βΌ CVE-2023-4047 βΌ
π Read
via "National Vulnerability Database".
A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31710 βΌ
π Read
via "National Vulnerability Database".
TP-Link Archer AX21(US)_V3_1.1.4 Build 20230219 and AX21(US)_V3.6_1.1.4 Build 20230219 are vulnerable to Buffer Overflow.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-4051 βΌ
π Read
via "National Vulnerability Database".
A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-39108 βΌ
π Read
via "National Vulnerability Database".
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_b parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4046 βΌ
π Read
via "National Vulnerability Database".
In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39110 βΌ
π Read
via "National Vulnerability Database".
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4052 βΌ
π Read
via "National Vulnerability Database".
The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary file deletion controlled by the non-privileged user. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116 and Firefox ESR < 115.1.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-39109 βΌ
π Read
via "National Vulnerability Database".
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_a parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4049 βΌ
π Read
via "National Vulnerability Database".
Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4045 βΌ
π Read
via "National Vulnerability Database".
Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39986 βΌ
π Read
via "National Vulnerability Database".
A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38357 βΌ
π Read
via "National Vulnerability Database".
Session tokens in RWS WorldServer 11.7.3 and earlier have a low entropy and can be enumerated, leading to unauthorized access to user sessions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4048 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4050 βΌ
π Read
via "National Vulnerability Database".
In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34634 βΌ
π Read
via "National Vulnerability Database".
Greenshot 1.2.10 and below allows arbitrary code execution because .NET content is insecurely deserialized when a .greenshot file is opened.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-4053 βΌ
π Read
via "National Vulnerability Database".
A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39987 βΌ
π Read
via "National Vulnerability Database".
A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an authenticated attacker to execute arbitrary OS commands as root via the "entity" POST parameters in /ajax/networking/get_wgkey.php.π Read
via "National Vulnerability Database".
π΄ CISA: 'Submarine' Backdoor Torpedoes Barracuda Email Security π΄
π Read
via "Dark Reading".
A China-nexus cyber espionage campaign rages on with the fourth backdoor to surface in the wild that takes advantage of the CVE-2023-2868 zero-day security bug β with severe threat of lateral movement, CISA warns.π Read
via "Dark Reading".
Dark Reading
CISA: 'Submarine' Backdoor Torpedoes Barracuda Email Security
A China-nexus cyber-espionage campaign rages on with the fourth backdoor to surface in the wild that takes advantage of the CVE-2023-2868 zero-day security bug β with severe threat of lateral movement, CISA warns.
π΄ Lessons Not Learned From Software Supply Chain Attacks π΄
π Read
via "Dark Reading".
Businesses that develop business-, mission-, or safety-critical software must learn from previous victims of software supply chain attacks.π Read
via "Dark Reading".
Dark Reading
Lessons Not Learned From Software Supply Chain Attacks
Businesses that develop business-, mission-, or safety-critical software must learn from previous victims of software supply chain attacks.
β Firefox fixes a flurry of flaws in the first of two releases this month β
π Read
via "Naked Security".
No zero-days, but some interesting patches with their very own "teachable moments".π Read
via "Naked Security".
Sophos News
Firefox fixes a flurry of flaws in the first of two releases this month
No zero-days, but some interesting patches with their very own βteachable momentsβ.
π΄ 'DarkBERT' GPT-Based Malware Trains Up on the Entire Dark Web π΄
π Read
via "Dark Reading".
The DarkBART and DarkBERT cybercriminal chatbots, based on Google Bard, represent a major leap ahead for adversarial AI, including Google Lens integration for images and instant access to the whole of the cyber-underground knowledge base.π Read
via "Dark Reading".
Dark Reading
'DarkBERT' GPT-Based Malware Trains Up on the Entire Dark Web
The DarkBART and DarkBERT cybercriminal chatbots, based on Google Bard, represent a major leap ahead for adversarial AI, including Google Lens integration for images and instant access to the whole of the cyber-underground knowledge base.