🕴 Dell Credentials Bug Opens VMWare Environments to Takeover 🕴
📖 Read
via "Dark Reading".
Decoding private keys from even one Dell customer could give attackers control over VMWare environments across all organizations running the same programs.📖 Read
via "Dark Reading".
Dark Reading
Dell Credentials Bug Opens VMware Environments to Takeover
Decoding private keys from even one Dell customer could give attackers control over VMware environments across all organizations running the same programs.
‼ CVE-2023-38333 ‼
📖 Read
via "National Vulnerability Database".
Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32561 ‼
📖 Read
via "National Vulnerability Database".
A previously generated artifact by an administrator could be accessed by an attacker. The contents of this artifact could lead to authentication bypass. Fixed in version 6.4.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32562 ‼
📖 Read
via "National Vulnerability Database".
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. Fixed in version 6.4.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32560 ‼
📖 Read
via "National Vulnerability Database".
An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution.Thanks to a Researcher at Tenable for finding and reporting.Fixed in version 6.4.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40225 ‼
📖 Read
via "National Vulnerability Database".
HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37625 ‼
📖 Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in Netbox v3.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Link templates.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39806 ‼
📖 Read
via "National Vulnerability Database".
iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the bakupdata function.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32564 ‼
📖 Read
via "National Vulnerability Database".
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39805 ‼
📖 Read
via "National Vulnerability Database".
iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the where parameter at admincp.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40014 ‼
📖 Read
via "National Vulnerability Database".
OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 4.0.0 and prior to version 4.9.3, contracts using `ERC2771Context` along with a custom trusted forwarder may see `_msgSender` return `address(0)` in calls that originate from the forwarder with calldata shorter than 20 bytes. This combination of circumstances does not appear to be common, in particular it is not the case for `MinimalForwarder` from OpenZeppelin Contracts, or any deployed forwarder the team is aware of, given that the signer address is appended to all calls that originate from these forwarders. The problem has been patched in v4.9.3.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40224 ‼
📖 Read
via "National Vulnerability Database".
MISP 2.4174 allows XSS in app/View/Events/index.ctp.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32563 ‼
📖 Read
via "National Vulnerability Database".
An unauthenticated attacker could achieve the code execution through a RemoteControl server.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-28129 ‼
📖 Read
via "National Vulnerability Database".
Desktop & Server Management (DSM) may have a possible execution of arbitrary commands.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32565 ‼
📖 Read
via "National Vulnerability Database".
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1.📖 Read
via "National Vulnerability Database".
🕴 CISA: 'Whirlpool' Backdoor Sends Barracuda ESG Security Down the Drain 🕴
📖 Read
via "Dark Reading".
Researchers have observed China's UNC4841 dropping the backdoor on Barracuda's email security appliances, in a spiraling cyber-espionage campaign.📖 Read
via "Dark Reading".
Dark Reading
CISA: 'Whirlpool' Backdoor Sends Barracuda ESG Security Down the Drain
The backdoor is one of several that researchers have observed China's UNC4841 dropping on Barracuda's email security appliances, in a spiraling cyber-espionage campaign that has affected organizations in 16 countries so far.
🕴 Rhysida Ransomware Trains Its Sights on Healthcare Operations 🕴
📖 Read
via "Dark Reading".
The new group has already made an impact in multiple countries and industries, including a multistate hospital chain in the US.📖 Read
via "Dark Reading".
Dark Reading
Rhysida Ransomware Trains Its Sights on Healthcare Operations
The new group has already made an impact in multiple countries and industries, including a multistate hospital chain in the US.
🕴 NSA: Codebreaker Challenge Helps Drive Cybersecurity Education 🕴
📖 Read
via "Dark Reading".
The US National Security Agency aims to attract students to cybersecurity in general and its own open positions in particular: 3,000 new jobs this year.📖 Read
via "Dark Reading".
Dark Reading
NSA: Codebreaker Challenge Helps Drive Cybersecurity Education
The US National Security Agency aims to attract students to cybersecurity in general and its own open positions in particular: 3,000 new jobs this year.
🕴 What's in New York's 'First Ever' Cyber Strategy? 🕴
📖 Read
via "Dark Reading".
Governor Kathy Hochul has made cybersecurity a key priority, with New York's first chief cyber officer, Colin Ahern, leading the effort.📖 Read
via "Dark Reading".
Dark Reading
What's in New York's 'First-Ever' Cyber Strategy?
Governor Kathy Hochul has made cybersecurity a key priority, with New York's first chief cyber officer, Colin Ahern, leading the effort.
🕴 Microsoft Expands Cloud Security Posture Management to Google Cloud 🕴
📖 Read
via "Dark Reading".
Microsoft Defender for Cloud CSPM, which provides risk and compliance monitoring of AWS, Azure, and on-premises cloud, is finally adding GCP to the mix.📖 Read
via "Dark Reading".
Dark Reading
Microsoft Expands Cloud Security Posture Management to Google Cloud
Microsoft Defender for Cloud CSPM, which provides risk and compliance monitoring of AWS, Azure, and on-premises cloud, is finally adding GCP to the mix.
‼ CVE-2022-38083 ‼
📖 Read
via "National Vulnerability Database".
Improper initialization in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.📖 Read
via "National Vulnerability Database".