‼ CVE-2023-38152 ‼
📖 Read
via "National Vulnerability Database".
DHCP Server Service Information Disclosure Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38148 ‼
📖 Read
via "National Vulnerability Database".
Internet Connection Sharing (ICS) Remote Code Execution Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36805 ‼
📖 Read
via "National Vulnerability Database".
Windows MSHTML Platform Security Feature Bypass Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38146 ‼
📖 Read
via "National Vulnerability Database".
Windows Themes Remote Code Execution Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38162 ‼
📖 Read
via "National Vulnerability Database".
DHCP Server Service Denial of Service Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36744 ‼
📖 Read
via "National Vulnerability Database".
Microsoft Exchange Server Remote Code Execution Vulnerability📖 Read
via "National Vulnerability Database".
🕴 IBM Adds Data Security Broker to Encrypt Data in Multiclouds 🕴
📖 Read
via "Dark Reading".
The new IBM Cloud Security Compliance Center includes a data security broker from Baffle to offer enterprises field and file level encryption of sensitive data.📖 Read
via "Dark Reading".
Dark Reading
IBM Adds Data Security Broker to Encrypt Data in Multiclouds
The data security broker from Baffle brings field- and file-level encryption of sensitive data to new IBM Cloud Security Compliance Center.
🕴 Israeli Hospital Hit By Ransomware Attack, 1TB Data Stolen 🕴
📖 Read
via "Dark Reading".
Vital medical equipment was unaffected, but attackers stole and leaked lots of personal data.📖 Read
via "Dark Reading".
Dark Reading
Israeli Hospital Hit By Ransomware Attack, 1TB Data Stolen
Vital medical equipment was unaffected, but attackers stole and leaked lots of personal data.
🕴 Critical Google Chrome Zero-Day Bug Exploited in the Wild 🕴
📖 Read
via "Dark Reading".
The security vulnerability could lead to arbitrary code execution by way of application crashing.📖 Read
via "Dark Reading".
Dark Reading
Critical Google Chrome Zero-Day Bug Exploited in the Wild
The security vulnerability could lead to arbitrary code execution by way of application crashing.
👍2
‼ CVE-2023-21522 ‼
📖 Read
via "National Vulnerability Database".
A Reflected Cross-site Scripting (XSS) vulnerability in the Management Console (Reports) of Blackberry AtHoc version 7.15 could allow an attacker to potentially control a script that is executed in the victim's browser then they can execute script commands in the context of the affected user account. 📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21521 ‼
📖 Read
via "National Vulnerability Database".
An SQL Injection vulnerability in the Management Console? (Operator Audit Trail) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database, recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30962 ‼
📖 Read
via "National Vulnerability Database".
The Gotham Cerberus service was found to have a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Gotham to launch attacks against other users. This vulnerability is resolved in Cerberus 100.230704.0-27-g031dd58 .📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4501 ‼
📖 Read
via "National Vulnerability Database".
User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server (including product variants such as Enterprise Test Server), versions 7.0 patch updates 19 and 20, 8.0 patch updates 8 and 9, and 9.0 patch update 1, when LDAP-based authentication is used with certain configurations. When the vulnerability is active, authentication succeeds with any valid username, regardless of whether the password is correct; it may also succeed with an invalid username (and any password). This allows an attacker with access to the product to impersonate any user.Mitigations: The issue is corrected in the upcoming patch update for each affected product. Product overlays and workaround instructions are available through OpenText Support. The vulnerable configurations are believed to be uncommon.Administrators can test for the vulnerability in their installations by attempting to sign on to a Visual COBOL or Enterprise Server component such as ESCWA using a valid username and incorrect password.📖 Read
via "National Vulnerability Database".
🕴 China's Winnti APT Compromises National Grid in Asia for 6 Months 🕴
📖 Read
via "Dark Reading".
Attacks against critical infrastructure are becoming more commonplace and, if a recent PRC-sponsored attack is anything to go by, easier to pull off.📖 Read
via "Dark Reading".
Dark Reading
China's Winnti APT Compromises National Grid in Asia for 6 Months
Attacks against critical infrastructure are becoming more commonplace and, if a recent PRC-sponsored attack is anything to go by, easier to pull off.
‼ CVE-2023-21523 ‼
📖 Read
via "National Vulnerability Database".
A Stored Cross-site Scripting (XSS) vulnerability in the Management Console (User Management and Alerts) of BlackBerry AtHoc version 7.15 could allow an attacker to execute script commands in the context of the affected user account.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4918 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in the Keycloak package, more specifically org.keycloak.userprofile. When a user registers itself through registration flow, the "password" and "password-confirm" field from the form will occur as regular user attributes. All users and clients with proper rights and roles are able to read users attributes, allowing a malicious user with minimal access to retrieve the users passwords in clear text, jeopardizing their environment.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4903 ‼
📖 Read
via "National Vulnerability Database".
Inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4907 ‼
📖 Read
via "National Vulnerability Database".
Inappropriate implementation in Intents in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4921 ‼
📖 Read
via "National Vulnerability Database".
A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation.When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue().We recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41331 ‼
📖 Read
via "National Vulnerability Database".
SOFARPC is a Java RPC framework. Versions prior to 5.11.0 are vulnerable to remote command execution. Through a carefullycrafted payload, an attacker can achieve JNDI injection or system command execution. In the default configuration of the SOFARPC framework, a blacklist is used to filter out dangerous classes encountered during the deserialization process. However, the blacklist is not comprehensive, and an actor can exploit certain native JDK classes and common third-party packages to construct gadget chains capable of achieving JNDI injection or system command execution attacks. Version 5.11.0 contains a fix for this issue. As a workaround, users can add `-Drpc_serialize_blacklist_override=javax.sound.sampled.AudioFileFormat` to the blacklist.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4904 ‼
📖 Read
via "National Vulnerability Database".
Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. (Chromium security severity: Medium)📖 Read
via "National Vulnerability Database".