‼ CVE-2023-39094 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting vulnerability in ZeroWdd studentmanager v.1.0 allows a remote attacker to execute arbitrary code via the username parameter in the student list function.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32002 ‼
📖 Read
via "National Vulnerability Database".
The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x.Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3604 ‼
📖 Read
via "National Vulnerability Database".
The Change WP Admin Login WordPress plugin before 1.1.4 discloses the URL of the hidden login page when accessing a crafted URL, bypassing the protection offered.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4456 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38035 ‼
📖 Read
via "National Vulnerability Database".
A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.📖 Read
via "National Vulnerability Database".
🕴 Energy One Investigates Cyberattack 🕴
📖 Read
via "Dark Reading".
Energy One is trying to determine the initial point of entry and whether personal information has been compromised.📖 Read
via "Dark Reading".
Dark Reading
Energy One Investigates Cyberattack
Energy One is trying to determine the initial point of entry and whether personal information has been compromised.
🕴 Fed Warning: US Space Industry Subject To Foreign Spying, Disruptions 🕴
📖 Read
via "Dark Reading".
The space industry must improve security as foreign intelligence entities seek to steal trade secrets and disrupt space-based infrastructure, US agencies caution.📖 Read
via "Dark Reading".
Dark Reading
Fed Warning: US Space Industry Subject to Foreign Spying, Disruptions
The space industry must improve security as foreign intelligence entities seek to steal trade secrets and disrupt space-based infrastructure, US agencies caution.
🕴 Tesla Data Breach Investigation Reveals Inside Job 🕴
📖 Read
via "Dark Reading".
The carmaker also reported it's taken legal action against the former employees involved in the data breach, which involved more than 75,000 names.📖 Read
via "Dark Reading".
Dark Reading
Tesla Data Breach Investigation Reveals Inside Job
The carmaker also reported it's taken legal action against the former employees involved in the data breach, which involved more than 75,000 names.
‼ CVE-2023-4373 ‼
📖 Read
via "National Vulnerability Database".
Inadequate validation of permissions when employing remote tools and macros within Devolutions Remote Desktop Manager versions 2023.2.19 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4459 ‼
📖 Read
via "National Vulnerability Database".
A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40352 ‼
📖 Read
via "National Vulnerability Database".
McAfee Safe Connect before 2.16.1.126 may allow an adversary with system privileges to achieve privilege escalation by loading arbitrary DLLs.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4417 ‼
📖 Read
via "National Vulnerability Database".
Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 2023.2.19 and earlier versions on Windows allows an authenticated user, under specific circumstances, to inadvertently share their personal vault entry with shared vaults via an incorrect vault in the duplication write process.📖 Read
via "National Vulnerability Database".
🦿 Akamai Report: LockBit, Cl0P Expand Ransomware Efforts 🦿
📖 Read
via "Tech Republic".
Phishing is so last year: Akamai's report finds that zero-day and one-day vulnerabilities caused a 143% increase in total ransomware victims.📖 Read
via "Tech Republic".
TechRepublic
Akamai Report: LockBit, Cl0P Expand Ransomware Efforts
Phishing is so last year: Akamai's report finds that zero-day and one-day vulnerabilities caused a 143% increase in total ransomware victims.
🔥1
‼ CVE-2023-25915 ‼
📖 Read
via "National Vulnerability Database".
Due to improper input validation, a remote attacker could execute arbitrary commands on the target system.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38158 ‼
📖 Read
via "National Vulnerability Database".
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36787 ‼
📖 Read
via "National Vulnerability Database".
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25914 ‼
📖 Read
via "National Vulnerability Database".
Due to improper restriction, attackers could retrieve and read system files of the underlying server through the XML interface.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25913 ‼
📖 Read
via "National Vulnerability Database".
Because of an authentication flaw an attacker would be capable of generating a web report that discloses sensitive information such as internal IP addresses, usernames, store names and other sensitive information.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2023-4302 ‼
📖 Read
via "National Vulnerability Database".
A missing permission check in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.📖 Read
via "National Vulnerability Database".
🕴 Ivanti Issues Fix for Critical Vuln In Its Sentry Gateway Technology 🕴
📖 Read
via "Dark Reading".
Security vendor will not say if attackers are already actively exploiting the flaw, as some reports have claimed.📖 Read
via "Dark Reading".
Dark Reading
Ivanti Issues Fix for Critical Vuln in Its Sentry Gateway Technology
Security vendor will not say if attackers are already actively exploiting the flaw, as some reports have claimed.
‼ CVE-2023-38906 ‼
📖 Read
via "National Vulnerability Database".
An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via the authentication code for the UDP message.📖 Read
via "National Vulnerability Database".