βΌ CVE-2023-4401 βΌ
π Read
via "National Vulnerability Database".
Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the CLI use of the Γ’β¬ΛmoreΓ’β¬β’ command. A local or remote authenticated attacker could potentially exploit this vulnerability, leading to the ability to gain root-level access.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5423 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/ajax.php?action=confirm_order. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The identifier of this vulnerability is VDB-241384.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43073 βΌ
π Read
via "National Vulnerability Database".
Dell SmartFabric Storage Software v1.4 (and earlier) contains an Improper Input Validation vulnerability in RADIUS configuration. An authenticated remote attacker could potentially exploit this vulnerability, leading to gaining unauthorized access to data.π Read
via "National Vulnerability Database".
βΌ CVE-2023-42754 βΌ
π Read
via "National Vulnerability Database".
A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43071 βΌ
π Read
via "National Vulnerability Database".
Dell SmartFabric Storage Software v1.4 (and earlier) contains possible vulnerabilities for HTML injection or CVS formula injection which might escalate to cross-site scripting attacks in HTML pages in the GUI. A remote authenticated attacker could potentially exploit these issues, leading to various injection type attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41175 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.π Read
via "National Vulnerability Database".
βΌ CVE-2023-42755 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the `rsvp_classify` function. This issue may allow a local user to crash the system and cause a denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32485 βΌ
π Read
via "National Vulnerability Database".
Dell SmartFabric Storage Software version 1.3 and lower contain an improper input validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability and escalate privileges up to the highest administration level. This is a critical severity vulnerability affecting user authentication. Dell recommends customers to upgrade at the earliest opportunity.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43260 βΌ
π Read
via "National Vulnerability Database".
Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the admin panel.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5346 βΌ
π Read
via "National Vulnerability Database".
Type confusion in V8 in Google Chrome prior to 117.0.5938.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)π Read
via "National Vulnerability Database".
βΌ CVE-2023-43069 βΌ
π Read
via "National Vulnerability Database".
Dell SmartFabric Storage Software v1.4 (and earlier) contain(s) an OS Command Injection Vulnerability in the CLI. An authenticated local attacker could potentially exploit this vulnerability, leading to possible injection of parameters to curl or docker.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43070 βΌ
π Read
via "National Vulnerability Database".
Dell SmartFabric Storage Software v1.4 (and earlier) contains a Path Traversal Vulnerability in the HTTP interface. A remote authenticated attacker could potentially exploit this vulnerability, leading to modify or write arbitrary files to arbitrary locations in the license container.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43068 βΌ
π Read
via "National Vulnerability Database".
Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the restricted shell in SSH. An authenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary commands.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44386 βΌ
π Read
via "National Vulnerability Database".
Vapor is an HTTP web framework for Swift. There is a denial of service vulnerability impacting all users of affected versions of Vapor. The HTTP1 error handler closed connections when HTTP parse errors occur instead of passing them on. The issue is fixed as of Vapor release 4.84.2.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43072 βΌ
π Read
via "National Vulnerability Database".
Dell SmartFabric Storage Software v1.4 (and earlier) contains an improper access control vulnerability in the CLI. A local possibly unauthenticated attacker could potentially exploit this vulnerability, leading to ability to execute arbritrary shell commands.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44387 βΌ
π Read
via "National Vulnerability Database".
Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to files having too much permissions given that symlinks usually are world readable and writeable. While it is unlikely this results in a direct vulnerability for the impacted build, it may open up attack vectors depending on where build artifacts end up being copied to or un-archived. In versions 7.6.3, 8.4 and above, Gradle will now properly use the permissions of the file pointed at by the symlink to set permissions of the copied or archived file.π Read
via "National Vulnerability Database".
π΄ Group-IB: 'GoldDigger' Banking Trojan Targets Vietnamese Organizations π΄
π Read
via "Dark Reading".
The malware uses software to evade detection while also making it difficult to analyze.π Read
via "Dark Reading".
Dark Reading
Group-IB: 'GoldDigger' Banking Trojan Targets Vietnamese Organizations
The malware uses software to evade detection while also making it difficult to analyze.
π΄ Madagascar Drops Predator Spyware on Citizens in Watering Hole Attack π΄
π Read
via "Dark Reading".
The Predator spyware was distributed by dropping malicious links inside typosquatted facsimiles of news websites.π Read
via "Dark Reading".
Dark Reading
Madagascar Drops Predator Spyware on Citizens in Watering Hole Attack
The Predator spyware was distributed by dropping malicious links inside typosquatted facsimiles of news websites.
π¦Ώ Microsoft Redesigns OneDrive for Business Layout π¦Ώ
π Read
via "Tech Republic".
Microsoft OneDrive is adding new SharePoint features and will let the Copilot AI summarize and interpret files.π Read
via "Tech Republic".
TechRepublic
Microsoft Redesigns OneDrive for Business Layout
Microsoft OneDrive is adding new SharePoint features and will let the Copilot AI summarize and interpret files.
π΄ 10 Routine Security Gaffes the Feds Are Begging You to Fix π΄
π Read
via "Dark Reading".
Here are the most common misconfigurations plaguing large organizations, according to a new joint cybersecurity advisory. π Read
via "Dark Reading".
Dark Reading
10 Routine Security Gaffes the Feds Are Begging You to Fix
Here are the most common misconfigurations plaguing large organizations, according to a new joint cybersecurity advisory.
π΄ Legions of Critical Infrastructure Devices Subject to Cyber Targeting π΄
π Read
via "Dark Reading".
Nearly 100,000 ICS devices have been found open to the public Internet, potentially threatening physical safety globally. Here's how to quantify the risk.π Read
via "Dark Reading".
Dark Reading
Legions of Critical Infrastructure Devices Subject to Cyber Targeting
Nearly 100,000 ICS devices have been found open to the public Internet, potentially threatening physical safety globally. Here's how to quantify the risk.