βΌ CVE-2023-39743 βΌ
π Read
via "National Vulnerability Database".
lrzip-next LZMA v23.01 was discovered to contain an access violation via the component /bz3_decode_block src/libbz3.c.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37914 βΌ
π Read
via "National Vulnerability Database".
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can view `Invitation.WebHome` can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This vulnerability has been patched on XWiki 14.4.8, 15.2-rc-1, and 14.10.6. Users are advised to upgrade. Users unable to upgrade may manually apply the patch on `Invitation.InvitationCommon` and `Invitation.InvitationConfig`, but there are otherwise no known workarounds for this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38843 βΌ
π Read
via "National Vulnerability Database".
An issue in Atlos v.1.0 allows an authenticated attacker to execute arbitrary code via a crafted payload into the description field in the incident function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38905 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a local attacker to cause a denial of service via the Benchmark, PG_Sleep, DBMS_Lock.Sleep, Waitfor, DECODE, and DBMS_PIPE.RECEIVE_MESSAGE functions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39741 βΌ
π Read
via "National Vulnerability Database".
lrzip v0.651 was discovered to contain a heap overflow via the libzpaq::PostProcessor::write(int) function at /libzpaq/libzpaq.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40313 βΌ
π Read
via "National Vulnerability Database".
A BeanShell interpreter in remote server mode runs in OpenMNS Horizon versions earlier than 32.0.2 and in related Meridian versions which could allow arbitrary remote Java code execution. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26469 βΌ
π Read
via "National Vulnerability Database".
In Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server.π Read
via "National Vulnerability Database".
π΄ ISC2 Announces Milestone As Community Grows to Half a Million π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
ISC2 Announces Milestone as Community Grows to Half a Million
ALEXANDRIA, Va., Aug. 17, 2023 /PRNewswire/ -- The world's leading nonprofit member organization for cybersecurity professionals, formerly known as (ISC)Β², has today announced that it is now ISC2 to reflect its growing global membership and expanded roleβ¦
π΄ Normalyze: How Focusing On Data Can Improve Cloud Security π΄
π Read
via "Dark Reading".
In this Dark Reading News Desk segment, Normalyzeβs Ravi Ithal discusses cloud security and data security posture management (DPSM).π Read
via "Dark Reading".
Darkreading
Normalyze: How Focusing on Data Can Improve Cloud Security
In this Dark Reading News Desk segment, Normalyzeβs Ravi Ithal discusses cloud security and data security posture management (DSPM).
π΄ TXOne: How to Improve Your Operational Technology Security Posture π΄
π Read
via "Dark Reading".
In this Dark Reading News Desk segment, Terence Liu of TXOne Networks discusses operational technology and industrial cybersecurity.π Read
via "Dark Reading".
Darkreading
TXOne: How to Improve Your Operational Technology Security Posture
In this Dark Reading News Desk segment, Terence Liu of TXOne Networks discusses operational technology and industrial cybersecurity.
π΄ Foretrace Announces Launch of "Tim," Generative AI Analyst for Assessing and Responding to Data Leaks π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Foretrace Announces Launch of "Tim," Generative AI Analyst for Assessing and Responding to Data Leaks
COLUMBIA, Md,, Aug. 17, 2023 /PRNewswire-PRWeb/ -- Foretrace, the leader in data leak and exposure management, today announced the release of "Tim," a generative AI analyst that will provide real-time recommendations and guidance to assist in the investigationβ¦
π΄ Sophos: βRoyalβ Is Trying to Make Itself the King of Ransomware π΄
π Read
via "Dark Reading".
In this Dark Reading News Desk segment, John Shier, Field CTO Commercial, Sophos, discusses the "Royal" ransomware.π Read
via "Dark Reading".
Darkreading
Sophos: βRoyalβ Is Trying to Make Itself the King of Ransomware
In this Dark Reading News Desk segment, John Shier, Field CTO Commercial, Sophos, discusses the "Royal" ransomware.
βΌ CVE-2023-31939 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the costomer_id parameter at customer_edit.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31938 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the emp_id parameter at employee_detail.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39972 βΌ
π Read
via "National Vulnerability Database".
Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. It allows unauthorized users to create new mailing lists.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39970 βΌ
π Read
via "National Vulnerability Database".
Unrestricted Upload of File with Dangerous Type vulnerability in AcyMailing component for Joomla. It allows remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36845 βΌ
π Read
via "National Vulnerability Database".
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to control certain, important environments variables.Utilizing a crafted request an attacker is able to modify a certain PHP environment variable leading to partial loss of integrity, which may allow chaining to other vulnerabilities.This issue affects Juniper Networks Junos OS on SRX Series: * All versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1; * 22.4 versions prior to 22.4R2-S1, 22.4R3; * 23.2 versions prior to 23.2R1-S1, 23.2R2.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39973 βΌ
π Read
via "National Vulnerability Database".
Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. It allows the unauthorized removal of attachments from campaigns.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36847 βΌ
π Read
via "National Vulnerability Database".
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.With a specific request that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrityfor a certain part of the file system, which may allow chaining to other vulnerabilities.This issue affects Juniper Networks Junos OS on EX Series: * All versions prior to 20.4R3-S8; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S1; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2-S1, 22.4R3.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31943 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the ticket_id parameter at ticket_detail.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31941 βΌ
π Read
via "National Vulnerability Database".
File Upload vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via a crafted PHP file to the employee_insert.php.π Read
via "National Vulnerability Database".