βΌ CVE-2023-41064 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.5.2, iOS 16.6.1 and iPadOS 16.6.1. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-41061 βΌ
π Read
via "National Vulnerability Database".
A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4528 βΌ
π Read
via "National Vulnerability Database".
Unsafe deserialization in JSCAPE MFT Server versions prior toΓ 2023.1.9 (Windows, Linux, and MacOS) permits an attacker to run arbitrary Java code (including OS commands) via its management interfaceπ Read
via "National Vulnerability Database".
βΌ CVE-2023-4685 βΌ
π Read
via "National Vulnerability Database".
Delta Electronics' CNCSoft-B version 1.0.0.4 and DOPSoft versions 4.0.0.82 and prior are vulnerable to stack-based buffer overflow, which could allow an attacker to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37798 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter.π Read
via "National Vulnerability Database".
π΄ Apple Hit By 2 No-Click Zero-Days in Blastpass Exploit Chain π΄
π Read
via "Dark Reading".
Researchers at Citizen Lab recommend immediately updating any iPhones and iPads to the latest OSes. π Read
via "Dark Reading".
Dark Reading
Apple Hit By 2 No-Click Zero-Days in Blastpass Exploit Chain
Researchers at Citizen Lab recommend immediately updating any iPhones and iPads to the latest OSes.
π΄ North Korean Hackers Target Security Researchers β Again π΄
π Read
via "Dark Reading".
This time, they're creating elaborate impostor profiles and using a fresh zero-day and a fake Windows tool to lure in the suspecting.π Read
via "Dark Reading".
Dark Reading
North Korean Hackers Target Security Researchers β Again
This time, they're creating elaborate impostor profiles and using a fresh zero-day and a fake Windows tool to lure in the suspecting.
βΌ CVE-2023-20193 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the Embedded Service Router (ESR) of Cisco ISE could allow an authenticated, local attacker to read, write, or delete arbitrary files on the underlying operating system and escalate their privileges to root. To exploit this vulnerability, an attacker must have valid Administrator-level privileges on the affected device. This vulnerability is due to improper privilege management in the ESR console. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to elevate their privileges to root and read, write, or delete arbitrary files from the underlying operating system of the affected device. Note: The ESR is not enabled by default and must be licensed. To verify the status of the ESR in the Admin GUI, choose Administration > Settings > Protocols > IPSec.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-41316 βΌ
π Read
via "National Vulnerability Database".
Tolgee is an open-source localization platform. Due to lack of validation field - Org Name, bad actor can send emails with HTML injected code to the victims. Registered users can inject HTML into unsanitized emails from the Tolgee instance to other users. This unsanitized HTML ends up in invitation emails which appear as legitimate org invitations. Bad actors may direct users to malicious website or execute javascript in the context of the users browser. This vulnerability has been addressed in version 3.29.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20194 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the ERS API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. To exploit this vulnerability, an attacker must have valid Administrator-level privileges on the affected device. This vulnerability is due to improper privilege management in the ERS API. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to elevate their privileges beyond the sphere of their intended access level, which would allow them to obtain sensitive information from the underlying operating system. Note: The ERS is not enabled by default. To verify the status of the ERS API in the Admin GUI, choose Administration > Settings > API Settings > API Service Settings.π Read
via "National Vulnerability Database".
π΄ Microsoft ID Security Gaps That Let Threat Actor Steal Signing Key π΄
π Read
via "Dark Reading".
China's Storm-0558 accessed user emails at some 25 enterprise organizations earlier this year using forged tokens.π Read
via "Dark Reading".
Dark Reading
Microsoft IDs Security Gaps that Let Threat Actors Steal Signing Key
China's Storm-0558 accessed user emails at some 25 enterprise organizations earlier this year using forged tokens.
βΌ CVE-2023-41646 βΌ
π Read
via "National Vulnerability Database".
Buttercup v2.20.3 allows attackers to obtain the hash of the master password for the password manager via accessing the file /vaults.json/π Read
via "National Vulnerability Database".
βΌ CVE-2023-41161 βΌ
π Read
via "National Vulnerability Database".
Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML via the key comment to different pages such as public key details, Export key, sign key, send to key server page, and fetch from key server page tab.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40029 βΌ
π Read
via "National Vulnerability Database".
Argo CD is a declarative continuous deployment for Kubernetes. Argo CD Cluster secrets might be managed declaratively using Argo CD / kubectl apply. As a result, the full secret body is stored in`kubectl.kubernetes.io/last-applied-configuration` annotation. pull request #7139 introduced the ability to manage cluster labels and annotations. Since clusters are stored as secrets it also exposes the `kubectl.kubernetes.io/last-applied-configuration` annotation which includes full secret body. In order to view the cluster annotations via the Argo CD API, the user must have `clusters, get` RBAC access. **Note:** In many cases, cluster secrets do not contain any actually-secret information. But sometimes, as in bearer-token auth, the contents might be very sensitive. The bug has been patched in versions 2.8.3, 2.7.14, and 2.6.15. Users are advised to upgrade. Users unable to upgrade should update/deploy cluster secret with `server-side-apply` flag which does not use or rely on `kubectl.kubernetes.io/last-applied-configuration` annotation. Note: annotation for existing secrets will require manual removal.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30908 βΌ
π Read
via "National Vulnerability Database".
Potential security vulnerabilities have been identified in Hewlett Packard Enterprise OneView Software. These vulnerabilities could be remotely exploited to allow authentication bypass, disclosure of sensitive information, and denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40584 βΌ
π Read
via "National Vulnerability Database".
Argo CD is a declarative continuous deployment for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, the said component extracts a user-controlled tar.gz file without validating the size of its inner files. As a result, a malicious, low-privileged user can send a malicious tar.gz file that exploits this vulnerability to the repo-server, thereby harming the system's functionality and availability. Additionally, the repo-server is susceptible to another vulnerability due to the fact that it does not check the extracted file permissions before attempting to delete them. Consequently, an attacker can craft a malicious tar.gz archive in a way that prevents the deletion of its inner files when the manifest generation process is completed. A patch for this vulnerability has been released in versions 2.6.15, 2.7.14, and 2.8.3. Users are advised to upgrade. The only way to completely resolve the issue is to upgrade, however users unable to upgrade should configure RBAC (Role-Based Access Control) and provide access for configuring applications only to a limited number of administrators. These administrators should utilize trusted and verified Helm charts.π Read
via "National Vulnerability Database".
π΄ Software Supply Chain Strategies to Parry Dependency Confusion Attacks π΄
π Read
via "Dark Reading".
Bad actors practice to deceive package managers with a tangled web of methods. Here's how to hoist them by their own petard.π Read
via "Dark Reading".
Dark Reading
Software Supply Chain Strategies to Parry Dependency Confusion Attacks
Bad actors practice to deceive package managers with a tangled web of methods. Here's how to hoist them by their own petard.
βΌ CVE-2023-40353 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Exynos Mobile Processor 980 and 2100. An integer overflow at a buffer index can prevent the execution of requested services via a crafted application.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41594 βΌ
π Read
via "National Vulnerability Database".
Dairy Farm Shop Management System Using PHP and MySQL v1.1 was discovered to contain multiple SQL injection vulnerabilities in the Login function via the Username and Password parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40271 βΌ
π Read
via "National Vulnerability Database".
In Trusted Firmware-M through TF-Mv1.8.0, for platforms that integrate the CryptoCell accelerator, when the CryptoCell PSA Driver software Interface is selected, and the Authenticated Encryption with Associated Data Chacha20-Poly1305 algorithm is used, with the single-part verification function (defined during the build-time configuration phase) implemented with a dedicated function (i.e., not relying on usage of multipart functions), the buffer comparison during the verification of the authentication tag does not happen on the full 16 bytes but just on the first 4 bytes, thus leading to the possibility that unauthenticated payloads might be identified as authentic. This affects TF-Mv1.6.0, TF-Mv1.6.1, TF-Mv1.7.0, and TF-Mv1.8.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40953 βΌ
π Read
via "National Vulnerability Database".
icms 7.0.16 is vulnerable to Cross Site Request Forgery (CSRF).π Read
via "National Vulnerability Database".