‼ CVE-2023-39049 ‼
📖 Read
via "National Vulnerability Database".
An information leak in youmart-tokunaga v13.6.1 allows attackers to obtain the channel access token and send crafted messages.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2023-39046 ‼
📖 Read
via "National Vulnerability Database".
An information leak in TonTon-Tei_waiting Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41599 ‼
📖 Read
via "National Vulnerability Database".
An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execute a directory traversal.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40788 ‼
📖 Read
via "National Vulnerability Database".
SpringBlade <=V3.6.0 is vulnerable to Incorrect Access Control due to incorrect configuration in the default gateway resulting in unauthorized access to error logs📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5060 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28357 ‼
📖 Read
via "National Vulnerability Database".
NATS nats-server 2.2.0 through 2.7.4 allows directory traversal because of an unintended path to a management action from a management account.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-42399 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting vulnerability in xdsoft.net Jodit Editor v.4.0.0-beta.86 allows a remote attacker to obtain sensitive information via the rich text editor component.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26837 ‼
📖 Read
via "National Vulnerability Database".
SQL Injection vulnerability in SearchTextBox parameter in Fortra (Formerly HelpSystems) DeliverNow before version 1.2.18, allows attackers to execute arbitrary code, escalate privileges, and gain sensitive information.📖 Read
via "National Vulnerability Database".
🕴 'ShroudedSnooper' Backdoors Use Ultra-Stealth in Mideast Telecom Attacks 🕴
📖 Read
via "Dark Reading".
The threat cluster hasn't been seen before, but its custom Windows server backdoors have researchers intrigued thanks to their extremely effective stealth mechanisms.📖 Read
via "Dark Reading".
Dark Reading
'ShroudedSnooper' Backdoors Use Ultra-Stealth in Mideast Telecom Attacks
The threat cluster hasn't been seen before, but its custom Windows server backdoors have researchers intrigued thanks to their extremely effective stealth mechanisms.
👍1
‼ CVE-2023-0773 ‼
📖 Read
via "National Vulnerability Database".
The vulnerability exists in Uniview IP Camera due to identification and authentication failure at its web-based management interface. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device.Successful exploitation of this vulnerability could allow the attacker to gain complete control of the targeted device.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2567 ‼
📖 Read
via "National Vulnerability Database".
A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain parameters used in the Query functionality, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application.Authenticated users can extract arbitrary information from the DBMS in an uncontrolled way.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32184 ‼
📖 Read
via "National Vulnerability Database".
A Insecure Storage of Sensitive Information vulnerability in openSUSE opensuse-welcome allows local attackers to execute code as the user that runs opensuse-welcome if a custom layout is chosenThis issue affects opensuse-welcome: from 0.1 before 0.1.9+git.35.4b9444a.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32649 ‼
📖 Read
via "National Vulnerability Database".
A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, allows an unauthenticated attacker to crash the IDS module by sending specially crafted malformed network packets.During the (limited) time window before the IDS module is automatically restarted, network traffic may not be analyzed.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32186 ‼
📖 Read
via "National Vulnerability Database".
A Allocation of Resources Without Limits or Throttling vulnerability in SUSE RKE2 allows attackers with access to K3s servers apiserver/supervisor port (TCP 6443) cause denial of service.This issue affects RKE2: from 1.24.0 before 1.24.17+rke2r1, from v1.25.0 before v1.25.13+rke2r1, from v1.26.0 before v1.26.8+rke2r1, from v1.27.0 before v1.27.5+rke2r1, from v1.28.0 before v1.28.1+rke2r1.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29245 ‼
📖 Read
via "National Vulnerability Database".
A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, may allow an unauthenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application by sending specially crafted malicious network packets.Malicious users with extensive knowledge on the underlying system may be able to extract arbitrary information from the DBMS in an uncontrolled way, or to alter its structure and data.📖 Read
via "National Vulnerability Database".
👍1
🦿 How to Create and Use a Docker Secret From a File 🦿
📖 Read
via "Tech Republic".
Learn how to create and use a Docker secret from a file for secure storage of sensitive data with this step-by-step tutorial.📖 Read
via "Tech Republic".
TechRepublic
How to Create and Use a Docker Secret From a File
Learn how to create and use a Docker secret from a file for secure storage of sensitive data with this step-by-step tutorial.
🦿 How to Create and Use a Docker Secret From a File (+Video) 🦿
📖 Read
via "Tech Republic".
In this step-by-step tutorial, learn how to create and use a Docker secret to help keep your data secure.📖 Read
via "Tech Republic".
TechRepublic
How to Create and Use a Docker Secret From a File (+Video)
Learn how to create and use a Docker secret from a file for secure storage of sensitive data with this step-by-step tutorial.
🕴 Engineering-Grade OT Protection 🕴
📖 Read
via "Dark Reading".
The worst-case consequences of cyberattacks are sharply, qualitatively different on IT versus OT networks.📖 Read
via "Dark Reading".
Dark Reading
Engineering-Grade OT Protection
The worst-case consequences of cyberattacks are sharply, qualitatively different on IT versus OT networks.
‼ CVE-2022-47557 ‼
📖 Read
via "National Vulnerability Database".
** UNSUPPPORTED WHEN ASSIGNED ** Vulnerability in ekorCCP and ekorRCI that could allow an attacker with access to the network where the device is located to decrypt the credentials of privileged users, and subsequently gain access to the system to perform malicious actions.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-47554 ‼
📖 Read
via "National Vulnerability Database".
** UNSUPPPORTED WHEN ASSIGNED ** Exposure of sensitive information in ekorCCP and ekorRCI, potentially allowing a remote attacker to obtain critical information from various .xml files, including .xml files containing credentials, without being authenticated within the web server.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-47553 ‼
📖 Read
via "National Vulnerability Database".
** UNSUPPPORTED WHEN ASSIGNED ** Incorrect authorisation in ekorCCP and ekorRCI, which could allow a remote attacker to obtain resources with sensitive information for the organisation, without being authenticated within the web server.📖 Read
via "National Vulnerability Database".