βΌ CVE-2023-3389 βΌ
π Read
via "National Vulnerability Database".
A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.We recommend upgrading past commit 4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable andΓ 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34650 βΌ
π Read
via "National Vulnerability Database".
PHPgurukl Small CRM v.1.0 is vulnerable to Cross Site Scripting (XSS).π Read
via "National Vulnerability Database".
βΌ CVE-2023-32222 βΌ
π Read
via "National Vulnerability Database".
D-Link DSL-G256DG version vBZ_1.00.27 web management interface allows authentication bypass via an unspecified method.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25827 βΌ
π Read
via "National Vulnerability Database".
Emby Server < 4.7.12.0 is vulnerable to a login bypass attack by setting the X-Forwarded-For header to a local IP-address.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21513 βΌ
π Read
via "National Vulnerability Database".
Improper privilege management vulnerability in CC Mode prior to SMR Jun-2023 Release 1 allows physical attackers to manipulate device to operate in way that results in unexpected behavior in CC Mode under specific condition.π Read
via "National Vulnerability Database".
π΄ Russian Spies, War Ministers Reliant on Cybercrime in Pariah State π΄
π Read
via "Dark Reading".
Swiss intelligence warns that Russia ramping up cyberattacks on infrastructure and cyber espionage as on-the-ground options evaporate.π Read
via "Dark Reading".
Dark Reading
Russian Spies, War Ministers Reliant on Cybercrime in Pariah State
Swiss intelligence warns that Russia ramping up cyberattacks on infrastructure and cyber espionage as on-the-ground options evaporate.
β€1
βΌ CVE-2023-36475 βΌ
π Read
via "National Vulnerability Database".
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 5.5.2 and 6.2.1, an attacker can use a prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. A patch is available in versions 5.5.2 and 6.2.1.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-3358 βΌ
π Read
via "National Vulnerability Database".
A null pointer dereference was found in the Linux kernel's Integrated Sensor Hub (ISH) driver. This issue could allow a local user to crash the system.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36474 βΌ
π Read
via "National Vulnerability Database".
Interactsh is an open-source tool for detecting out-of-band interactions. Domains configured with interactsh server prior to version 1.0.0 were vulnerable to subdomain takeover for a specific subdomain, i.e `app.` Interactsh server used to create cname entries for `app` pointing to `projectdiscovery.github.io` as default, which intended to used for hosting interactsh web client using GitHub pages. This is a security issue with a self-hosted interactsh server in which the user may not have configured a web client but still have a CNAME entry pointing to GitHub pages, making them vulnerable to subdomain takeover. This allows a threat actor to host / run arbitrary client side code (cross-site scripting) in a user's browser when browsing the vulnerable subdomain. Version 1.0.0 fixes this issue by making CNAME optional, rather than default.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34736 βΌ
π Read
via "National Vulnerability Database".
Guantang Equipment Management System version 4.12 is vulnerable to Arbitrary File Upload.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3357 βΌ
π Read
via "National Vulnerability Database".
A NULL pointer dereference flaw was found in the Linux kernel AMD Sensor Fusion Hub driver. This flaw allows a local user to crash the system.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34647 βΌ
π Read
via "National Vulnerability Database".
PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS).π Read
via "National Vulnerability Database".
βΌ CVE-2023-3359 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel brcm_nvram_parse in drivers/nvmem/brcm_nvram.c. Lacks for the check of the return value of kzalloc() can cause the NULL Pointer Dereference.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3447 βΌ
π Read
via "National Vulnerability Database".
The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Injection in versions up to, and including, 4.1.5. This is due to insufficient escaping on the supplied username value. This makes it possible for unauthenticated attackers to extract potentially sensitive information from the LDAP directory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23264 βΌ
π Read
via "National Vulnerability Database".
Microsoft Edge (Chromium-based) Spoofing Vulnerabilityπ Read
via "National Vulnerability Database".
π’ Encryption-less ransomware: Warning issued over emerging attack method for threat actors π’
π Read
via "ITPro".
Researchers at Zscaler have observed a marked increase in the frequency of encryption-less ransomware attacks over the last year π Read
via "ITPro".
ITPro
Encryption-less ransomware: Warning issued over emerging attack method for threat actors
Researchers at Zscaler have observed a marked increase in the frequency of encryption-less ransomware attacks over the last year
π΄ When It Comes to Secure Coding, ChatGPT Is Quintessentially Human π΄
π Read
via "Dark Reading".
We're still unprepared to fight the security bugs we already encounter, let alone new AI-borne issues.π Read
via "Dark Reading".
Dark Reading
When It Comes to Secure Coding, ChatGPT Is Quintessentially Human
We're still unprepared to fight the security bugs we already encounter, let alone new AI-borne issues.
π΄ Newbie Akira Ransomware Builds Momentum With Linux Shift π΄
π Read
via "Dark Reading".
A new version of the double-extortion group's malware reflects a growing trend among ransomware actors to expand cybercrime opportunities beyond Windows.π Read
via "Dark Reading".
Dark Reading
Newbie Akira Ransomware Builds Momentum With Linux Shift
A new version of the double-extortion group's malware reflects a growing trend among ransomware actors to expand cybercrime opportunities beyond Windows.
π΄ UAE, Israel Ink Pivotal Joint Cyber-Threat Intelligence Agreement π΄
π Read
via "Dark Reading".
Two Mideast nations that were at odds until recently have announced the "Crystal Ball" project, aimed at better protecting against cyberattacks via collaboration and knowledge sharing.π Read
via "Dark Reading".
Dark Reading
UAE, Israel Ink Pivotal Joint Cyber-Threat Intelligence Agreement
Two Mideast nations that were at odds until recently have announced the "Crystal Ball" project, aimed at better protecting against cyberattacks via collaboration and knowledge sharing.
βΌ CVE-2023-36617 βΌ
π Read
via "National Vulnerability Database".
A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396_parser.rb and rfc3986_parser.rb. NOTE: this issue exists becuse of an incomplete fix for CVE-2023-28755. Version 0.10.3 is also a fixed version.π Read
via "National Vulnerability Database".
π΄ 3 Tips to Increase Hybrid and Multicloud Security π΄
π Read
via "Dark Reading".
As cloud adoption grows, organizations need to rethink their approaches to securing hybrid cloud and multicloud environments.π Read
via "Dark Reading".
Dark Reading
3 Tips to Increase Hybrid and Multicloud Security
As cloud adoption grows, organizations need to rethink their approaches to securing hybrid cloud and multicloud environments.