βΌ CVE-2023-40260 βΌ
π Read
via "National Vulnerability Database".
EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA (multi factor authentication) requirement if the first factor (username and password) is known, because the first factor is sufficient to change an account's email address, and the product would then send MFA codes to the new email address (which may be attacker-controlled). NOTE: this is different from CVE-2023-4177, which claims to be about "some unknown processing of the component Multi-Factor Authentication Code Handler" and thus cannot be correlated with other vulnerability information.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-4106 βΌ
π Read
via "National Vulnerability Database".
Mattermost fails to check if the requesting user is a guest before performing different actions to public playbooks, resulting a guest being able toΓ view, join, edit, export and archive public playbooks.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40267 βΌ
π Read
via "National Vulnerability Database".
GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.π Read
via "National Vulnerability Database".
π1
π΄ Mobb Wins Black Hat Startup Spotlight Competition π΄
π Read
via "Dark Reading".
The four finalists in the startup competition tackled problems in firmware security, cloud infrastructure, open source software, and vulnerability remediation.π Read
via "Dark Reading".
Dark Reading
Mobb Wins Black Hat Startup Spotlight Competition
The four finalists tackled firmware security, cloud infrastructure, open source software, and vulnerability remediation.
βΌ CVE-2023-39417 βΌ
π Read
via "National Vulnerability Database".
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-3864 βΌ
π Read
via "National Vulnerability Database".
Blind SQL injection in a service running in Snow Software license manager from version 8.0.0 up to and including 9.30.1 on Windows allows a logged in user with high privileges to inject SQL commands via the web portal.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3403 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** Duplicate, please use CVE-2023-28931 instead.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3937 βΌ
π Read
via "National Vulnerability Database".
Cross site scripting vulnerability in web portal in Snow Software License Manager from version 9.0.0 up to and including 9.30.1 on Windows allows an authenticated user with high privileges to trigger cross site scripting attack via the web browserπ Read
via "National Vulnerability Database".
βΌ CVE-2023-39418 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.π Read
via "National Vulnerability Database".
π΄ What CISA and NSA Guidance Means for Critical Infrastructure Security π΄
π Read
via "Dark Reading".
Strategically investing in solutions that meet you where you are makes all the difference in staying secure from cyber threats.π Read
via "Dark Reading".
Dark Reading
What CISA and NSA Guidance Means for Critical Infrastructure Security
Strategically investing in solutions that meet you where you are makes all the difference in staying secure from cyber threats.
π¦Ώ iOS 17 cheat sheet: Release date, supported devices and more π¦Ώ
π Read
via "Tech Republic".
iOS 17 has been announced, and it's Appleβs best version of iOS. Learn everything you need to know about iOS 17's features, release date and how to get it.π Read
via "Tech Republic".
TechRepublic
iOS 17 Cheat Sheet: Release Date, Supported Devices and More
When is iOS 17 coming out, and what is the list of supported devices? Find out everything you need to know with our iOS 17 cheat sheet.
βΌ CVE-2020-24872 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in backend/pages/modify.php in Lepton-CMS version 4.7.0, allows remote attackers to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35990 βΌ
π Read
via "National Vulnerability Database".
Buffer Overflow vulnerability in cFilenameInit parameter in browseForDoc function in Foxit Software Foxit PDF Reader version 10.1.0.37527, allows local attackers to cause a denial of service (DoS) via crafted .pdf file.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28717 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in content1 parameter in demo.jsp in kindsoft kindeditor version 4.1.12, allows attackers to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28427 βΌ
π Read
via "National Vulnerability Database".
Buffer Overflow vulnerability in XNView version 2.49.3, allows local attackers to execute arbitrary code via crafted TIFF file.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35139 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in OFPBundleCtrlMsg in parser.py in Faucet SDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop).π Read
via "National Vulnerability Database".
βΌ CVE-2021-27523 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in open-falcon dashboard version 0.2.0, allows remote attackers to gain, modify, and delete sensitive information via crafted POST request to register interface.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39948 βΌ
π Read
via "National Vulnerability Database".
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0 and 2.6.5, the `BadParamException` thrown by Fast CDR is not caught in Fast DDS. This can remotely crash any Fast DDS process. Versions 2.10.0 and 2.6.5 contain a patch for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2020-24221 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in GetByte function in miniupnp ngiflib version 0.4, allows local attackers to cause a denial of service (DoS) via crafted .gif file (infinite loop).π Read
via "National Vulnerability Database".
βΌ CVE-2020-36136 βΌ
π Read
via "National Vulnerability Database".
SQL Injection vulnerability in cskaza cszcms version 1.2.9, allows attackers to gain sensitive information via pm_sendmail parameter in csz_model.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39949 βΌ
π Read
via "National Vulnerability Database".
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.9.1 and 2.6.5, improper validation of sequence numbers may lead to remotely reachable assertion failure. This can remotely crash any Fast-DDS process. Versions 2.9.1 and 2.6.5 contain a patch for this issue.π Read
via "National Vulnerability Database".