π¦Ώ Retailers Are Rapidly Scaling Surveillance of Australian Consumers β Why This Is a Red Flag π¦Ώ
π Read
via "Tech Republic".
Australian retailers are rolling out mass surveillance solutions to combat shoplifting, but a poor regulatory environment could mean high risks associated with data security and privacy.π Read
via "Tech Republic".
TechRepublic
Retailers Are Rapidly Scaling Surveillance of Australian Consumers β Why This Is a Red Flag
Australian retailers are rolling out solutions that allow them to track shoppersβ every movement. This is a privacy and security red flag.
βΌ CVE-2023-4291 βΌ
π Read
via "National Vulnerability Database".
Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a remote code execution (RCE) vulnerability via manipulated parameters of the web interface without authentication.Γ This could lead to a full compromise of the FDS101 device.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4152 βΌ
π Read
via "National Vulnerability Database".
Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a path traversal vulnerability of the web interface by a crafted URL without authentication. This enables an remote attacker to read all files on the filesystem of the FDS101 device.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5104 βΌ
π Read
via "National Vulnerability Database".
Improper Input Validation in GitHub repository nocodb/nocodb prior to 0.96.0.π Read
via "National Vulnerability Database".
βΌ CVE-2015-8371 βΌ
π Read
via "National Vulnerability Database".
Composer before 2016-02-10 allows cache poisoning from other projects built on the same host. This results in attacker-controlled code entering a server-side build process. The issue occurs because of the way that dist packages are cached. The cache key is derived from the package name, the dist type, and certain other data from the package repository (which may simply be a commit hash, and thus can be found by an attacker). Versions through 1.0.0-alpha11 are affected, and 1.0.0 is unaffected.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43669 βΌ
π Read
via "National Vulnerability Database".
The Tungstenite crate through 0.20.0 for Rust allows remote attackers to cause a denial of service (minutes of CPU consumption) via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted (e.g., thousands of times) and the average amount of data for each parse attempt (e.g., millions of bytes).π Read
via "National Vulnerability Database".
βΌ CVE-2018-5478 βΌ
π Read
via "National Vulnerability Database".
Contao 3.x before 3.5.32 allows XSS via the unsubscribe module in the frontend newsletter extension.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39252 βΌ
π Read
via "National Vulnerability Database".
Dell SCG Policy Manager 5.16.00.14 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4760 βΌ
π Read
via "National Vulnerability Database".
In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote Code Execution is possible on Windows when using the FileUpload component.The reason for this is a not completely secure extraction of the file name in the FileUploadProcessor.stripFileName(String name) method. As soon as this finds a / in the path, everything before it is removed, but potentially \ (backslashes) coming further back are kept.For example, a file name such as /..\..\webapps\shell.war can be used to upload a file to a Tomcat server under Windows, which is then saved as ..\..\webapps\shell.war in its webapps directory and can then be executed.π Read
via "National Vulnerability Database".
βΌ CVE-2015-5467 βΌ
π Read
via "National Vulnerability Database".
web\ViewAction in Yii (aka Yii2) 2.x before 2.0.5 allows attackers to execute any local .php file via a relative path in the view parameeter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4292 βΌ
π Read
via "National Vulnerability Database".
Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a SQL injection vulnerability via manipulated parameters of the web interface without authentication. The database contains limited, non-critical log information.π Read
via "National Vulnerability Database".
π΄ Understanding the Differences Between On-Premises and Cloud Cybersecurity π΄
π Read
via "Dark Reading".
The nature of cloud environments means security and technical teams need a different mindset to understand and manage their new attack surface.π Read
via "Dark Reading".
Dark Reading
Understanding the Differences Between On-Premises and Cloud Cybersecurity
The nature of cloud environments means security and technical teams need a different mindset to understand and manage their new attack surface.
βΌ CVE-2023-43238 βΌ
π Read
via "National Vulnerability Database".
D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter nvmacaddr in form2Dhcpip.cgi.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43240 βΌ
π Read
via "National Vulnerability Database".
D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter sip_address in ipportFilter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43237 βΌ
π Read
via "National Vulnerability Database".
D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter macCloneMac in setMAC.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43241 βΌ
π Read
via "National Vulnerability Database".
D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter TXPower and GuardInt in SetWLanRadioSecurity.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43236 βΌ
π Read
via "National Vulnerability Database".
D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter statuscheckpppoeuser in dir_setWanWifi.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43239 βΌ
π Read
via "National Vulnerability Database".
D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter flag_5G in showMACfilterMAC.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43235 βΌ
π Read
via "National Vulnerability Database".
D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter StartTime and EndTime in SetWifiDownSettings.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43242 βΌ
π Read
via "National Vulnerability Database".
D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter removeRuleList in form2IPQoSTcDel.π Read
via "National Vulnerability Database".
π¦Ώ Top 5 Ways to Secure Work Data on Your Personal Mac π¦Ώ
π Read
via "Tech Republic".
Worried about work data security on your personal Mac? In this article, we'll discuss the best strategies to keep your work data secure on your Mac.π Read
via "Tech Republic".
TechRepublic
Top 5 Ways to Secure Work Data on Your Personal Mac
Worried about work data security on your personal Mac? We'll discuss the best strategies to keep your work data secure on your Mac.