‼ CVE-2023-37303 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error message.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-35178 ‼
📖 Read
via "National Vulnerability Database".
Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow when performing a GET request to scan jobs.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37304 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the DoubleWiki extension for MediaWiki through 1.39.3. includes/DoubleWiki.php allows XSS via the column alignment feature.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-35177 ‼
📖 Read
via "National Vulnerability Database".
Certain HP LaserJet Pro print products are potentially vulnerable to a stack-based buffer overflow related to the compact font format parser.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37302 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate (from resources/wikibase/templates.js) for quotes (which can be in a title attribute).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37301 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in SubmitEntityAction in Wikibase in MediaWiki through 1.39.3. Because it doesn't use EditEntity for undo and restore, the intended interaction with AbuseFilter does not occur.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37307 ‼
📖 Read
via "National Vulnerability Database".
In MISP before 2.4.172, title_for_layout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37305 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the ProofreadPage (aka Proofread Page) extension for MediaWiki through 1.39.3. In includes/Page/PageContentHandler.php and includes/Page/PageDisplayHandler.php, hidden users can be exposed via public interfaces.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-35176 ‼
📖 Read
via "National Vulnerability Database".
Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Denial of Service when using the backup & restore feature through the embedded web service on the device.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37306 ‼
📖 Read
via "National Vulnerability Database".
MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26299 ‼
📖 Read
via "National Vulnerability Database".
A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS), which might allow arbitrary code execution. AMI has released updates to mitigate the potential vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37300 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-34840 ‼
📖 Read
via "National Vulnerability Database".
angular-ui-notification v0.1.0, v0.2.0, and v0.3.6 was discovered to contain a cross-site scripting (XSS) vulnerability.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2023-35175 ‼
📖 Read
via "National Vulnerability Database".
Certain HP LaserJet Pro print products are potentially vulnerable to Potential Remote Code Execution and/or Elevation of Privilege via Server-Side Request Forgery (SSRF) using the Web Service Eventing model.📖 Read
via "National Vulnerability Database".
🕴 Nokod Raises $8M Seed Round From Seasoned Cybersecurity Investors to Enhance Low-Code/No-Code App Security 🕴
📖 Read
via "Dark Reading".
Nokod Security is building a platform that enables organizations to secure in-house low-code/no-code custom applications by scanning for security and compliance issues and applying remediation policies📖 Read
via "Dark Reading".
Dark Reading
Nokod Raises $8M Seed Round From Seasoned Cybersecurity Investors to Enhance Low-Code/No-Code App Security
Nokod Security is building a platform that enables organizations to secure in-house low-code/no-code custom applications by scanning for security and compliance issues and applying remediation policies
🕴 African Nations Face Escalating Phishing & Compromised Password Cyberattacks 🕴
📖 Read
via "Dark Reading".
Cyberattacks against organizations in some African nations increased significantly in 2022, despite a major expansion in cybersecurity hiring to support cloud and digital migration.📖 Read
via "Dark Reading".
Dark Reading
African Nations Face Escalating Phishing & Compromised Password Cyberattacks
Cyberattacks against organizations in some African nations increased significantly in 2022, despite a major expansion in cybersecurity hiring to support cloud and digital migration.
🕴 Iran-Linked APT35 Targets Israeli Media With Upgraded Spear-Phishing Tools 🕴
📖 Read
via "Dark Reading".
The APT35 group (aka Charming Kitten), have added backdoor capabilities to their spear-phishing payloads — and targeted an Israeli reporter with it.📖 Read
via "Dark Reading".
Dark Reading
Iran-Linked APT35 Targets Israeli Media With Upgraded Spear-Phishing Tools
The APT35 group (aka Charming Kitten) has added backdoor capabilities to their spear-phishing payloads — and targeted an Israeli reporter with it.
🕴 Mobile Cyberattacks Soar, Especially Against Android Users 🕴
📖 Read
via "Dark Reading".
The number of malware samples is up as attackers aim to compromise users where they work and play: Their smartphones.📖 Read
via "Dark Reading".
Dark Reading
Mobile Cyberattacks Soar, Especially Against Android Users
The number of malware samples is up as attackers aim to compromise users where they work and play: Their smartphones.
‼ CVE-2023-36807 ‼
📖 Read
via "National Vulnerability Database".
pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In version 2.10.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case if the user extracted metadata from such a malformed PDF. Versions prior to 2.10.5 throw an error, but do not hang forever. This issue was fixed with https://github.com/py-pdf/pypdf/pull/1331 which has been included in release 2.10.6. Users are advised to upgrade. Users unable to upgrade should modify `PyPDF2/generic/_data_structures.py::read_object` to an an error throwing case. See GHSA-hm9v-vj3r-r55m for details.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36810 ‼
📖 Read
via "National Vulnerability Database".
pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. This issue has been addressed in PR 808 and versions from 1.27.9 include this fix. Users are advised to upgrade. There are no known workarounds for this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36477 ‼
📖 Read
via "National Vulnerability Database".
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights can edit all pages in the `CKEditor' space. This makes it possible to perform a variety of harmful actions, such as removing technical documents, leading to loss of service and editing the javascript configuration of CKEditor, leading to persistent XSS. This issue has been patched in XWiki 14.10.6 and XWiki 15.1. This issue has been patched on the CKEditor Integration extension 1.64.9 for XWiki version older than 14.6RC1. Users are advised to upgrade. Users unable to upgrade may manually address the issue by restricting the `edit` and `delete` rights to a trusted user or group (e.g. the `XWiki.XWikiAdminGroup` group), implicitly disabling those rights for all other users. See commit `9d9d86179` for details.📖 Read
via "National Vulnerability Database".