‼ CVE-2023-4816 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability exists in the Equipment Tag Out authentication, when configured with Single Sign-On (SSO) with password validation in T214. This vulnerability can be exploited by an authenticated user per-forming an Equipment Tag Out holder action (Accept, Release, and Clear) for another user and entering an arbitrary password in the holder action confirmation dialog box. Despite entering an arbitrary password in the confirmation box, the system will execute the selected holder action.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4582 ‼
📖 Read
via "National Vulnerability Database".
Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occured when allocating too much private shader memory on mac OS. *This bug only affects Firefox on macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2023-42471 ‼
📖 Read
via "National Vulnerability Database".
The wave.ai.browser application through 1.0.35 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. It contains a manifest entry that exports the wave.ai.browser.ui.splash.SplashScreen activity. This activity uses a WebView component to display web content and doesn't adequately validate or sanitize the URI or any extra data passed in the intent by a third party application (with no permissions).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4574 ‼
📖 Read
via "National Vulnerability Database".
When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, and Thunderbird < 115.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4584 ‼
📖 Read
via "National Vulnerability Database".
Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, and Thunderbird < 115.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36161 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Qubo Smart Plug 10A version HSP02_01_01_14_SYSTEM-10A, allows attackers to cause a denial of service (DoS) via Wi-Fi deauthentication.📖 Read
via "National Vulnerability Database".
🕴 Overcoming the Rising Threat of Session Hijacking 🕴
📖 Read
via "Dark Reading".
Passkeys and multifactor authentication aren't enough for combating infostealer malware, which can exfiltrate corporate data before anyone knows an attack happened.📖 Read
via "Dark Reading".
Dark Reading
Overcoming the Rising Threat of Session Hijacking
Passkeys and multifactor authentication aren't enough for combating infostealer malware, which can exfiltrate corporate data before anyone knows an attack happened.
🕴 Navigating Rwanda's New Data Protection Law 🕴
📖 Read
via "Dark Reading".
As the law's October 2023 transition deadline approaches, it's critical for organizations doing business in Rwanda to understand its requirements and implications.📖 Read
via "Dark Reading".
Dark Reading
Navigating Rwanda's New Data Protection Law
As the law's October 2023 transition deadline approaches, it's critical for organizations doing business in Rwanda to understand its requirements and implications.
‼ CVE-2023-30058 ‼
📖 Read
via "National Vulnerability Database".
novel-plus 3.6.2 is vulnerable to SQL Injection.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4881 ‼
📖 Read
via "National Vulnerability Database".
A stack based out-of-bounds write flaw was found in the netfilter subsystem in the Linux kernel. If the expression length is a multiple of 4 (register size), the `nft_exthdr_eval` family of functions writes 4 NULL bytes past the end of the `regs` argument, leading to stack corruption and potential information disclosure or a denial of service.📖 Read
via "National Vulnerability Database".
🕴 Iranian APT Hits US Aviation Org via ManageEngine, Fortinet Bugs 🕴
📖 Read
via "Dark Reading".
Known security vulnerabilities in the enterprise products allowed unauthorized access through a public-facing application, US Cyber Command said.📖 Read
via "Dark Reading".
Dark Reading
Iranian APT Hits US Aviation Org via ManageEngine, Fortinet Bugs
Known security vulnerabilities in the enterprise products allowed unauthorized access through a public-facing application, US Cyber Command said.
🦿 OneTrust Data Governance Review (2023): Features & Pricing 🦿
📖 Read
via "Tech Republic".
This is a comprehensive OneTrust data governance review, covering features, pricing and more. Use this guide to find out if it is the best solution for you.📖 Read
via "Tech Republic".
TechRepublic
OneTrust Data Governance Review (2023): Features & Pricing
This is a comprehensive OneTrust data governance review, covering features, pricing and more. Use this guide to find out if it is the best solution for you.
🕴 Being Flexible Can Improve Your Security Posture 🕴
📖 Read
via "Dark Reading".
Changing your approach when you realize you could be more efficient pays dividends, especially in six areas of your cybersecurity program.📖 Read
via "Dark Reading".
Dark Reading
Being Flexible Can Improve Your Security Posture
Changing your approach when you realize you could be more efficient pays dividends, especially in six areas of your cybersecurity program.
‼ CVE-2020-19318 ‼
📖 Read
via "National Vulnerability Database".
Buffer Overflow vulnerability in D-Link DIR-605L, hardware version AX, firmware version 1.17beta and below, allows authorized attackers execute arbitrary code via sending crafted data to the webserver service program.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-31067 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\TSplus\Clients\www.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-31068 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\TSplus\UserDesktop\themes.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41593 ‼
📖 Read
via "National Vulnerability Database".
Multiple cross-site scripting (XSS) vulnerabilities in Dairy Farm Shop Management System Using PHP and MySQL v1.1 allow attackers to execute arbitrary web scripts and HTML via a crafted payload injected into the Category and Category Field parameters.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41256 ‼
📖 Read
via "National Vulnerability Database".
Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 are vulnerable to authentication bypass that could allow an unauthorized attacker to obtain user access.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40032 ‼
📖 Read
via "National Vulnerability Database".
libvips is a demand-driven, horizontally threaded image processing library. A specially crafted SVG input can cause libvips versions 8.14.3 or earlier to segfault when attempting to parse a malformed UTF-8 character. Users should upgrade to libvips version 8.14.4 (or later) when processing untrusted input.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-31069 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as cleartext within the HTML source code of the login page.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-19323 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in /bin/mini_upnpd on D-Link DIR-619L 2.06beta devices. There is a heap buffer overflow allowing remote attackers to restart router via the M-search request ST parameter. No authentication required📖 Read
via "National Vulnerability Database".