🕴 BreachLock Intelligence Report Reveals Critical Insights From Thousands of Penetration Tests 🕴
📖 Read
via "Dark Reading".
📖 Read
via "Dark Reading".
Dark Reading
BreachLock Intelligence Report Reveals Critical Insights From Thousands of Penetration Tests
NEW YORK, Aug. 28, 2023 /PRNewswire/ -- BreachLock, the global leader in Penetration Testing Services, announces the release of its highly anticipated 2023 BreachLock Penetration Testing Intelligence Report.
🦿 OpenAI Debuts ChatGPT Enterprise, touting better privacy for business 🦿
📖 Read
via "Tech Republic".
Data from ChatGPT Enterprise will not be used to train the popular chatbot. Plus, admins can manage access.📖 Read
via "Tech Republic".
TechRepublic
OpenAI Debuts ChatGPT Enterprise, Touting Better Privacy for Business
Data from ChatGPT Enterprise will not be used to train the popular chatbot. Plus, admins can manage access.
‼ CVE-2023-38969 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting vulnerabiltiy in Badaso v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the title parameter in the new book and edit book function.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39578 ‼
📖 Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in the Create function of Zenario CMS v9.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu navigation text field.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39652 ‼
📖 Read
via "National Vulnerability Database".
theme volty tvcmsvideotab up to v4.0.0 was discovered to contain a SQL injection vulnerability via the component TvcmsVideoTabConfirmDeleteModuleFrontController::run().📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40170 ‼
📖 Read
via "National Vulnerability Database".
jupyter-server is the backend for Jupyter web applications. Improper cross-site credential checks on `/files/` URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab". This issue has been addressed in commit `87a49272728` which has been included in release `2.7.2`. Users are advised to upgrade. Users unable to upgrade may use the lower performance `--ContentsManager.files_handler_class=jupyter_server.files.handlers.FilesHandler`, which implements the correct checks.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41109 ‼
📖 Read
via "National Vulnerability Database".
SmartNode SN200 (aka SN200) 3.21.2-23021 allows unauthenticated OS Command Injection.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-35785 ‼
📖 Read
via "National Vulnerability Database".
Zoho ManageEngine ADManager Plus through 7186 is vulnerable to 2FA bypass.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39968 ‼
📖 Read
via "National Vulnerability Database".
jupyter-server is the backend for Jupyter web applications. Open Redirect Vulnerability. Maliciously crafted login links to known Jupyter Servers can cause successful login or an already logged-in session to be redirected to arbitrary sites, which should be restricted to Jupyter Server-served URLs. This issue has been addressed in commit `29036259` which is included in release 2.7.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-24165 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39348 ‼
📖 Read
via "National Vulnerability Database".
Spinnaker is an open source, multi-cloud continuous delivery platform. Log output when updating GitHub status is improperly set to FULL always. It's recommended to apply the patch and rotate the GitHub token used for github status notifications. Given that this would output github tokens to a log system, the risk is slightly higher than a "low" since token exposure could grant elevated access to repositories outside of control. If using READ restricted tokens, the exposure is such that the token itself could be used to access resources otherwise restricted from reads. This only affects users of GitHub Status Notifications. This issue has been addressed in pull request 1316. Users are advised to upgrade. Users unable to upgrade should disable GH Status Notifications, Filter their logs for Echo log data and use read-only tokens that are limited in scope.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39059 ‼
📖 Read
via "National Vulnerability Database".
An issue in ansible semaphore v.2.8.90 allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-34725 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows physical attackers to gain escalated privileges via a telnet connection.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40826 ‼
📖 Read
via "National Vulnerability Database".
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the zippluginPath parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40827 ‼
📖 Read
via "National Vulnerability Database".
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the loadpluginPath parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40781 ‼
📖 Read
via "National Vulnerability Database".
Buffer Overflow vulnerability in Libming Libming v.0.4.8 allows a remote attacker to cause a denial of service via a crafted .swf file to the makeswf function.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4569 ‼
📖 Read
via "National Vulnerability Database".
A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. This issue may allow a local attacker to cause a double-deactivations of catchall elements, which results in a memory leak.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39650 ‼
📖 Read
via "National Vulnerability Database".
Theme Volty CMS Blog up to version v4.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /tvcmsblog/single.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40857 ‼
📖 Read
via "National Vulnerability Database".
Buffer Overflow vulnerability in VirusTotal yara v.4.3.2 allows a remote attacker to execute arbtirary code via the yr_execute_cod function in the exe.c component.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-34724 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in TECHView LA5570 Wireless Gateway 1.0.19_T53, allows physical attackers to gain escalated privileges via the UART interface.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40828 ‼
📖 Read
via "National Vulnerability Database".
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function.📖 Read
via "National Vulnerability Database".