βΌ CVE-2023-4055 βΌ
π Read
via "National Vulnerability Database".
When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4058 βΌ
π Read
via "National Vulnerability Database".
Memory safety bugs present in Firefox 115. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4057 βΌ
π Read
via "National Vulnerability Database".
Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116 and Firefox ESR < 115.1.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-33493 βΌ
π Read
via "National Vulnerability Database".
An Unrestricted Upload of File with Dangerous Type vulnerability in the Ajaxmanager File and Database explorer (ajaxmanager) module for PrestaShop through 2.3.0, allows remote attackers to upload dangerous files without restrictions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4056 βΌ
π Read
via "National Vulnerability Database".
Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36210 βΌ
π Read
via "National Vulnerability Database".
MotoCMS Version 3.4.3 Store Category Template was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the keyword parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38559 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4054 βΌ
π Read
via "National Vulnerability Database".
When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36211 βΌ
π Read
via "National Vulnerability Database".
The Barebones CMS v2.0.2 is vulnerable to Stored Cross-Site Scripting (XSS) when an authenticated user interacts with certain features on the admin panel.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38560 βΌ
π Read
via "National Vulnerability Database".
An integer overflow flaw was found in pcl/pl/plfont.c:418 in pl_glyph_name in ghostscript. This issue may allow a local attacker to cause a denial of service via transforming a crafted PCL file to PDF format.π Read
via "National Vulnerability Database".
π΄ Space Pirates Train Cyber Sabers on Russian, Serbian Organizations π΄
π Read
via "Dark Reading".
The attackers have expanded beyond backdoors and recently started using Deed RAT to step up their attacks.π Read
via "Dark Reading".
Dark Reading
Space Pirates Turn Cyber Sabers on Russian, Serbian Organizations
The attackers have expanded beyond backdoors and recently started using Deed RAT to step up their attacks.
π΄ Canon Inkjet Printers at Risk for Third-Party Compromise via Wi-Fi π΄
π Read
via "Dark Reading".
Nearly 200 models are affected by vulnerability that may give wireless access to unauthorized third parties.π Read
via "Dark Reading".
Dark Reading
Canon Inkjet Printers at Risk for Third-Party Compromise via Wi-Fi
Nearly 200 models are affected by vulnerability that may give wireless access to unauthorized third parties.
π΄ MEF and CyberRatings.org Partner on SASE Certification Program π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
MEF and CyberRatings.org Partner on SASE Certification Program
LOS ANGELES and AUSTIN, Texas, Aug. 1, 2023 /PRNewswire/ -- MEF, a global industry association of network, cloud, security, and technology providers accelerating enterprise digital transformation, and CyberRatings.org (CyberRatings), dedicated to providingβ¦
π΄ White House Cyber Workforce Strategy: No Quick Fix for Skills Shortage π΄
π Read
via "Dark Reading".
A lot of what the strategy proposes is well-intentioned but somewhat aspirational at the moment, industry experts say.π Read
via "Dark Reading".
Dark Reading
White House Cyber Workforce Strategy: No Quick Fix for Skills Shortage
A lot of what the strategy proposes is well-intentioned but somewhat aspirational at the moment, industry experts say.
π΄ Nile Raises $175M Series C Funding to Redefine Enterprise Networks π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Nile Raises $175M Series C Funding to Redefine Enterprise Networks
SAN JOSE, Calif., Aug. 1, 2023 /PRNewswire/ -- Nile, the leader in next-generation enterprise networks, today announced a $175 million Series C investment round co-led by March Capital and Sanabil Investments, with strategic participation from solutions byβ¦
π΄ Forescout's Risk and Exposure Management Solution Delivers Streamlined, Quantitative Approach to Cyber Asset Risk Management π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Forescout's Risk and Exposure Management Solution Delivers Streamlined, Quantitative Approach to Cyber Asset Risk Management
SAN JOSE, Calif.--(BUSINESS WIRE) β Forescout, a global leader in cybersecurity, today unveiled Risk and Exposure Management, its cloud-native product designed to collate all data sources associated with an enterpriseβs connected assets and calculate a uniqueβ¦
βΌ CVE-2023-31429 βΌ
π Read
via "National Vulnerability Database".
Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability when using various commands such as Γ’β¬ΕchassisdistributeΓ’β¬οΏ½, Γ’β¬ΕrebootΓ’β¬οΏ½, Γ’β¬ΕrasmanΓ’β¬οΏ½, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content of shell interpreted variables to be printed in the terminal.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31425 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell. Starting with Fabric OS v9.1.0, Γ’β¬ΕrootΓ’β¬οΏ½ account access is disabled.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3500 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.0 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A reflected XSS was possible when creating specific PlantUML diagrams that allowed the attacker to perform arbitrary actions on behalf of victims.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3900 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. An invalid 'start_sha' value on merge requests page may lead to Denial of Service as Changes tab would not load.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-3994 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible via sending crafted payloads which use ProjectReferenceFilter to the preview_markdown endpoint.π Read
via "National Vulnerability Database".