‼ CVE-2023-37625 ‼
📖 Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in Netbox v3.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Link templates.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39806 ‼
📖 Read
via "National Vulnerability Database".
iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the bakupdata function.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32564 ‼
📖 Read
via "National Vulnerability Database".
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39805 ‼
📖 Read
via "National Vulnerability Database".
iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the where parameter at admincp.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40014 ‼
📖 Read
via "National Vulnerability Database".
OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 4.0.0 and prior to version 4.9.3, contracts using `ERC2771Context` along with a custom trusted forwarder may see `_msgSender` return `address(0)` in calls that originate from the forwarder with calldata shorter than 20 bytes. This combination of circumstances does not appear to be common, in particular it is not the case for `MinimalForwarder` from OpenZeppelin Contracts, or any deployed forwarder the team is aware of, given that the signer address is appended to all calls that originate from these forwarders. The problem has been patched in v4.9.3.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40224 ‼
📖 Read
via "National Vulnerability Database".
MISP 2.4174 allows XSS in app/View/Events/index.ctp.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32563 ‼
📖 Read
via "National Vulnerability Database".
An unauthenticated attacker could achieve the code execution through a RemoteControl server.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-28129 ‼
📖 Read
via "National Vulnerability Database".
Desktop & Server Management (DSM) may have a possible execution of arbitrary commands.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32565 ‼
📖 Read
via "National Vulnerability Database".
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1.📖 Read
via "National Vulnerability Database".
🕴 CISA: 'Whirlpool' Backdoor Sends Barracuda ESG Security Down the Drain 🕴
📖 Read
via "Dark Reading".
Researchers have observed China's UNC4841 dropping the backdoor on Barracuda's email security appliances, in a spiraling cyber-espionage campaign.📖 Read
via "Dark Reading".
Dark Reading
CISA: 'Whirlpool' Backdoor Sends Barracuda ESG Security Down the Drain
The backdoor is one of several that researchers have observed China's UNC4841 dropping on Barracuda's email security appliances, in a spiraling cyber-espionage campaign that has affected organizations in 16 countries so far.
🕴 Rhysida Ransomware Trains Its Sights on Healthcare Operations 🕴
📖 Read
via "Dark Reading".
The new group has already made an impact in multiple countries and industries, including a multistate hospital chain in the US.📖 Read
via "Dark Reading".
Dark Reading
Rhysida Ransomware Trains Its Sights on Healthcare Operations
The new group has already made an impact in multiple countries and industries, including a multistate hospital chain in the US.
🕴 NSA: Codebreaker Challenge Helps Drive Cybersecurity Education 🕴
📖 Read
via "Dark Reading".
The US National Security Agency aims to attract students to cybersecurity in general and its own open positions in particular: 3,000 new jobs this year.📖 Read
via "Dark Reading".
Dark Reading
NSA: Codebreaker Challenge Helps Drive Cybersecurity Education
The US National Security Agency aims to attract students to cybersecurity in general and its own open positions in particular: 3,000 new jobs this year.
🕴 What's in New York's 'First Ever' Cyber Strategy? 🕴
📖 Read
via "Dark Reading".
Governor Kathy Hochul has made cybersecurity a key priority, with New York's first chief cyber officer, Colin Ahern, leading the effort.📖 Read
via "Dark Reading".
Dark Reading
What's in New York's 'First-Ever' Cyber Strategy?
Governor Kathy Hochul has made cybersecurity a key priority, with New York's first chief cyber officer, Colin Ahern, leading the effort.
🕴 Microsoft Expands Cloud Security Posture Management to Google Cloud 🕴
📖 Read
via "Dark Reading".
Microsoft Defender for Cloud CSPM, which provides risk and compliance monitoring of AWS, Azure, and on-premises cloud, is finally adding GCP to the mix.📖 Read
via "Dark Reading".
Dark Reading
Microsoft Expands Cloud Security Posture Management to Google Cloud
Microsoft Defender for Cloud CSPM, which provides risk and compliance monitoring of AWS, Azure, and on-premises cloud, is finally adding GCP to the mix.
‼ CVE-2022-38083 ‼
📖 Read
via "National Vulnerability Database".
Improper initialization in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27635 ‼
📖 Read
via "National Vulnerability Database".
Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-28385 ‼
📖 Read
via "National Vulnerability Database".
Improper authorization in the Intel(R) NUC Pro Software Suite for Windows before version 2.0.0.9 may allow a privileged user to potentially enable escalation of privilage via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36351 ‼
📖 Read
via "National Vulnerability Database".
Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an unauthenticated user to potentially enable denial of service via adjacent access.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-34427 ‼
📖 Read
via "National Vulnerability Database".
Protection mechanism failure in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22338 ‼
📖 Read
via "National Vulnerability Database".
Out-of-bounds read in some Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable information disclosure via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-28711 ‼
📖 Read
via "National Vulnerability Database".
Insufficient control flow management in the Hyperscan Library maintained by Intel(R) before version 5.4.1 may allow an authenticated user to potentially enable denial of service via local access.📖 Read
via "National Vulnerability Database".