‼ CVE-2023-35972 ‼
📖 Read
via "National Vulnerability Database".
An authenticated remote command injection vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3515 ‼
📖 Read
via "National Vulnerability Database".
Open Redirect in GitHub repository go-gitea/gitea prior to 1.19.4.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-35979 ‼
📖 Read
via "National Vulnerability Database".
There is an unauthenticated buffer overflow vulnerability in the process controlling the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in a Denial-of-Service (DoS) condition affecting the web-based management interface of the controller.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-35977 ‼
📖 Read
via "National Vulnerability Database".
Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-35975 ‼
📖 Read
via "National Vulnerability Database".
An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to delete arbitrary files in the underlying operating system.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-35976 ‼
📖 Read
via "National Vulnerability Database".
Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-35973 ‼
📖 Read
via "National Vulnerability Database".
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-35978 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in ArubaOS could allow an unauthenticated remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.📖 Read
via "National Vulnerability Database".
âš Ghostscript bug could allow rogue documents to run system commands âš
📖 Read
via "Naked Security".
Even if you've never heard of the venerable Ghostscript project, you may have it installed without knowing.📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
🕴 A Golden Age of AI … or Security Threats? 🕴
📖 Read
via "Dark Reading".
Now is the time to build safeguards into nascent AI technology. 📖 Read
via "Dark Reading".
Dark Reading
A Golden Age of AI … or Security Threats?
Now is the time to build safeguards into nascent AI technology.
🕴 C10p's MOVEit Campaign Represents a New Era in Cyberattacks 🕴
📖 Read
via "Dark Reading".
The ransomware group shows an evolution of its tactics with MOVEit zero day — potentially ushering in a new normal when it comes to extortion supply chain cyberattacks, experts say.📖 Read
via "Dark Reading".
Dark Reading
Cl0p's MOVEit Campaign Represents a New Era in Cyberattacks
The ransomware group shows an evolution of its tactics with MOVEit zero-day — potentially ushering in a new normal when it comes to extortion supply chain cyberattacks, experts say.
âš Firefox 115 is out, says farewell to older Windows and Mac users âš
📖 Read
via "Naked Security".
No zero-days this month, so you're patching to stay ahead, not merely to catch up!📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
🕴 Ransomware Halts Operations at Japan's Port of Nagoya 🕴
📖 Read
via "Dark Reading".
LockBit 3.0 claims responsibility for the cyberattack that shuttered the largest port in Japan, according to authorities. 📖 Read
via "Dark Reading".
Dark Reading
Ransomware Halts Operations at Japan's Port of Nagoya
LockBit 3.0 claims responsibility for the cyberattack that shuttered the largest port in Japan, according to authorities.
‼ CVE-2023-36933 ‼
📖 Read
via "National Vulnerability Database".
In Progress MOVEit Transfer before 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), it is possible for an attacker to invoke a method that results in an unhandled exception. Triggering this workflow can cause the MOVEit Transfer application to terminate unexpectedly.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25969 ‼
📖 Read
via "National Vulnerability Database".
gnuplot v5.5 was discovered to contain a buffer overflow via the function plotrequest().📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36932 ‼
📖 Read
via "National Vulnerability Database".
In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), multiple SQL injection vulnerabilities have been identified in the MOVEit Transfer web application that could allow an authenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-31194 ‼
📖 Read
via "National Vulnerability Database".
An access violation vulnerability exists in the GraphPlanar::Write functionality of Diagon v1.0.139. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36934 ‼
📖 Read
via "National Vulnerability Database".
In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27390 ‼
📖 Read
via "National Vulnerability Database".
A heap-based buffer overflow vulnerability exists in the Sequence::DrawText functionality of Diagon v1.0.139. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25399 ‼
📖 Read
via "National Vulnerability Database".
A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function.📖 Read
via "National Vulnerability Database".
🕴 OPERA1ER Cybercrime Group's Leader Arrested by INTERPOL 🕴
📖 Read
via "Dark Reading".
The group's mastermind was nabbed in Côte d'Ivoire for stealing up to $30 million using malware, phishing campaigns, and BEC scams, as part of international law enforcement's Operation Nervone.📖 Read
via "Dark Reading".
Dark Reading
OPERA1ER Cybercrime Group's Leader Arrested by Interpol
The group's mastermind was nabbed in Côte d'Ivoire for stealing up to $30 million using malware, phishing campaigns, and BEC scams, as part of international law enforcement's Operation Nervone.