βΌ CVE-2023-31710 βΌ
π Read
via "National Vulnerability Database".
TP-Link Archer AX21(US)_V3_1.1.4 Build 20230219 and AX21(US)_V3.6_1.1.4 Build 20230219 are vulnerable to Buffer Overflow.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-4051 βΌ
π Read
via "National Vulnerability Database".
A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-39108 βΌ
π Read
via "National Vulnerability Database".
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_b parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4046 βΌ
π Read
via "National Vulnerability Database".
In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39110 βΌ
π Read
via "National Vulnerability Database".
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4052 βΌ
π Read
via "National Vulnerability Database".
The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary file deletion controlled by the non-privileged user. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116 and Firefox ESR < 115.1.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-39109 βΌ
π Read
via "National Vulnerability Database".
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_a parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4049 βΌ
π Read
via "National Vulnerability Database".
Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4045 βΌ
π Read
via "National Vulnerability Database".
Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39986 βΌ
π Read
via "National Vulnerability Database".
A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38357 βΌ
π Read
via "National Vulnerability Database".
Session tokens in RWS WorldServer 11.7.3 and earlier have a low entropy and can be enumerated, leading to unauthorized access to user sessions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4048 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4050 βΌ
π Read
via "National Vulnerability Database".
In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34634 βΌ
π Read
via "National Vulnerability Database".
Greenshot 1.2.10 and below allows arbitrary code execution because .NET content is insecurely deserialized when a .greenshot file is opened.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-4053 βΌ
π Read
via "National Vulnerability Database".
A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39987 βΌ
π Read
via "National Vulnerability Database".
A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an authenticated attacker to execute arbitrary OS commands as root via the "entity" POST parameters in /ajax/networking/get_wgkey.php.π Read
via "National Vulnerability Database".
π΄ CISA: 'Submarine' Backdoor Torpedoes Barracuda Email Security π΄
π Read
via "Dark Reading".
A China-nexus cyber espionage campaign rages on with the fourth backdoor to surface in the wild that takes advantage of the CVE-2023-2868 zero-day security bug β with severe threat of lateral movement, CISA warns.π Read
via "Dark Reading".
Dark Reading
CISA: 'Submarine' Backdoor Torpedoes Barracuda Email Security
A China-nexus cyber-espionage campaign rages on with the fourth backdoor to surface in the wild that takes advantage of the CVE-2023-2868 zero-day security bug β with severe threat of lateral movement, CISA warns.
π΄ Lessons Not Learned From Software Supply Chain Attacks π΄
π Read
via "Dark Reading".
Businesses that develop business-, mission-, or safety-critical software must learn from previous victims of software supply chain attacks.π Read
via "Dark Reading".
Dark Reading
Lessons Not Learned From Software Supply Chain Attacks
Businesses that develop business-, mission-, or safety-critical software must learn from previous victims of software supply chain attacks.
β Firefox fixes a flurry of flaws in the first of two releases this month β
π Read
via "Naked Security".
No zero-days, but some interesting patches with their very own "teachable moments".π Read
via "Naked Security".
Sophos News
Firefox fixes a flurry of flaws in the first of two releases this month
No zero-days, but some interesting patches with their very own βteachable momentsβ.
π΄ 'DarkBERT' GPT-Based Malware Trains Up on the Entire Dark Web π΄
π Read
via "Dark Reading".
The DarkBART and DarkBERT cybercriminal chatbots, based on Google Bard, represent a major leap ahead for adversarial AI, including Google Lens integration for images and instant access to the whole of the cyber-underground knowledge base.π Read
via "Dark Reading".
Dark Reading
'DarkBERT' GPT-Based Malware Trains Up on the Entire Dark Web
The DarkBART and DarkBERT cybercriminal chatbots, based on Google Bard, represent a major leap ahead for adversarial AI, including Google Lens integration for images and instant access to the whole of the cyber-underground knowledge base.
π΄ Apple Users Open to Remote Control via Tricky macOS Malware π΄
π Read
via "Dark Reading".
The Hidden Virtual Network Computing (hVNC) malware infests Macs and silently executes complete takeovers, with no user permission needed. It also sports persistence through reboots.π Read
via "Dark Reading".
Dark Reading
Apple Users Open to Remote Control via Tricky macOS Malware
The Hidden Virtual Network Computing (hVNC) malware infests Macs and silently executes complete takeovers, with no user permission needed. It also sports persistence through reboots.