βΌ CVE-2023-30562 βΌ
π Read
via "National Vulnerability Database".
A GRE dataset file within Systems Manager can be tampered with and distributed to PCUs.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30561 βΌ
π Read
via "National Vulnerability Database".
The data flowing between the PCU and its modules is insecure. A threat actor with physical access could potentially read or modify data by attaching a specially crafted device while an infusion is running.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37466 βΌ
π Read
via "National Vulnerability Database".
vm2 is an advanced vm/sandbox for Node.js. The library contains critical security issues and should not be used for production. The maintenance of the project has been discontinued. In vm2 for versions up to 3.9.19, `Promise` handler sanitization can be bypassed with `@@species` accessor property allowing attackers to escape the sandbox and run arbitrary code. Remote Code Execution, assuming the attacker has arbitrary code execution primitive inside the context of vm2 sandbox.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37714 βΌ
π Read
via "National Vulnerability Database".
Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromRouteStatic.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37718 βΌ
π Read
via "National Vulnerability Database".
Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromSafeClientFilter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3668 βΌ
π Read
via "National Vulnerability Database".
Improper Encoding or Escaping of Output in GitHub repository froxlor/froxlor prior to 2.0.21.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37721 βΌ
π Read
via "National Vulnerability Database".
Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromSafeMacFilter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37716 βΌ
π Read
via "National Vulnerability Database".
Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromNatStaticSetting.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37723 βΌ
π Read
via "National Vulnerability Database".
Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromqossetting.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37719 βΌ
π Read
via "National Vulnerability Database".
Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromP2pListFilter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37722 βΌ
π Read
via "National Vulnerability Database".
Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromSafeUrlFilter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37715 βΌ
π Read
via "National Vulnerability Database".
Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function frmL7ProtForm.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37717 βΌ
π Read
via "National Vulnerability Database".
Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromDhcpListClient.π Read
via "National Vulnerability Database".
π’ JumpCloud reveals threat actors breached internal systems, following customer speculation π’
π Read
via "ITPro".
Suspicious activity was discovered in June, but a customer link took longer than a week to establish π Read
via "ITPro".
ITPro
JumpCloud reveals nation-state hackers breached internal systems, following customer speculation
Suspicious activity was discovered in June, but a customer link took longer than a week to establish
βΌ CVE-2023-3672 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - DOM in GitHub repository plaidweb/webmention.js prior to 0.5.5.π Read
via "National Vulnerability Database".
π¦Ώ How to Check If Someone Else Accessed Your Google Account π¦Ώ
π Read
via "Tech Republic".
Review your recent Gmail access, browser sign-in history and Google account activity to make sure no one other than you has used your account.π Read
via "Tech Republic".
TechRepublic
How to Check If Someone Else Accessed Your Google Account
Learn how to check if someone else accessed your Google account using this guide. Make sure no one other than you has used your account.
π΄ Electrical Grid Stability Relies on Balancing Digital Substation Security π΄
π Read
via "Dark Reading".
Because digital substations are critical elements of electrical systems, they are a prime target for sophisticated cyberattacks.π Read
via "Dark Reading".
Dark Reading
Electrical Grid Stability Relies on Balancing Digital Substation Security
Because digital substations are critical elements of electrical systems, they are a prime target for sophisticated cyberattacks.
βΌ CVE-2023-3433 βΌ
π Read
via "National Vulnerability Database".
The "nickname" field within Savoir-faire Linux's Jami application is susceptible to a failed state when a user inserts special characters into the field. When present, these special characters, make it so the application cannot create the signature for the user and results in a local denial of service to the application.Γ π Read
via "National Vulnerability Database".
βΌ CVE-2023-3434 βΌ
π Read
via "National Vulnerability Database".
Improper Input Validation in the hyperlink interpretation inΓ Savoir-faire Linux's Jami (version 20222284)Γ on Windows. This allows an attacker to send a custom HTML anchor tag to pass a string value to the Windows QRC Handler through the Jami messenger.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3673 βΌ
π Read
via "National Vulnerability Database".
SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.24.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2975 βΌ
π Read
via "National Vulnerability Database".
Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence.Impact summary: Applications that use the AES-SIV algorithm and want toauthenticate empty data entries as associated data can be mislead by removingadding or reordering such empty entries as these are ignored by the OpenSSLimplementation. We are currently unaware of any such applications.The AES-SIV algorithm allows for authentication of multiple associateddata entries along with the encryption. To authenticate empty data theapplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) withNULL pointer as the output buffer and 0 as the input buffer length.The AES-SIV implementation in OpenSSL just returns success for such a callinstead of performing the associated data authentication operation.The empty data thus will not be authenticated.As this issue does not affect non-empty associated data authentication andwe expect it to be rare for an application to use empty associated dataentries this is qualified as Low severity issue.π Read
via "National Vulnerability Database".
β€1