‼ CVE-2023-39008 ‼
📖 Read
via "National Vulnerability Database".
A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense before 23.7 allows attackers to execute arbitrary system commands.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2022-48589 ‼
📖 Read
via "National Vulnerability Database".
A SQL injection vulnerability exists in the “reporting job editorâ€� feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39002 ‼
📖 Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense before 23.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48593 ‼
📖 Read
via "National Vulnerability Database".
A SQL injection vulnerability exists in the “topology data serviceâ€� feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48595 ‼
📖 Read
via "National Vulnerability Database".
A SQL injection vulnerability exists in the “ticket template watchersâ€� feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48591 ‼
📖 Read
via "National Vulnerability Database".
A SQL injection vulnerability exists in the vendor_state parameter of the “vendor print reportâ€� feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48580 ‼
📖 Read
via "National Vulnerability Database".
A command injection vulnerability exists in the ARP ping device tool feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48598 ‼
📖 Read
via "National Vulnerability Database".
A SQL injection vulnerability exists in the “reporter events type dateâ€� feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38999 ‼
📖 Read
via "National Vulnerability Database".
A Cross-Site Request Forgery (CSRF) in the System Halt API (/system/halt) of OPNsense before 23.7 allows attackers to cause a Denial of Service (DoS) via a crafted GET request.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39004 ‼
📖 Read
via "National Vulnerability Database".
Insecure permissions in the configuration directory (/conf/) of OPNsense before 23.7 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege escalation.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48599 ‼
📖 Read
via "National Vulnerability Database".
A SQL injection vulnerability exists in the “reporter events typeâ€� feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48592 ‼
📖 Read
via "National Vulnerability Database".
A SQL injection vulnerability exists in the vendor_country parameter of the “vendor print reportâ€� feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39007 ‼
📖 Read
via "National Vulnerability Database".
/ui/cron/item/open in the Cron component of OPNsense before 23.7 allows XSS.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38998 ‼
📖 Read
via "National Vulnerability Database".
An open redirect in the Login page of OPNsense before 23.7 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL.📖 Read
via "National Vulnerability Database".
🕴 It's Time for Cybersecurity to Talk About Climate Change 🕴
📖 Read
via "Dark Reading".
From e-waste to conference swag to addressing data center energy consumption, cybersecurity stakeholders need a whole-industry approach to being part of the solution and reducing the risk of climate change.📖 Read
via "Dark Reading".
Dark Reading
It's Time for Cybersecurity to Talk About Climate Change
From e-waste to conference swag to addressing data center energy consumption, cybersecurity stakeholders need a whole-industry approach to being part of the solution and reducing the risk of climate change.
🕴 New LLM Tool Seeks and Remediates Vulnerabilities 🕴
📖 Read
via "Dark Reading".
Vicarius launched vuln_GPT, which it says will generate and execute scripts to ameliorate flaws such as the TETRA backdoor.📖 Read
via "Dark Reading".
Dark Reading
New LLM Tool Seeks and Remediates Vulnerabilities
At Black Hat USA 2023, Vicarius launched vuln_GPT, which it says will generate and execute scripts to ameliorate flaws such as the TETRA backdoor.
🕴 Researchers Detail Vuln That Allowed for Windows Defender Update Process Hijack 🕴
📖 Read
via "Dark Reading".
Newly patched flaw allowed attackers to sneak malware past Defender, delete benign files, and inflict mayhem on target systems.📖 Read
via "Dark Reading".
Dark Reading
Windows Defender-Pretender Attack Dismantles Flagship Microsoft EDR
A newly patched flaw in Windows Defender allows attackers to hijack the signature-update process to sneak in malware, delete benign files, and inflict mayhem on target systems.
🕴 Black Hat Opens With Call to Steer AI from Predictions to Policy 🕴
📖 Read
via "Dark Reading".
Without cybersecurity guardrails now, AI will be harder to harness in the future. 📖 Read
via "Dark Reading".
Dark Reading
Black Hat Opens With Call to Steer AI From Predictions to Policy
Without cybersecurity guardrails now, AI will be harder to harness in the future.
🕴 Blockchain Signing Bug Cracks Open Crypto Investors' Wallets Worldwide 🕴
📖 Read
via "Dark Reading".
Bugs in popular digital signature schemes designed to protect crypto investors allow attackers to steal private keys gain full access to digital wallets.📖 Read
via "Dark Reading".
Dark Reading
Blockchain Signing Bug Cracks Open Crypto Investors' Wallets Worldwide
Bugs in popular digital signature schemes designed to protect crypto investors allow attackers to steal private keys gain full access to digital wallets.
🕴 Symmetry Systems Closes $17.7M To Scale its AI-Powered Data Security Platform 🕴
📖 Read
via "Dark Reading".
📖 Read
via "Dark Reading".
Dark Reading
Symmetry Systems Closes $17.7M To Scale its AI-Powered Data Security Platform
SAN JOSE, Calif., Aug. 9, 2023 /PRNewswire/ -- Symmetry Systems, a next generation AI-powered data-centric security company, today announced an $17.7 million inside round of funding with repeat participation from ForgePoint Capital and Prefix Capital and…
🕴 Sweet Security Lands $12M in Seed Funding to Shift Cloud Security Right 🕴
📖 Read
via "Dark Reading".
📖 Read
via "Dark Reading".
Dark Reading
Sweet Security Lands $12M in Seed Funding to Shift Cloud Security Right
TEL AVIV, Israel, Aug. 9, 2023 /PRNewswire/ -- Sweet Security today announced $12 million in seed funding and the launch of its Cloud Runtime Security Suite. The round was led by Glilot Capital Partners with participation from CyberArk Ventures and angel…