βΌ CVE-2023-4572 βΌ
π Read
via "National Vulnerability Database".
Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)π Read
via "National Vulnerability Database".
βΌ CVE-2023-39267 βΌ
π Read
via "National Vulnerability Database".
An authenticated remote code execution vulnerability exists in the command line interface in ArubaOS-Switch. Successful exploitation results in a Denial-of-Service (DoS) condition in the switch.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39678 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in the device web interface (Log Query page) of BDCOM OLT P3310D-2AC 10.1.0F Build 69083 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4346 βΌ
π Read
via "National Vulnerability Database".
KNX devices that use KNX Connection Authorization and support Option 1 are, depending on the implementation, vulnerable to being locked and users being unable to reset them to gain access to the device. The BCU key feature on the devices can be used to create a password for the device, but this password can often not be reset without entering the current password. If the device is configured to interface with a network, an attacker with access to that network could interface with the KNX installation, purge all devices without additional security options enabled, and set a BCU key, locking the device. Even if a device is not connected to a network, an attacker with physical access to the device could also exploit this vulnerability in the same way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39268 βΌ
π Read
via "National Vulnerability Database".
A memory corruption vulnerability in ArubaOS-Switch could lead to unauthenticated remote code execution by receiving specially crafted packets. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3253 βΌ
π Read
via "National Vulnerability Database".
An improper authorization vulnerability exists where an authenticated, low privileged remote attacker could view a list of all the users available in the application.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39266 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the ArubaOS-Switch web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface provided certain configuration options are present. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39663 βΌ
π Read
via "National Vulnerability Database".
Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service (ReDoS) vulnerabilities in MathJax.js via the components pattern and markdownPattern.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3262 βΌ
π Read
via "National Vulnerability Database".
TripSpark VEO Transportation-2.2.x-XP_BB-20201123-184084 NovusEDU-2.2.x-XP_BB-20201123-184084 allows unsafe data inputs in POST body parameters from end users without sanitizing using server-side logic. It was possible to inject custom SQL commands into the "Student Busing Information" search queries.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32241 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPDeveloper Essential Addons for Elementor Pro plugin <=Γ 5.4.8 versions.π Read
via "National Vulnerability Database".
π΄ SPHERE Appoints Former Johnson & Johnson CISO Marene Allison to Board of Directors π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
SPHERE Appoints Former Johnson & Johnson CISO Marene Allison to Board of Directors
NEWARK, N.J., Aug. 29, 2023 /PRNewswire/ -- SPHERE, an award-winning provider of innovative solutions for identity hygiene and access governance, announced the appointment of former Johnson & Johnson CISO Marene Allison to SPHERE's Board of Directors.
π΄ Everest Group Research: C-Suite Must Recognize Critical Difference Between Cybersecurity and Cyber Resilience π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Everest Group Research: C-Suite Must Recognize Critical Difference Between Cybersecurity and Cyber Resilience
DALLAS, Aug. 29, 2023 /PRNewswire-PRWeb/ -- Everest Group is calling on enterprises to make the critical shift in focus from cybersecurity to cyber resilience. While cybersecurity focuses on safeguarding against threats, cyber resilience emphasizes the abilityβ¦
π΄ 6 Ways AI Can Revolutionize Digital Forensics π΄
π Read
via "Dark Reading".
Artificial intelligence tools can automate the analysis of logs, video, and other important but tedious aspects of investigations.π Read
via "Dark Reading".
Dark Reading
6 Ways AI Can Revolutionize Digital Forensics
Artificial intelligence tools can automate the analysis of logs, video, and other important but tedious aspects of investigations.
βΌ CVE-2023-39559 βΌ
π Read
via "National Vulnerability Database".
AudimexEE 15.0 was discovered to contain a full path disclosure vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41265 βΌ
π Read
via "National Vulnerability Database".
An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunneling HTTP requests in the raw HTTP request. This allows them to send requests that get executed by the backend server hosting the repository application. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4611 βΌ
π Read
via "National Vulnerability Database".
A use-after-free flaw was found in mm/mempolicy.c in the memory management subsystem in the Linux Kernel. This issue is caused by a race between mbind() and VMA-locked page fault, and may allow a local attacker to crash the system or lead to a kernel information leak.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4296 βΌ
π Read
via "National Vulnerability Database".
?If an attacker tricks an admin user of PTC Codebeamer into clicking on a malicious link, it may allow the attacker to inject arbitrary code to be executed in the browser on the target device.π Read
via "National Vulnerability Database".
βΌ CVE-2020-18912 βΌ
π Read
via "National Vulnerability Database".
An issue found in Earcms Ear App v.20181124 allows a remote attacker to execute arbitrary code via the uload/index-uplog.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39558 βΌ
π Read
via "National Vulnerability Database".
AudimexEE v15.0 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the Show Kai Data component.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41153 βΌ
π Read
via "National Vulnerability Database".
A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via options for the host value while editing the host options.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41266 βΌ
π Read
via "National Vulnerability Database".
A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows an unauthenticated remote attacker to generate an anonymous session. This allows them to transmit HTTP requests to unauthorized endpoints. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13.π Read
via "National Vulnerability Database".