⚠ Ghostscript bug could allow rogue documents to run system commands ⚠
📖 Read
via "Naked Security".
Even if you've never heard of the venerable Ghostscript project, you may have it installed without knowing.📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
‼ CVE-2022-42175 ‼
📖 Read
via "National Vulnerability Database".
Insecure Direct Object Reference vulnerability in WHMCS module SolusVM 1 4.1.2 allows an attacker to change the password and hostname of other customer servers without authorization.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-33201 ‼
📖 Read
via "National Vulnerability Database".
Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.📖 Read
via "National Vulnerability Database".
❤3👍1
‼ CVE-2023-37208 ‼
📖 Read
via "National Vulnerability Database".
When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37207 ‼
📖 Read
via "National Vulnerability Database".
A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37202 ‼
📖 Read
via "National Vulnerability Database".
Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-34150 ‼
📖 Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED **Â Use of TikaEncodingDetector in Apache Any23 can cause excessive memory usage.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-35786 ‼
📖 Read
via "National Vulnerability Database".
Zoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view files.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2023-37201 ‼
📖 Read
via "National Vulnerability Database".
An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.📖 Read
via "National Vulnerability Database".
❤1
📢 Taking stock of cybersecurity in 2023: Challenges and opportunities 📢
📖 Read
via "ITPro".
Despite macroeconomic conditions, cyber security spending continues to rise, presenting opportunities for channel partners 📖 Read
via "ITPro".
channelpro
Taking stock of cyber security in 2023: Challenges and opportunities
Despite macroeconomic conditions, cyber security spending continues to rise, presenting opportunities for channel partners
📢 Cyber insurance costs fall in 2023 despite steep rise in ransomware attacks 📢
📖 Read
via "ITPro".
Premiums drop from historic highs as insurers eye a ransomware resurgence 📖 Read
via "ITPro".
ITPro
Cyber insurance costs fall in 2023 despite steep rise in ransomware attacks
Premiums drop from historic highs as insurers eye a ransomware resurgence
❤1
‼ CVE-2023-2880 ‼
📖 Read
via "National Vulnerability Database".
Frauscher Sensortechnik GmbH FDS001 for FAdC/FAdCi v1.3.3 and all previous versions are vulnerable to a path traversal vulnerability of the web interface by a crafted URL without authentication. This enables an remote attacker to read all files on the filesystem of the FDS001 device.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37203 ‼
📖 Read
via "National Vulnerability Database".
Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files. This could have been leveraged to execute arbitrary code. This vulnerability affects Firefox < 115.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37209 ‼
📖 Read
via "National Vulnerability Database".
A use-after-free condition existed in `NotifyOnHistoryReload` where a `LoadingSessionHistoryEntry` object was freed and a reference to that object remained. This resulted in a potentially exploitable condition when the reference to that object was later reused. This vulnerability affects Firefox < 115.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37211 ‼
📖 Read
via "National Vulnerability Database".
Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37204 ‼
📖 Read
via "National Vulnerability Database".
A website could have obscured the fullscreen notification by using an option element by introducing lag via an expensive computational function. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37205 ‼
📖 Read
via "National Vulnerability Database".
The use of RTL Arabic characters in the address bar may have allowed for URL spoofing. This vulnerability affects Firefox < 115.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37212 ‼
📖 Read
via "National Vulnerability Database".
Memory safety bugs present in Firefox 114. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 115.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3336 ‼
📖 Read
via "National Vulnerability Database".
TN-5900 Series version 3.3 and prior versions is vulnearble to user enumeration vulnerability. The vulnerability may allow a remote attacker to determine whether a user is valid during password recovery through the web login page and enable a brute force attack with valid users.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3482 ‼
📖 Read
via "National Vulnerability Database".
When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. This could have led to malicious websites storing tracking data without permission. This vulnerability affects Firefox < 115.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37210 ‼
📖 Read
via "National Vulnerability Database".
A website could prevent a user from exiting full-screen mode via alert and prompt calls. This could lead to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115.📖 Read
via "National Vulnerability Database".
👍1