-Time, Machine Learning-Powered Protection
The combination of data science expertise, cloud resources, and Cato's vast data lake enables real-time, ML-powered protection against evasive cyberattacks, reducing risk and improving security.
π΄ Astrix Security Raises $25M in Series A Funding π΄
π Read
via "Dark Reading".
The investment will allow enterprises to further secure non-human identities and safely leverage the soaring adoption of third-party apps and Generative AI services.π Read
via "Dark Reading".
Dark Reading
Astrix Security Raises $25M in Series A Funding
The investment will allow enterprises to further secure non-human identities and safely leverage the soaring adoption of third-party apps and Generative AI services.
π΄ Social Engineering Adds Depth to Red Team Exercises π΄
π Read
via "Dark Reading".
Because social engineering usually succeeds, companies need to test whether their defenses can block adversaries that gain employees' trust.π Read
via "Dark Reading".
Dark Reading
Social Engineering Adds Depth to Red Team Exercises
Because social engineering usually succeeds, companies need to test whether their defenses can block adversaries that gain employees' trust.
βΌ CVE-2023-21179 βΌ
π Read
via "National Vulnerability Database".
In parseSecurityParamsFromXml of XmlUtil.java, there is a possible bypass of user specified wifi encryption protocol due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-272755865π Read
via "National Vulnerability Database".
βΌ CVE-2023-21152 βΌ
π Read
via "National Vulnerability Database".
In FaceStatsAnalyzer::InterpolateWeightList of face_stats_analyzer.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-269174022References: N/Aπ Read
via "National Vulnerability Database".
βΌ CVE-2023-21156 βΌ
π Read
via "National Vulnerability Database".
In BuildGetRadioNode of protocolmiscbulider.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure from the modem with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-264540759References: N/Aπ Read
via "National Vulnerability Database".