βΌ CVE-2023-39553 βΌ
π Read
via "National Vulnerability Database".
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read files on the Airflow server.This issue affects Apache Airflow Drill Provider: before 2.4.3.It is recommended to upgrade to a version that is not affected.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3823 βΌ
π Read
via "National Vulnerability Database".
In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling appropriate function. However, since the state is process-global, other modules - such asΓ ImageMagick - may also use this library within the same process, and change that global state for their internal purposes, and leave it in a state where external entities loading is enabled. This can lead to the situation where external XML is parsed with external entities loaded, which can lead to disclosure of any local files accessible to PHP. This vulnerable state may persist in the same process across many requests, until the process is shut down.Γ π Read
via "National Vulnerability Database".
βΌ CVE-2023-40253 βΌ
π Read
via "National Vulnerability Database".
Improper Authentication vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Functionality Misuse.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4105 βΌ
π Read
via "National Vulnerability Database".
Mattermost fails to delete the attachments when deleting a message in a thread allowing a simple user to still be able to access and download the attachment of a deleted messageπ Read
via "National Vulnerability Database".
βΌ CVE-2023-3824 βΌ
π Read
via "National Vulnerability Database".
In PHP version 8.0.* before 8.0.30,Γ 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.Γ π Read
via "National Vulnerability Database".
βΌ CVE-2023-40256 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was discovered in Veritas NetBackup Snapshot Manager before 10.2.0.1 that allowed untrusted clients to interact with the RabbitMQ service. This was caused by improper validation of the client certificate due to misconfiguration of the RabbitMQ service. Exploiting this impacts the confidentiality and integrity of messages controlling the backup and restore jobs, and could result in the service becoming unavailable. This impacts only the jobs controlling the backup and restore activities, and does not allow access to (or deletion of) the backup snapshot data itself. This vulnerability is confined to the NetBackup Snapshot Manager feature and does not impact the RabbitMQ instance on the NetBackup primary servers.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40260 βΌ
π Read
via "National Vulnerability Database".
EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA (multi factor authentication) requirement if the first factor (username and password) is known, because the first factor is sufficient to change an account's email address, and the product would then send MFA codes to the new email address (which may be attacker-controlled). NOTE: this is different from CVE-2023-4177, which claims to be about "some unknown processing of the component Multi-Factor Authentication Code Handler" and thus cannot be correlated with other vulnerability information.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-4106 βΌ
π Read
via "National Vulnerability Database".
Mattermost fails to check if the requesting user is a guest before performing different actions to public playbooks, resulting a guest being able toΓ view, join, edit, export and archive public playbooks.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40267 βΌ
π Read
via "National Vulnerability Database".
GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.π Read
via "National Vulnerability Database".
π1
π΄ Mobb Wins Black Hat Startup Spotlight Competition π΄
π Read
via "Dark Reading".
The four finalists in the startup competition tackled problems in firmware security, cloud infrastructure, open source software, and vulnerability remediation.π Read
via "Dark Reading".
Dark Reading
Mobb Wins Black Hat Startup Spotlight Competition
The four finalists tackled firmware security, cloud infrastructure, open source software, and vulnerability remediation.
βΌ CVE-2023-39417 βΌ
π Read
via "National Vulnerability Database".
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-3864 βΌ
π Read
via "National Vulnerability Database".
Blind SQL injection in a service running in Snow Software license manager from version 8.0.0 up to and including 9.30.1 on Windows allows a logged in user with high privileges to inject SQL commands via the web portal.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3403 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** Duplicate, please use CVE-2023-28931 instead.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3937 βΌ
π Read
via "National Vulnerability Database".
Cross site scripting vulnerability in web portal in Snow Software License Manager from version 9.0.0 up to and including 9.30.1 on Windows allows an authenticated user with high privileges to trigger cross site scripting attack via the web browserπ Read
via "National Vulnerability Database".
βΌ CVE-2023-39418 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.π Read
via "National Vulnerability Database".
π΄ What CISA and NSA Guidance Means for Critical Infrastructure Security π΄
π Read
via "Dark Reading".
Strategically investing in solutions that meet you where you are makes all the difference in staying secure from cyber threats.π Read
via "Dark Reading".
Dark Reading
What CISA and NSA Guidance Means for Critical Infrastructure Security
Strategically investing in solutions that meet you where you are makes all the difference in staying secure from cyber threats.
π¦Ώ iOS 17 cheat sheet: Release date, supported devices and more π¦Ώ
π Read
via "Tech Republic".
iOS 17 has been announced, and it's Appleβs best version of iOS. Learn everything you need to know about iOS 17's features, release date and how to get it.π Read
via "Tech Republic".
TechRepublic
iOS 17 Cheat Sheet: Release Date, Supported Devices and More
When is iOS 17 coming out, and what is the list of supported devices? Find out everything you need to know with our iOS 17 cheat sheet.
βΌ CVE-2020-24872 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in backend/pages/modify.php in Lepton-CMS version 4.7.0, allows remote attackers to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35990 βΌ
π Read
via "National Vulnerability Database".
Buffer Overflow vulnerability in cFilenameInit parameter in browseForDoc function in Foxit Software Foxit PDF Reader version 10.1.0.37527, allows local attackers to cause a denial of service (DoS) via crafted .pdf file.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28717 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in content1 parameter in demo.jsp in kindsoft kindeditor version 4.1.12, allows attackers to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28427 βΌ
π Read
via "National Vulnerability Database".
Buffer Overflow vulnerability in XNView version 2.49.3, allows local attackers to execute arbitrary code via crafted TIFF file.π Read
via "National Vulnerability Database".