βΌ CVE-2023-38702 βΌ
π Read
via "National Vulnerability Database".
Knowage is an open source analytics and business intelligence suite. Starting in the 6.x.x branch and prior to version 8.1.8, the endpoint `/knowage/restful-services/dossier/importTemplateFile` allows authenticated users to upload `template file` on the server, but does not need any authorization to be reached. When the JSP file is uploaded, the attacker just needs to connect to `/knowageqbeengine/foo.jsp` to gain code execution on the server. By exploiting this vulnerability, an attacker with low privileges can upload a JSP file to the `knowageqbeengine` directory and gain code execution capability on the server. This issue has been patched in Knowage version 8.1.8.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0264 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38697 βΌ
π Read
via "National Vulnerability Database".
protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension. The value of Content-Length header should be a string of 0-9 digits, the chunk size should be a string of hex digits and should split from chunk data using CRLF, and the chunk extension shouldn't contain any invisible character. However, Falcon has following behaviors while disobey the corresponding RFCs: accepting Content-Length header values that have `+` prefix, accepting Content-Length header values that written in hexadecimal with `0x` prefix, accepting `0x` and `+` prefixed chunk size, and accepting LF in chunk extension. This behavior can lead to desync when forwarding through multiple HTTP parsers, potentially results in HTTP request smuggling and firewall bypassing. This issue is fixed in `protocol-http1` v0.15.1. There are no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4158 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.3.π Read
via "National Vulnerability Database".
π΄ Endor Labs Raises $70M to Reform Application Security and Eliminate Developer Productivity Tax π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Endor Labs Raises $70M to Reform Application Security and Eliminate Developer Productivity Tax
Endor Labs, creator of the Code and Pipeline Governance Platform, today announced $70 million in oversubscribed Series A financing from Lightspeed Venture Partners (LSVP), Coatue, Dell Technologies Capital, Section 32, and over 30 industry-leading CEOs, CISOsβ¦
π΄ Salesforce Zero-Day Exploited to Phish Facebook Credentials π΄
π Read
via "Dark Reading".
The cyberattacks used the legitimate Salesforce.com domain by chaining the vulnerability to an abuse of Facebook's Web games platform, slipping past email protections.π Read
via "Dark Reading".
Dark Reading
Salesforce Zero-Day Exploited to Phish Facebook Credentials
The cyberattacks used the legitimate Salesforce.com domain by chaining the vulnerability to an abuse of Facebook's Web games platform, slipping past email protections.
βΌ CVE-2020-26065 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to view arbitrary files on the affected system.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4955 βΌ
π Read
via "National Vulnerability Database".
Inappropriate implementation in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)π Read
via "National Vulnerability Database".
βΌ CVE-2020-26064 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by persuading a user to import a crafted XML file with malicious entries. A successful exploit could allow the attacker to read and write files within the affected application.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38696 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** This CVE has been rejected because it is unclear whether the issue rests in the original repository `microsoft/ContosoAir`, the forked repository `Apetree100122/ContosoAir`, or both. If the Microsoft repository is vulnerable, [Microsoft](https://www.cve.org/PartnerInformation/ListofPartners/partner/microsoft) is the appropriate CVE Numbering Authority.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26082 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device. The vulnerability is due to improper handling of password-protected zip files. An attacker could exploit this vulnerability by sending a malicious file inside a crafted zip-compressed file to an affected device. A successful exploit could allow the attacker to bypass configured content filters that would normally drop the email.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39344 βΌ
π Read
via "National Vulnerability Database".
social-media-skeleton is an uncompleted social media project. A SQL injection vulnerability in the project allows UNION based injections, which indirectly leads to remote code execution. Commit 3cabdd35c3d874608883c9eaf9bf69b2014d25c1 contains a fix for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39346 βΌ
π Read
via "National Vulnerability Database".
LinuxASMCallGraph is software for drawing the call graph of the programming code. Linux ASMCallGraph before commit 20dba06bd1a3cf260612d4f21547c25002121cd5 allows attackers to cause a remote code execution on the server side via uploading a crafted ZIP file due to incorrect filtering rules of uploaded file. The problem has been patched in commit 20dba06bd1a3cf260612d4f21547c25002121cd5. There are no known workarounds.π Read
via "National Vulnerability Database".
π¦Ώ UKβs NCSC Publishes New Shadow IT Guidance π¦Ώ
π Read
via "Tech Republic".
Discover the new shadow IT guidance published by the U.K.'s NCSC. Use this guide to better identify and reduce the levels of shadow IT within your organization. π Read
via "Tech Republic".
TechRepublic
UK's NCSC Publishes New Shadow IT Guidance
Discover the new shadow IT guidance published by the U.K.'s NCSC. Use this guide to identify and reduce shadow IT within your organization.
π3
βΌ CVE-2023-39508 βΌ
π Read
via "National Vulnerability Database".
Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The "Run Task" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the webserver context as well as allows to bypas limitation of access the user has to certain DAGs. The "Run Task" feature is considered dangerous and it has been removed entirely in Airflow 2.6.0This issue affects Apache Airflow: before 2.6.0.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-4170 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in DedeBIZ 6.2.10. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Article Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-236186 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-4169 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Ruijie RG-EW1200G 1.0(1)B1P5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/sys/set_passwd of the component Administrator Password Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236185 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4187 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-4168 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Templatecookie Adlisting 2.14.0. It has been classified as problematic. Affected is an unknown function of the file /ad-list of the component Redirect Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-236184. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36678 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP-buy WP Content Copy Protection & No Right Click plugin <=Γ 3.5.5 versions.π Read
via "National Vulnerability Database".