βΌ CVE-2023-3413 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to read the source code of a project through a fork created before changing visibility to only project members.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3917 βΌ
π Read
via "National Vulnerability Database".
Denial of Service in pipelines affecting all versions of Gitlab EE and CE prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows attacker to cause pipelines to fail.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3920 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that a maintainer to create a fork relationship between existing projects contrary to the documentation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26148 βΌ
π Read
via "National Vulnerability Database".
All versions of the package ithewei/libhv are vulnerable to CRLF Injection when untrusted user input is used to set request headers. An attacker can add the \r\n (carriage return line feeds) characters and inject additional headers in the request sent.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30591 βΌ
π Read
via "National Vulnerability Database".
Denial-of-service in NodeBB <= v2.8.10 allows unauthenticated attackers to trigger a crash, when invoking `eventName.startsWith()` or `eventName.toString()`, while processing Socket.IO messages via crafted Socket.IO messages containing array or object type for the event name respectively.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32477 βΌ
π Read
via "National Vulnerability Database".
Dell Common Event Enabler 8.9.8.2 for Windows and prior, contain an improper access control vulnerability. A local low-privileged malicious user may potentially exploit this vulnerability to gain elevated privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44469 βΌ
π Read
via "National Vulnerability Database".
A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG before 2.17.1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the request_uri authorization parameter. This is similar to CVE-2020-10770.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3115 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab EE affecting all versions affecting all versions from 11.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Single Sign On restrictions were not correctly enforced for indirect project members accessing public members-only project repositories.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26146 βΌ
π Read
via "National Vulnerability Database".
All versions of the package ithewei/libhv are vulnerable to Cross-site Scripting (XSS) such that when a file with a name containing a malicious payload is served by the application, the filename is displayed without proper sanitization when it is rendered.π Read
via "National Vulnerability Database".
π¦Ώ Protect Your Passwords for Life for Just $30 π¦Ώ
π Read
via "Tech Republic".
Automatically create and save passwords, fill in forms and logins, even securely share passwords and sync across all of your devices via WiFi.π Read
via "Tech Republic".
TechRepublic
Get 2 Lifetime Password Manager Subscriptions for Only $50
Save your business time and money with Sticky Password Premium and get this two-account bundle for $49.99 at TechRepublic Academy.
π¦Ώ Censys Reveals Open Directories Share More Than 2,000 TB of Unprotected Data π¦Ώ
π Read
via "Tech Republic".
These open directories could leak sensitive data, intellectual property or technical data and let an attacker compromise the entire system. Follow these security best practices for open directories.π Read
via "Tech Republic".
TechRepublic
Censys Reveals Open Directories Share More Than 2,000 TB of Unprotected Data
These open directories could leak sensitive data, intellectual property or technical data and let an attacker compromise the entire system.
π¦Ώ Best SIEM Tools and Software for 2023 π¦Ώ
π Read
via "Tech Republic".
Looking for the best SIEM tool? Check out our list and find the security information and event management solution that fits your business needs.π Read
via "Tech Republic".
TechRepublic
Best SIEM Tools: Top Solutions for Enhanced Security
SIEM tools are essential for real-time threat detection and incident response. Discover the best SIEM tools to enhance your security strategy.
π’ Should your business worry about North Korean cyber attacks? π’
π Read
via "ITPro".
The threat from North Korea should not be overlooked. What are its aims and how does it stack up against Russia and China? π Read
via "ITPro".
ITPro
Should your business worry about North Korean cyber attacks?
The threat from North Korea should not be overlooked. What are its aims and how does it stack up against Russia and China?
β€1
π΄ QR Code 101: What the Threats Look Like π΄
π Read
via "Dark Reading".
Because QR codes can be used for phishing as easily as an email or text can, organizations must remain vigilant when dealing with them.π Read
via "Dark Reading".
Dark Reading
QR Code 101: What the Threats Look Like
Because QR codes can be used for phishing as easily as an email or text can, organizations must remain vigilant when dealing with them.
βΌ CVE-2023-5196 βΌ
π Read
via "National Vulnerability Database".
Mattermost fails to enforce character limits in all possible notification props allowing an attacker toΓ send a really long value for a notification_prop resulting in the server consuming an abnormal quantity of computing resources and possibly becoming temporarily unavailable for its users.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5257 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in WhiteHSBG JNDIExploit 1.4 on Windows. It has been rated as problematic. Affected by this issue is the function handleFileRequest of the file src/main/java/com/feihong/ldap/HTTPServer.java. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. VDB-240866 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5194 βΌ
π Read
via "National Vulnerability Database".
Mattermost fails to properly validate permissions when demoting and deactivating a user allowing for aΓ system/user manager to demote / deactivate another managerπ Read
via "National Vulnerability Database".
βΌ CVE-2023-5159 βΌ
π Read
via "National Vulnerability Database".
Mattermost fails to properly verify the permissions when managing/updating a bot allowing aΓ User Manager role with user edit permissions to manage/update bots.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5193 βΌ
π Read
via "National Vulnerability Database".
Mattermost fails to properly check permissions when retrieving a post allowing forΓ a System Role with the permission to manage channels to read the posts of a DM conversation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5195 βΌ
π Read
via "National Vulnerability Database".
Mattermost fails to properly validate the permissions when soft deleting a team allowing a team member to soft delete other teams that they are not part ofπ Read
via "National Vulnerability Database".
π’ Cisco issues eight separate security advisories alerting customers to array of vulnerabilities π’
π Read
via "ITPro".
The advisory marks the end of a troubling week for Cisco with regard to security concerns π Read
via "ITPro".
ITPro
Cisco issues eight separate security advisories alerting customers to array of vulnerabilities
The advisory marks the end of a troubling week for Cisco with regard to security concerns