βΌ CVE-2020-20813 βΌ
π Read
via "National Vulnerability Database".
Control Channel in OpenVPN 2.4.7 and earlier allows remote attackers to cause a denial of service via crafted reset packet.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38666 βΌ
π Read
via "National Vulnerability Database".
Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4_Processor::ProcessFragments function in mp4encrypt.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39599 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Scripting (XSS) vulnerability in CSZ CMS v.1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Social Settings parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45611 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Fresenius Kabi PharmaHelp 5.1.759.0 allows attackers to gain escalated privileges via via capture of user login information.π Read
via "National Vulnerability Database".
βΌ CVE-2020-21687 βΌ
π Read
via "National Vulnerability Database".
Buffer Overflow vulnerability in scan function in stdscan.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24514 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) vulnerability in Visual Console Module of Pandora FMS could be used to hijack admin users session cookie values, carry out phishing attacks, etc. This issue affects Pandora FMS v767 version and prior versions on all platforms.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25887 βΌ
π Read
via "National Vulnerability Database".
Buffer overflow in mg_resolve_from_hosts_file in Mongoose 6.18, when reading from a crafted hosts file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37424 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the web-based management interfaceΓ of EdgeConnect SD-WAN Orchestrator could allow anΓ unauthenticated remote attacker to run arbitrary commands onΓ the underlying host if certain preconditions outside of theΓ attacker's control are met. Successful exploitation of thisΓ vulnerability could allow an attacker to execute arbitraryΓ commands on the underlying operating system leading toΓ complete system compromise.π Read
via "National Vulnerability Database".
π΄ Controversial Cybercrime Law Passes in Jordan π΄
π Read
via "Dark Reading".
The increase in cyberattacks against the Middle East in the last few years has pressured Jordan and other nations to better secure their infrastructures.π Read
via "Dark Reading".
Dark Reading
Controversial Cybercrime Law Passes in Jordan
The increase in cyberattacks against the Middle East in the last few years has pressured Jordan and other nations to better secure their infrastructures.
π΄ Adobe Patches Critical Deserialization Vulnerability, but Exploits Persist π΄
π Read
via "Dark Reading".
The vulnerability was being exploited in the wild, targeting two versions of Adobe ColdFusion. π Read
via "Dark Reading".
Dark Reading
Adobe Patches Critical Deserialization Vulnerability, but Exploits Persist
The vulnerability was being exploited in the wild, targeting two versions of Adobe ColdFusion.
π΄ Forescout Joins MISA and Announces Integration With Microsoft Sentinel π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Forescout Joins MISA and Announces Integration With Microsoft Sentinel
San Jose, CA. August 22, 2023 β Forescout, a global cybersecurity leader, today announced integrations with Microsoft Sentinel as part of a broader initiative to support the Microsoft Security portfolio. These integrations will deliver real-time visibilityβ¦
π΄ Absolute Dental Services Notifies Patients of Data Security Incident π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Absolute Dental Services Notifies Patients of Data Security Incident
DURHAM, N.C., Aug. 22, 2023 /PRNewswire/ -- Absolute Dental Services ("ADS") is a dental laboratory which experienced a data security incident that may have impacted personal or protected health information belonging to certain individuals who received dentalβ¦
π΄ Grip Security Raising $41M Series B Led by Third Point Ventures π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Grip Security Raising $41M Series B Led by Third Point Ventures
BOSTON β (BUSINESS WIRE) β Grip Security, a leader in SaaS identity risk management, today announced it is raising $41 million in Series B funding led by Third Point Ventures, with participation from YL Ventures, Intel Capital, and The Syndicate Group. Theβ¦
π¦Ώ Generative AI: Cybersecurity Weapon, But Not Without Adaptable, Creative (Human) Thinkers π¦Ώ
π Read
via "Tech Republic".
Cybersecurity expert Kayne McGladrey speaks about why AI cannot do what creative people can, and the important role of generative AI in SOCs.π Read
via "Tech Republic".
TechRepublic
Generative AI: Cybersecurity Weapon, But Not Without Adaptable, Creative (Human) Thinkers
Cybersecurity expert Kayne McGladrey speaks about why AI cannot do what creative people can, and the important role of generative AI in SOCs.
π΄ Study: More Than Half of Browser Extensions Pose Security Risks π΄
π Read
via "Dark Reading".
Spin.AI's risk assessment of some 300,000 browser extensions had overly permissive access and could execute potentially malicious behaviors.π Read
via "Dark Reading".
Dark Reading
More Than Half of Browser Extensions Pose Security Risks
Spin.AI's risk assessment of some 300,000 browser extensions found 51% had overly permissive access and could execute potentially malicious behaviors.
βΌ CVE-2023-33850 βΌ
π Read
via "National Vulnerability Database".
IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 257132.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-38734 βΌ
π Read
via "National Vulnerability Database".
IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 is vulnerable to incorrect privilege assignment when importing users from an LDAP directory. IBM X-Force ID: 262481.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38733 βΌ
π Read
via "National Vulnerability Database".
IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 server could allow an authenticated user to view sensitive information from installation logs. IBM X-Force Id: 262293.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40370 βΌ
π Read
via "National Vulnerability Database".
IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled. IBM X-Force ID: 263470.π Read
via "National Vulnerability Database".
βΌ CVE-2020-24113 βΌ
π Read
via "National Vulnerability Database".
Directory Traversal vulnerability in Contacts File Upload Interface in Yealink W60B version 77.83.0.85, allows attackers to gain sensitive information and cause a denial of service (DoS).π Read
via "National Vulnerability Database".
βΌ CVE-2023-39026 βΌ
π Read
via "National Vulnerability Database".
Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component.π Read
via "National Vulnerability Database".