🕴 MGM, Caesars File SEC Disclosures on Cybersecurity Incidents 🕴
📖 Read
via "Dark Reading".
Pursuant to new regulation, both gaming companies reported recent cyber incidents to the SEC. 📖 Read
via "Dark Reading".
Dark Reading
MGM, Caesars File SEC Disclosures on Cybersecurity Incidents
Pursuant to new regulation, both gaming companies reported recent cyber incidents to the SEC.
🕴 Cybercriminals Use Webex Brand to Target Corporate Users 🕴
📖 Read
via "Dark Reading".
The false advertisement has been left up for days, flying under the radar by managing to adhere to Google Ads' policies.📖 Read
via "Dark Reading".
Dark Reading
Cybercriminals Use Webex Brand to Target Corporate Users
The false advertisement has been left up for days, flying under the radar by managing to adhere to Google Ads' policies.
🕴 Zero-Click iPhone Exploit Drops Pegasus Spyware on Exiled Russian Journalist 🕴
📖 Read
via "Dark Reading".
The exploit is one of many that government and intelligence agencies have to infect target devices with the notorious surveillance tool.📖 Read
via "Dark Reading".
Dark Reading
Zero-Click iPhone Exploit Drops Pegasus Spyware on Exiled Russian Journalist
The exploit is one of many that government and intelligence agencies have to infect target devices with the notorious surveillance tool.
❤1
‼ CVE-2023-32611 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4676 ‼
📖 Read
via "National Vulnerability Database".
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yordam MedasPro allows Reflected XSS.This issue affects MedasPro: before 28.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32643 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-2023-32665. This bug does not affect any released version of GLib, but does affect GLib distributors who followed the guidance of GLib developers to backport the initial fix for CVE-2023-32665.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32636 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37755 ‼
📖 Read
via "National Vulnerability Database".
i-doit pro 25 and below and I-doit open 25 and below are configured with insecure default administrator credentials, and there is no warning or prompt to ask users to change the default password and account name. Unauthenticated attackers can exploit this vulnerability to obtain Administrator privileges, resulting in them being able to perform arbitrary system operations or cause a Denial of Service (DoS).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38912 ‼
📖 Read
via "National Vulnerability Database".
SQL injection vulnerability in Super Store Finder PHP Script v.3.6 allows a remote attacker to execute arbitrary code via a crafted payload to the username parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37739 ‼
📖 Read
via "National Vulnerability Database".
i-doit Pro v25 and below was discovered to be vulnerable to path traversal.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41156 ‼
📖 Read
via "National Vulnerability Database".
A Stored Cross-Site Scripting (XSS) vulnerability in the filter and forward mail tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the save to new folder named field while creating a new filter.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41160 ‼
📖 Read
via "National Vulnerability Database".
A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the key name field while adding an authorized key.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41588 ‼
📖 Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in Time to SLA plugin v10.13.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the durationFormat parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-42362 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in Teller Web App v.4.4.0 allows a remote attacker to execute arbitrary commands and obtain sensitive information via uploading a crafted file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4563 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** This was assigned as a duplicate of CVE-2023-4244.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25588 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25585 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37756 ‼
📖 Read
via "National Vulnerability Database".
I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for Administrator account creation. Attackers are able to easily guess users' passwords via a bruteforce attack.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25584 ‼
📖 Read
via "National Vulnerability Database".
An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29499 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25586 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service.📖 Read
via "National Vulnerability Database".