βΌ CVE-2023-36551 βΌ
π Read
via "National Vulnerability Database".
A exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.5 allows attacker to information disclosure via a crafted http request.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27998 βΌ
π Read
via "National Vulnerability Database".
A lack of custom error pages vulnerability [CWE-756] in FortiPresence versions 1.2.0 through 1.2.1 and all versions of 1.1 and 1.0 may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specific HTTP(s) paths.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40715 βΌ
π Read
via "National Vulnerability Database".
A cleartext storage of sensitive information vulnerability [CWE-312] inΓ FortiTesterΓ 2.3.0 through 7.2.3 may allowΓ an attacker with access to the DB contents to retrieve the plaintext password of external servers configured in the device.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40717 βΌ
π Read
via "National Vulnerability Database".
A use of hard-coded credentials vulnerability [CWE-798] inΓ FortiTesterΓ 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34984 βΌ
π Read
via "National Vulnerability Database".
A protection mechanism failure in Fortinet FortiWeb 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.0 through 6.4.3, 6.3.6 through 6.3.23 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36638 βΌ
π Read
via "National Vulnerability Database".
An improper privilege management vulnerability [CWE-269] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions API may allow a remote and authenticated API admin user to access some system settings such as the mail server settings through the API via a stolen GUI session ID.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25608 βΌ
π Read
via "National Vulnerability Database".
An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-W2 7.2.0 through 7.2.1, 7.0.3 through 7.0.5, 7.0.0 through 7.0.1, 6.4 all versions, 6.2 all versions, 6.0 all versions; FortiAP-C 5.4.0 through 5.4.4, 5.2 all versions; FortiAP 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4 all versions, 6.0 all versions; FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to read arbitrary files via specially crafted command arguments.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29183 βΌ
π Read
via "National Vulnerability Database".
An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 and FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14 GUI may allow an authenticated attacker to trigger malicious JavaScript code execution via crafted guest management setting.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44172 βΌ
π Read
via "National Vulnerability Database".
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClientEMS versions 7.0.0 through 7.0.4, 7.0.6 through 7.0.7, in all 6.4 and 6.2 version management interface may allow an unauthenticated attacker to gain information on environment variables such as the EMS installation path.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36634 βΌ
π Read
via "National Vulnerability Database".
An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to list and delete arbitrary files and directory via specially crafted command arguments.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36642 βΌ
π Read
via "National Vulnerability Database".
An improper neutralization of special elements used in an OS command vulnerability [CWE-78]Γ in the management interface of FortiTester 3.0.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35849 βΌ
π Read
via "National Vulnerability Database".
An improper neutralization of special elements used in an OS command vulnerability [CWE-78]Γ in the management interface of FortiADC 7.1.0 through 7.1.1, 7.0.0 through 7.0.3, 6.2.0 through 6.2.5 and 6.1.0 all versions may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.π Read
via "National Vulnerability Database".
π¦Ώ IBM, Salesforce and More Pledge to White House List of Eight AI Safety Assurances π¦Ώ
π Read
via "Tech Republic".
Assurances include watermarking, reporting about capabilities and risks, investing in safeguards to prevent bias and more. π Read
via "Tech Republic".
TechRepublic
IBM, Salesforce Pledge to White House List of Eight AI Safety Assurances
Assurances include watermarking, reporting about capabilities and risks and investing in safeguards to prevent bias.
π Zeek 6.0.1 π
π Read
via "Packet Storm Security".
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
Zeek 6.0.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2023-3935 βΌ
π Read
via "National Vulnerability Database".
A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4701 βΌ
π Read
via "National Vulnerability Database".
A Improper Privilege Management vulnerability through an incorrect use of privileged APIs in CodeMeter Runtime versions prior to 7.60c allow a local, low privileged attacker to use an API call for escalation of privileges in order gain full admin access on the host system.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38214 βΌ
π Read
via "National Vulnerability Database".
Adobe Experience Manager versions 6.5.17 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39915 βΌ
π Read
via "National Vulnerability Database".
NLnet LabsΓ’β¬β’ Routinator up to and including version 0.12.1 may crash when trying to parse certain malformed RPKI objects. This is due to insufficient input checking in the bcder library covered by CVE-2023-39914.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39916 βΌ
π Read
via "National Vulnerability Database".
NLnet LabsΓ’β¬β’ Routinator 0.9.0 up to and including 0.12.1 contains a possible path traversal vulnerability in the optional, off-by-default keep-rrdp-responses feature that allows users to store the content of responses received for RRDP requests. The location of these stored responses is constructed from the URL of the request. Due to insufficient sanitation of the URL, it is possible for an attacker to craft a URL that results in the response being stored outside of the directory specified for it.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38215 βΌ
π Read
via "National Vulnerability Database".
Adobe Experience Manager versions 6.5.17 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39914 βΌ
π Read
via "National Vulnerability Database".
NLnet LabsΓ’β¬β’ bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding.π Read
via "National Vulnerability Database".