βΌ CVE-2023-38942 βΌ
π Read
via "National Vulnerability Database".
Dango-Translator v4.5.5 was discovered to contain a remote command execution (RCE) vulnerability via the component app/config/cloud_config.json.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36217 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remote attacker to execute arbitrary code via the category name field of the image manager function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32764 βΌ
π Read
via "National Vulnerability Database".
Fabasoft Cloud Enterprise Client 23.3.0.130 allows a user to escalate their privileges to local administrator.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35081 βΌ
π Read
via "National Vulnerability Database".
A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42986 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-39122. Reason: This candidate is a reservation duplicate of CVE-2023-39122. Notes: All CVE users should reference CVE-2023-39122 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.π Read
via "National Vulnerability Database".
π¦Ώ Could C2PA Cryptography be the Key to Fighting AI-Driven Misinformation? π¦Ώ
π Read
via "Tech Republic".
Adobe, Arm, Intel, Microsoft and Truepic put their weight behind C2PA, an alternative to watermarking AI-generated content. π Read
via "Tech Republic".
TechRepublic
Could C2PA Cryptography be the Key to Fighting AI-Driven Misinformation?
Adobe, Microsoft and others put their weight behind C2PA, an alternative to watermarking AI-generated content.
π΄ Center for Cyber Safety and Education Awards $174K in Cybersecurity Scholarships π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Center for Cyber Safety and Education Awards $174K in Cybersecurity Scholarships
ALEXANDRIA, Va., Aug. 3, 2023 /PRNewswire/ -- The Center for Cyber Safety and Education, the charitable foundation of nonprofit membership association (ISC)Β², has announced the award recipients of its 2023 scholarship program. This year, scholarships totaling $174β¦
π΄ Vulcan Cyber Attack Path Graph Targets Cloud-Scale Risk Prioritization and Mitigation π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Vulcan Cyber Attack Path Graph Targets Cloud-Scale Risk Prioritization and Mitigation
TEL AVIV, Israel, Aug. 3, 2023 /PRNewswire/ -- Vulcan Cyber, developers of the cyber risk management platform for all attack surfaces, today announced the launch of the new Vulcan Cyber Attack Path Graph. Vulcan Cyber Attack Path Graph helps cybersecurityβ¦
π΄ Mission Secure, Idaho National Laboratory Announce Partnership to Protect Critical Infrastructure π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Mission Secure, Idaho National Laboratory Announce Partnership to Protect Critical Infrastructure
CHARLOTTESVILLE, Va., Aug. 3, 2023 /PRNewswire/ -- Mission Secure announced today that it has partnered with Idaho National Laboratory, a U.S. Department of Energy national laboratory, to expand the adoption of the Consequence-Driven, Cyber-Informed Engineeringβ¦
π΄ Qualys Announces First-Party Software Risk Management Solution π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Qualys Announces First-Party Software Risk Management Solution
FOSTER CITY, Calif., Aug. 3, 2023 /PRNewswire/ -- Qualys, Inc. (NASDAQ: QLYS), a provider of disruptive cloud-based IT, security and compliance solutions, today announced it is opening up its risk management platform to AppSec teams to bring their own detectionsβ¦
βΌ CVE-2023-3749 βΌ
π Read
via "National Vulnerability Database".
A local user could edit the VideoEdge configuration file and interfere with VideoEdge operation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39121 βΌ
π Read
via "National Vulnerability Database".
emlog v2.1.9 was discovered to contain a SQL injection vulnerability via the component /admin/user.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33666 βΌ
π Read
via "National Vulnerability Database".
ai-dev aioptimizedcombinations before v0.1.3 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4002 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab EE affecting all versions starting from 14.1 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for EE-licensed users to link any security policy project by its ID to projects or groups the user has access to, potentially revealing the security projects's configured security policies.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38941 βΌ
π Read
via "National Vulnerability Database".
django-sspanel v2022.2.2 was discovered to contain a remote command execution (RCE) vulnerability via the component sspanel/admin_view.py -> GoodsCreateView._post.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36137 βΌ
π Read
via "National Vulnerability Database".
There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Class Scheduling System 1.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36133 βΌ
π Read
via "National Vulnerability Database".
PHPJabbers Availability Booking Calendar 5.0 is vulnerable to User Account Takeover through username/password change.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38991 βΌ
π Read
via "National Vulnerability Database".
An issue in the delete function in the ActModelController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete models created by the Administrator.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4142 βΌ
π Read
via "National Vulnerability Database".
The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus1' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin settings, to execute code on the server. The author resolved this vulnerability by removing the ability for authors and editors to import files, please note that this means remote code execution is still possible for site administrators, use the plugin with caution.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36135 βΌ
π Read
via "National Vulnerability Database".
User enumeration is found in in PHPJabbers Class Scheduling System v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0525 βΌ
π Read
via "National Vulnerability Database".
Weak Encoding for Password vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.49.000 and prior, GT25 model versions 01.49.000 and prior, GT23 model versions 01.49.000 and prior, GT21 model versions 01.49.000 and prior, GOT SIMPLE Series GS25 model versions 01.49.000 and prior, GS21 model versions 01.49.000 and prior, GT Designer3 Version1 (GOT2000) versions 1.295H and prior and GT SoftGOT2000 versions 1.295H and prior allows a remote unauthenticated attacker to obtain plaintext passwords by sniffing packets containing encrypted passwords and decrypting the encrypted passwords, in the case of transferring data with GT Designer3 Version1(GOT2000) and GOT2000 Series or GOT SIMPLE Series with the Data Transfer Security function enabled, or in the case of transferring data by the SoftGOT-GOT link function with GT SoftGOT2000 and GOT2000 series with the Data Transfer Security function enabled.π Read
via "National Vulnerability Database".