βΌ CVE-2023-40253 βΌ
π Read
via "National Vulnerability Database".
Improper Authentication vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Functionality Misuse.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4105 βΌ
π Read
via "National Vulnerability Database".
Mattermost fails to delete the attachments when deleting a message in a thread allowing a simple user to still be able to access and download the attachment of a deleted messageπ Read
via "National Vulnerability Database".
βΌ CVE-2023-3824 βΌ
π Read
via "National Vulnerability Database".
In PHP version 8.0.* before 8.0.30,Γ 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.Γ π Read
via "National Vulnerability Database".
βΌ CVE-2023-40256 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was discovered in Veritas NetBackup Snapshot Manager before 10.2.0.1 that allowed untrusted clients to interact with the RabbitMQ service. This was caused by improper validation of the client certificate due to misconfiguration of the RabbitMQ service. Exploiting this impacts the confidentiality and integrity of messages controlling the backup and restore jobs, and could result in the service becoming unavailable. This impacts only the jobs controlling the backup and restore activities, and does not allow access to (or deletion of) the backup snapshot data itself. This vulnerability is confined to the NetBackup Snapshot Manager feature and does not impact the RabbitMQ instance on the NetBackup primary servers.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40260 βΌ
π Read
via "National Vulnerability Database".
EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA (multi factor authentication) requirement if the first factor (username and password) is known, because the first factor is sufficient to change an account's email address, and the product would then send MFA codes to the new email address (which may be attacker-controlled). NOTE: this is different from CVE-2023-4177, which claims to be about "some unknown processing of the component Multi-Factor Authentication Code Handler" and thus cannot be correlated with other vulnerability information.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-4106 βΌ
π Read
via "National Vulnerability Database".
Mattermost fails to check if the requesting user is a guest before performing different actions to public playbooks, resulting a guest being able toΓ view, join, edit, export and archive public playbooks.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40267 βΌ
π Read
via "National Vulnerability Database".
GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.π Read
via "National Vulnerability Database".
π1
π΄ Mobb Wins Black Hat Startup Spotlight Competition π΄
π Read
via "Dark Reading".
The four finalists in the startup competition tackled problems in firmware security, cloud infrastructure, open source software, and vulnerability remediation.π Read
via "Dark Reading".
Dark Reading
Mobb Wins Black Hat Startup Spotlight Competition
The four finalists tackled firmware security, cloud infrastructure, open source software, and vulnerability remediation.
βΌ CVE-2023-39417 βΌ
π Read
via "National Vulnerability Database".
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-3864 βΌ
π Read
via "National Vulnerability Database".
Blind SQL injection in a service running in Snow Software license manager from version 8.0.0 up to and including 9.30.1 on Windows allows a logged in user with high privileges to inject SQL commands via the web portal.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3403 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** Duplicate, please use CVE-2023-28931 instead.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3937 βΌ
π Read
via "National Vulnerability Database".
Cross site scripting vulnerability in web portal in Snow Software License Manager from version 9.0.0 up to and including 9.30.1 on Windows allows an authenticated user with high privileges to trigger cross site scripting attack via the web browserπ Read
via "National Vulnerability Database".
βΌ CVE-2023-39418 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.π Read
via "National Vulnerability Database".
π΄ What CISA and NSA Guidance Means for Critical Infrastructure Security π΄
π Read
via "Dark Reading".
Strategically investing in solutions that meet you where you are makes all the difference in staying secure from cyber threats.π Read
via "Dark Reading".
Dark Reading
What CISA and NSA Guidance Means for Critical Infrastructure Security
Strategically investing in solutions that meet you where you are makes all the difference in staying secure from cyber threats.
π¦Ώ iOS 17 cheat sheet: Release date, supported devices and more π¦Ώ
π Read
via "Tech Republic".
iOS 17 has been announced, and it's Appleβs best version of iOS. Learn everything you need to know about iOS 17's features, release date and how to get it.π Read
via "Tech Republic".
TechRepublic
iOS 17 Cheat Sheet: Release Date, Supported Devices and More
When is iOS 17 coming out, and what is the list of supported devices? Find out everything you need to know with our iOS 17 cheat sheet.
βΌ CVE-2020-24872 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in backend/pages/modify.php in Lepton-CMS version 4.7.0, allows remote attackers to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35990 βΌ
π Read
via "National Vulnerability Database".
Buffer Overflow vulnerability in cFilenameInit parameter in browseForDoc function in Foxit Software Foxit PDF Reader version 10.1.0.37527, allows local attackers to cause a denial of service (DoS) via crafted .pdf file.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28717 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in content1 parameter in demo.jsp in kindsoft kindeditor version 4.1.12, allows attackers to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28427 βΌ
π Read
via "National Vulnerability Database".
Buffer Overflow vulnerability in XNView version 2.49.3, allows local attackers to execute arbitrary code via crafted TIFF file.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35139 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in OFPBundleCtrlMsg in parser.py in Faucet SDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop).π Read
via "National Vulnerability Database".
βΌ CVE-2021-27523 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in open-falcon dashboard version 0.2.0, allows remote attackers to gain, modify, and delete sensitive information via crafted POST request to register interface.π Read
via "National Vulnerability Database".