βΌ CVE-2023-4480 βΌ
π Read
via "National Vulnerability Database".
Due to an out-of-date dependency in the Γ’β¬ΕFusion File ManagerΓ’β¬οΏ½ component accessible through the admin panel, an attacker can send a crafted request that allows them to read the contents of files on the system accessible within the privileges of the running process. Additionally, they may write files to arbitrary locations, provided the files pass the applicationΓ’β¬β’s mime-type and file extension validation.Γ π Read
via "National Vulnerability Database".
βΌ CVE-2023-40743 βΌ
π Read
via "National Vulnerability Database".
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API method, this could expose the application to DoS, SSRF and even attacks leading to RCE.As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis 2/Java. As a workaround, you may review your code to verify no untrusted or unsanitized input is passed to "ServiceFactory.getService", or by applying the patch from https://github.com/apache/axis-axis1-java/commit/7e66753427466590d6def0125e448d2791723210 . The Apache Axis project does not expect to create an Axis 1.x release fixing this problem, though contributors that would like to work towards this are welcome.π Read
via "National Vulnerability Database".
π΄ How Companies Can Cope With the Risks of Generative AI Tools π΄
π Read
via "Dark Reading".
To benefit from AI yet minimize risk, companies should be cautious about information they share, be aware of AI's limitations, and stay vigilant about business implications.π Read
via "Dark Reading".
Dark Reading
How Companies Can Cope With the Risks of Generative AI Tools
To benefit from AI yet minimize risk, companies should be cautious about information they share, be aware of AI's limitations, and stay vigilant about business implications.
βΌ CVE-2023-35124 βΌ
π Read
via "National Vulnerability Database".
An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41108 βΌ
π Read
via "National Vulnerability Database".
TEF portal 2023-07-17 is vulnerable to authenticated remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32615 βΌ
π Read
via "National Vulnerability Database".
A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41107 βΌ
π Read
via "National Vulnerability Database".
TEF portal 2023-07-17 is vulnerable to a persistent cross site scripting (XSS)attack.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34998 βΌ
π Read
via "National Vulnerability Database".
An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary authentication. An attacker can sniff network traffic to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36361 βΌ
π Read
via "National Vulnerability Database".
Audimexee v14.1.7 was discovered to contain a SQL injection vulnerability via the p_table_name parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32271 βΌ
π Read
via "National Vulnerability Database".
An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34353 βΌ
π Read
via "National Vulnerability Database".
An authentication bypass vulnerability exists in the OAS Engine authentication functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted network sniffing can lead to decryption of sensitive information. An attacker can sniff network traffic to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3374 βΌ
π Read
via "National Vulnerability Database".
Incomplete List of Disallowed Inputs vulnerability in Bookreen allows Privilege Escalation.This issue affects Bookreen: before 3.0.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41012 βΌ
π Read
via "National Vulnerability Database".
An issue in China Mobile Communications China Mobile Intelligent Home Gateway v.HG6543C4 allows a remote attacker to execute arbitrary code via the authentication mechanism.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4778 βΌ
π Read
via "National Vulnerability Database".
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3375 βΌ
π Read
via "National Vulnerability Database".
Unrestricted Upload of File with Dangerous Type vulnerability in Bookreen allows OS Command Injection.This issue affects Bookreen: before 3.0.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31242 βΌ
π Read
via "National Vulnerability Database".
An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially-crafted series of network requests can lead to arbitrary authentication. An attacker can send a sequence of requests to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34994 βΌ
π Read
via "National Vulnerability Database".
An improper resource allocation vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to creation of an arbitrary directory. An attacker can send a sequence of requests to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34317 βΌ
π Read
via "National Vulnerability Database".
An improper input validation vulnerability exists in the OAS Engine User Creation functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a sequence of requests to trigger this vulnerability.π Read
via "National Vulnerability Database".
π΄ Russia Undertakes Disinformation Campaign Across Africa π΄
π Read
via "Dark Reading".
Following coups in some African nations, Russia is exploiting the instability with the manipulation of media channels to stoke anti-French sentiment, among other things.π Read
via "Dark Reading".
Dark Reading
Russia Undertakes Disinformation Campaign Across Africa
Following coups in some African nations, Russia is exploiting the instability with the manipulation of media channels to stoke anti-French sentiment, among other things.
π΄ Hackers Target High-Privileged Okta Accounts via Help Desk π΄
π Read
via "Dark Reading".
Threat actors convince employees to reset MFA for Super Admin accounts in the IAM service to leverage compromised accounts, impersonating users and moving laterally within an organization.π Read
via "Dark Reading".
Dark Reading
Hackers Target High-Privileged Okta Accounts via Help Desk
Threat actors convince employees to reset MFA for Super Admin accounts in the IAM service to leverage compromised accounts, impersonating users and moving laterally within an organization.
π΄ Data Initiatives Force Closer Partnership Between CISOs, CDOs π΄
π Read
via "Dark Reading".
Though security leaders and chief data officers both care about data management, their different missions have created a tension that needs addressing.π Read
via "Dark Reading".
Dark Reading
Data Initiatives Force Closer Partnership Between CISOs, CDOs
Though security leaders and chief data officers both care about data management, their different missions have created a tension that needs addressing.