βΌ CVE-2023-38718 βΌ
π Read
via "National Vulnerability Database".
IBM Robotic Process Automation 21.0.0 through 21.0.7.8 could disclose sensitive information from access to RPA scripts, workflows and related data. IBM X-Force ID: 261606.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3596 βΌ
π Read
via "National Vulnerability Database".
An information leak was found in OpenStack's undercloud. This flaw allows unauthenticated, remote attackers to inspect sensitive data after discovering the IP address of the undercloud, possibly leading to compromising private information, including administrator access credentials.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39677 βΌ
π Read
via "National Vulnerability Database".
MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were discovered to contain a PHPInfo information disclosure vulnerability via send.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-42321 βΌ
π Read
via "National Vulnerability Database".
Cross Site Request Forgery (CSRF) vulnerability in icmsdev iCMSv.7.0.16 allows a remote attacker to execute arbitrary code via the user.admincp.php, members.admincp.php, and group.admincp.php files.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43134 βΌ
π Read
via "National Vulnerability Database".
There is an unauthorized access vulnerability in Netis 360RAC1200 v1.3.4517, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management.π Read
via "National Vulnerability Database".
βΌ CVE-2023-42335 βΌ
π Read
via "National Vulnerability Database".
Unrestricted File Upload vulnerability in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to execute arbitrary code via the add attachment function in the New Expense component.π Read
via "National Vulnerability Database".
π¦Ώ CrowdStrike Fal.Con 2023: CrowdStrike Brings AI and Cloud Application Security to Falcon π¦Ώ
π Read
via "Tech Republic".
At CrowdStrike Fal.Con 2023, CrowdStrike announced a new Falcon Raptor release with generative-AI capabilities and the acquisition of Bionic.π Read
via "Tech Republic".
TechRepublic
CrowdStrike Fal.Con 2023: CrowdStrike Brings AI and Cloud Application Security to Falcon
At CrowdStrike Fal.Con 2023, CrowdStrike announced a new Falcon Raptor release with generative-AI capabilities and the acquisition of Bionic.
π΄ GitLab Users Advised to Update Against Critical Flaw Immediately π΄
π Read
via "Dark Reading".
The bug has a CVSS score of 9.6 and allows unauthorized users to compromise private repositories. π Read
via "Dark Reading".
Dark Reading
GitLab Users Advised to Update Against Critical Flaw Immediately
The bug has a CVSS score of 9.6 and allows unauthorized users to compromise private repositories.
π1
π΄ Will Generative AI Kill the Nigerian Prince Scam? π΄
π Read
via "Dark Reading".
A linguist analyzes whether GPT will improve the notoriously agrammatical scam β or finally render it a thing of the past.π Read
via "Dark Reading".
Dark Reading
Will Generative AI Kill the Nigerian Prince Scam?
A linguist analyzes whether GPT will improve the notoriously agrammatical scam β or finally render it a thing of the past.
βΌ CVE-2023-34575 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability in PrestaShop opartsavecart through 2.0.7 allows remote attackers to run arbitrary SQL commands via OpartSaveCartDefaultModuleFrontController::initContent() and OpartSaveCartDefaultModuleFrontController::displayAjaxSendCartByEmail() methods.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-37279 βΌ
π Read
via "National Vulnerability Database".
Faktory is a language-agnostic persistent background job server. Prior to version 1.8.0, the Faktory web dashboard can suffer from denial of service by a crafted malicious url query param `days`. The vulnerability is related to how the backend reads the `days` URL query parameter in the Faktory web dashboard. The value is used directly without any checks to create a string slice. If a very large value is provided, the backend server ends up using a significant amount of memory and causing it to crash. Version 1.8.0 fixes this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36234 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in Netbox 3.5.1, allows attackers to execute arbitrary code via Name field in device-roles/add function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43135 βΌ
π Read
via "National Vulnerability Database".
There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39675 βΌ
π Read
via "National Vulnerability Database".
SimpleImportProduct Prestashop Module v6.2.9 was discovered to contain a SQL injection vulnerability via the key parameter at send.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36109 βΌ
π Read
via "National Vulnerability Database".
Buffer Overflow vulnerability in JerryScript version 3.0, allows remote attackers to execute arbitrary code via ecma_stringbuilder_append_raw component at /jerry-core/ecma/base/ecma-helpers-string.c.π Read
via "National Vulnerability Database".
π¦Ώ Retailers Are Rapidly Scaling Surveillance of Australian Consumers β Why This Is a Red Flag π¦Ώ
π Read
via "Tech Republic".
Australian retailers are rolling out mass surveillance solutions to combat shoplifting, but a poor regulatory environment could mean high risks associated with data security and privacy.π Read
via "Tech Republic".
TechRepublic
Retailers Are Rapidly Scaling Surveillance of Australian Consumers β Why This Is a Red Flag
Australian retailers are rolling out solutions that allow them to track shoppersβ every movement. This is a privacy and security red flag.
βΌ CVE-2023-4291 βΌ
π Read
via "National Vulnerability Database".
Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a remote code execution (RCE) vulnerability via manipulated parameters of the web interface without authentication.Γ This could lead to a full compromise of the FDS101 device.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4152 βΌ
π Read
via "National Vulnerability Database".
Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a path traversal vulnerability of the web interface by a crafted URL without authentication. This enables an remote attacker to read all files on the filesystem of the FDS101 device.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5104 βΌ
π Read
via "National Vulnerability Database".
Improper Input Validation in GitHub repository nocodb/nocodb prior to 0.96.0.π Read
via "National Vulnerability Database".
βΌ CVE-2015-8371 βΌ
π Read
via "National Vulnerability Database".
Composer before 2016-02-10 allows cache poisoning from other projects built on the same host. This results in attacker-controlled code entering a server-side build process. The issue occurs because of the way that dist packages are cached. The cache key is derived from the package name, the dist type, and certain other data from the package repository (which may simply be a commit hash, and thus can be found by an attacker). Versions through 1.0.0-alpha11 are affected, and 1.0.0 is unaffected.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43669 βΌ
π Read
via "National Vulnerability Database".
The Tungstenite crate through 0.20.0 for Rust allows remote attackers to cause a denial of service (minutes of CPU consumption) via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted (e.g., thousands of times) and the average amount of data for each parse attempt (e.g., millions of bytes).π Read
via "National Vulnerability Database".