βΌ CVE-2023-30995 βΌ
π Read
via "National Vulnerability Database".
IBM Aspera Faspex 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a specially crafted HTTP request. IBM X-Force ID: 254268.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41318 βΌ
π Read
via "National Vulnerability Database".
matrix-media-repo is a highly customizable multi-domain media repository for the Matrix chat ecosystem. In affected versions an attacker could upload a malicious piece of media to the media repo, which would then be served with `Content-Disposition: inline` upon download. This vulnerability could be leveraged to execute scripts embedded in SVG content. Commits `77ec235` and `bf8abdd` fix the issue and are included in the 1.3.0 release. Operators should upgrade to v1.3.0 as soon as possible. Operators unable to upgrade should override the `Content-Disposition` header returned by matrix-media-repo as a workaround.π Read
via "National Vulnerability Database".
π1
π΄ 3 Ways to Expand the Cyber Talent Pool From Splash Pad to Watering Hole π΄
π Read
via "Dark Reading".
Why β and how β "unqualified" candidates will fill the reservoir with the security workers America is thirsty for.π Read
via "Dark Reading".
Dark Reading
3 Ways to Expand the Cyber Talent Pool From Splash Pad to Watering Hole
Why β and how β "unqualified" candidates will fill the reservoir with the security workers America is thirsty for.
π¦Ώ Microsoft, Apple versus China, spyware actors π¦Ώ
π Read
via "Tech Republic".
Itβs a cat-and-mouse struggle as tech giants Microsoft and Apple deal with persistent threats from China state actors and Pegasus spyware.π Read
via "Tech Republic".
TechRepublic
Microsoft Confronts China-based Storm-0558, Apple Issues Patches for Pegasus Spyware
Itβs a cat-and-mouse struggle as tech giants Microsoft and Apple deal with persistent threats from China state actors and Pegasus spyware.
β€2
βΌ CVE-2023-4846 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Simple Membership System 1.0. It has been rated as critical. This issue affects some unknown processing of the file delete_member.php. The manipulation of the argument mem_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239255.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-4845 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Simple Membership System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file account_edit_query.php. The manipulation of the argument admin_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239254 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4847 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in SourceCodester Simple Book Catalog App 1.0. Affected is an unknown function of the component Update Book Form. The manipulation of the argument book_title/book_author leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239256.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-4851 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects unknown code of the file ?r=dashboard/position/edit&op=member. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239260.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4850 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in IBOS OA 4.5.5. This affects an unknown part of the file ?r=dashboard/position/del. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239259.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4852 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in IBOS OA 4.5.5 and classified as critical. This issue affects some unknown processing of the file ?r=dashboard/database/optimize. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239261 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4864 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in SourceCodester Take-Note App 1.0. This affects an unknown part of the file index.php. The manipulation of the argument noteContent with the input <script>alert('xss')</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239349 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4865 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in SourceCodester Take-Note App 1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239350 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41915 βΌ
π Read
via "National Vulnerability Database".
OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4878 βΌ
π Read
via "National Vulnerability Database".
Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1-git.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4879 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1.-git.π Read
via "National Vulnerability Database".
βΌ CVE-2023-42467 βΌ
π Read
via "National Vulnerability Database".
QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. This stops QEMU and the guest immediately.π Read
via "National Vulnerability Database".
π¦Ώ Protect Your Data With the MonoDefense Security Suite for $149.99 π¦Ώ
π Read
via "Tech Republic".
Get VPN, Firewall and SmartDNS protection in one package! Combining five top-rated security apps, the MonoDefense Security Suite offers complete protection β and lifetime subscriptions are now 62% off.π Read
via "Tech Republic".
TechRepublic
Protect Your Data With the MonoDefense Security Suite for $130
Get VPN, Firewall, and SmartDNS protection in one package with MonoDefense Security Suite.
βΌ CVE-2023-4577 βΌ
π Read
via "National Vulnerability Database".
When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4104 βΌ
π Read
via "National Vulnerability Database".
An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups.*This bug only affects Mozilla VPN on Linux. Other operating systems are unaffected.* This vulnerability affects Mozilla VPN client for Linux < v2.16.1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4576 βΌ
π Read
via "National Vulnerability Database".
On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape.*This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, and Thunderbird < 115.2.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4575 βΌ
π Read
via "National Vulnerability Database".
When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, and Thunderbird < 115.2.π Read
via "National Vulnerability Database".