‼ CVE-2023-5346 ‼
📖 Read
via "National Vulnerability Database".
Type confusion in V8 in Google Chrome prior to 117.0.5938.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43069 ‼
📖 Read
via "National Vulnerability Database".
Dell SmartFabric Storage Software v1.4 (and earlier) contain(s) an OS Command Injection Vulnerability in the CLI. An authenticated local attacker could potentially exploit this vulnerability, leading to possible injection of parameters to curl or docker.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43070 ‼
📖 Read
via "National Vulnerability Database".
Dell SmartFabric Storage Software v1.4 (and earlier) contains a Path Traversal Vulnerability in the HTTP interface. A remote authenticated attacker could potentially exploit this vulnerability, leading to modify or write arbitrary files to arbitrary locations in the license container.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43068 ‼
📖 Read
via "National Vulnerability Database".
Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the restricted shell in SSH. An authenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary commands.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44386 ‼
📖 Read
via "National Vulnerability Database".
Vapor is an HTTP web framework for Swift. There is a denial of service vulnerability impacting all users of affected versions of Vapor. The HTTP1 error handler closed connections when HTTP parse errors occur instead of passing them on. The issue is fixed as of Vapor release 4.84.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43072 ‼
📖 Read
via "National Vulnerability Database".
Dell SmartFabric Storage Software v1.4 (and earlier) contains an improper access control vulnerability in the CLI. A local possibly unauthenticated attacker could potentially exploit this vulnerability, leading to ability to execute arbritrary shell commands.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44387 ‼
📖 Read
via "National Vulnerability Database".
Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to files having too much permissions given that symlinks usually are world readable and writeable. While it is unlikely this results in a direct vulnerability for the impacted build, it may open up attack vectors depending on where build artifacts end up being copied to or un-archived. In versions 7.6.3, 8.4 and above, Gradle will now properly use the permissions of the file pointed at by the symlink to set permissions of the copied or archived file.📖 Read
via "National Vulnerability Database".
🕴 Group-IB: 'GoldDigger' Banking Trojan Targets Vietnamese Organizations 🕴
📖 Read
via "Dark Reading".
The malware uses software to evade detection while also making it difficult to analyze.📖 Read
via "Dark Reading".
Dark Reading
Group-IB: 'GoldDigger' Banking Trojan Targets Vietnamese Organizations
The malware uses software to evade detection while also making it difficult to analyze.
🕴 Madagascar Drops Predator Spyware on Citizens in Watering Hole Attack 🕴
📖 Read
via "Dark Reading".
The Predator spyware was distributed by dropping malicious links inside typosquatted facsimiles of news websites.📖 Read
via "Dark Reading".
Dark Reading
Madagascar Drops Predator Spyware on Citizens in Watering Hole Attack
The Predator spyware was distributed by dropping malicious links inside typosquatted facsimiles of news websites.
🦿 Microsoft Redesigns OneDrive for Business Layout 🦿
📖 Read
via "Tech Republic".
Microsoft OneDrive is adding new SharePoint features and will let the Copilot AI summarize and interpret files.📖 Read
via "Tech Republic".
TechRepublic
Microsoft Redesigns OneDrive for Business Layout
Microsoft OneDrive is adding new SharePoint features and will let the Copilot AI summarize and interpret files.
🕴 10 Routine Security Gaffes the Feds Are Begging You to Fix 🕴
📖 Read
via "Dark Reading".
Here are the most common misconfigurations plaguing large organizations, according to a new joint cybersecurity advisory. 📖 Read
via "Dark Reading".
Dark Reading
10 Routine Security Gaffes the Feds Are Begging You to Fix
Here are the most common misconfigurations plaguing large organizations, according to a new joint cybersecurity advisory.
🕴 Legions of Critical Infrastructure Devices Subject to Cyber Targeting 🕴
📖 Read
via "Dark Reading".
Nearly 100,000 ICS devices have been found open to the public Internet, potentially threatening physical safety globally. Here's how to quantify the risk.📖 Read
via "Dark Reading".
Dark Reading
Legions of Critical Infrastructure Devices Subject to Cyber Targeting
Nearly 100,000 ICS devices have been found open to the public Internet, potentially threatening physical safety globally. Here's how to quantify the risk.
🕴 'Operation Jacana' Reveals DinodasRAT Custom Backdoor 🕴
📖 Read
via "Dark Reading".
The previously undocumented data exfiltration malware was part of a successful cyber-espionage campaign against the Guyanese government, likely by the Chinese.📖 Read
via "Dark Reading".
Dark Reading
'Operation Jacana' Reveals DinodasRAT Custom Backdoor
The previously undocumented data exfiltration malware was part of a successful cyber-espionage campaign against the Guyanese government, likely by the Chinese.
‼ CVE-2023-5441 ‼
📖 Read
via "National Vulnerability Database".
NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40920 ‼
📖 Read
via "National Vulnerability Database".
Prixan prixanconnect up to v1.62 was discovered to contain a SQL injection vulnerability via the component CartsGuruCatalogModuleFrontController::importProducts().📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44024 ‼
📖 Read
via "National Vulnerability Database".
SQL injection vulnerability in KnowBand Module One Page Checkout, Social Login & Mailchimp (supercheckout) v.8.0.3 and before allows a remote attacker to execute arbitrary code via a crafted request to the updateCheckoutBehaviour function in the supercheckout.php component.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39323 ‼
📖 Read
via "National Vulnerability Database".
Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43981 ‼
📖 Read
via "National Vulnerability Database".
Presto Changeo testsitecreator up to 1.1.1 was discovered to contain a deserialization vulnerability via the component delete_excluded_folder.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43284 ‼
📖 Read
via "National Vulnerability Database".
An issue in D-Link Wireless MU-MIMO Gigabit AC1200 Router DIR-846 firmware version 100A53DBR-Retail allows a remote attacker to execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43983 ‼
📖 Read
via "National Vulnerability Database".
Presto Changeo attributegrid up to 2.0.3 was discovered to contain a SQL injection vulnerability via the component disable_json.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40556 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Greg Ross Schedule Posts Calendar plugin <=Â 5.2 versions.📖 Read
via "National Vulnerability Database".
❤1