βΌ CVE-2023-41732 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in CodePeople CP Blocks plugin <=Γ 1.0.20 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41950 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Laposta - Roel Bousardt Laposta Signup Basic plugin <=Γ 1.4.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38703 βΌ
π Read
via "National Vulnerability Database".
PJSIP is a free and open source multimedia communication library written in C with high level API in C, C++, Java, C#, and Python languages. SRTP is a higher level media transport which is stacked upon a lower level media transport such as UDP and ICE. Currently a higher level transport is not synchronized with its lower level transport that may introduce use-after-free issue. This vulnerability affects applications that have SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media transport other than UDP. This vulnerabilityΓ’β¬β’s impact may range from unexpected application termination to control flow hijack/memory corruption. The patch is available as a commit in the master branch.π Read
via "National Vulnerability Database".
βΌ CVE-2023-42445 βΌ
π Read
via "National Vulnerability Database".
Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack (OOB-XXE), just parsing XML can lead to exfiltration of local text files to a remote server. Gradle parses XML files for several purposes. Most of the time, Gradle parses XML files it generated or were already present locally. Only Ivy XML descriptors and Maven POM files can be fetched from remote repositories and parsed by Gradle. In Gradle 7.6.3 and 8.4, resolving XML external entities has been disabled for all use cases to protect against this vulnerability. Gradle will now refuse to parse XML files that have XML external entities.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35897 βΌ
π Read
via "National Vulnerability Database".
IBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments 8.1.0.0 through 8.1.19.0 could allow a local user to execute arbitrary code on the system using a specially crafted file, caused by a DLL hijacking flaw. IBM X-Force ID: 259246.π Read
via "National Vulnerability Database".
π΄ Suspected Crime Gang Hacks Israeli President's Telegram Account π΄
π Read
via "Dark Reading".
The encrypted messaging app was hacked in the wake of an online scam before access was "swiftly restored."π Read
via "Dark Reading".
Dark Reading
Suspected Crime Gang Hacks Israeli President's Telegram Account
The encrypted messaging app was hacked in the wake of an online scam before access was "swiftly restored."
π΄ 23andMe Cyberbreach Exposes DNA Data, Potential Family Ties π΄
π Read
via "Dark Reading".
The information leaked in the breach involves personally identifiable information as well as genetic ancestry data, potential relatives, and geolocations.π Read
via "Dark Reading".
Dark Reading
23andMe Cyberbreach Exposes DNA Data, Potential Family Ties
The information leaked in the breach involves personally identifiable information as well as genetic ancestry data, potential relatives, and geolocations.
βΌ CVE-2023-44243 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Dylan Blokhuis Instant CSS plugin <=Γ 1.2.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23370 βΌ
π Read
via "National Vulnerability Database".
An insufficiently protected credentials vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to gain access to user accounts and access sensitive data used by the user account via unspecified vectors.We have already fixed the vulnerability in the following version:QVPN Windows 2.1.0.0518 and laterπ Read
via "National Vulnerability Database".
βΌ CVE-2023-44807 βΌ
π Read
via "National Vulnerability Database".
D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the cancelPing function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23365 βΌ
π Read
via "National Vulnerability Database".
A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow authenticated users to read the contents of unexpected files and expose sensitive data via a network.We have already fixed the vulnerability in the following version:Music Station 5.3.22 and laterπ Read
via "National Vulnerability Database".
βΌ CVE-2023-44233 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in FooPlugins Best WordPress Gallery Plugin Γ’β¬β FooGallery plugin <=Γ 2.2.44 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32971 βΌ
π Read
via "National Vulnerability Database".
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.We have already fixed the vulnerability in the following versions:QTS 5.0.1.2425 build 20230609 and laterQTS 5.1.0.2444 build 20230629 and laterQTS 4.5.4.2467 build 20230718 and laterQuTS hero h5.0.1.2515 build 20230907 and laterQuTS hero h5.1.0.2424 build 20230609 and laterQuTS hero h4.5.4.2476 build 20230728 and laterQuTScloud c5.1.0.2498 and laterπ Read
via "National Vulnerability Database".
βΌ CVE-2023-32972 βΌ
π Read
via "National Vulnerability Database".
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.We have already fixed the vulnerability in the following versions:QTS 5.0.1.2425 build 20230609 and laterQTS 5.1.0.2444 build 20230629 and laterQTS 4.5.4.2467 build 20230718 and laterQuTS hero h5.0.1.2515 build 20230907 and laterQuTS hero h5.1.0.2424 build 20230609 and laterQuTS hero h4.5.4.2476 build 20230728 and laterQuTScloud c5.1.0.2498 and laterπ Read
via "National Vulnerability Database".
βΌ CVE-2023-23366 βΌ
π Read
via "National Vulnerability Database".
A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow authenticated users to read the contents of unexpected files and expose sensitive data via a network.We have already fixed the vulnerability in the following version:Music Station 5.3.22 and laterπ Read
via "National Vulnerability Database".
βΌ CVE-2023-39928 βΌ
π Read
via "National Vulnerability Database".
A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution. A user would need to to visit a malicious webpage to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23371 βΌ
π Read
via "National Vulnerability Database".
A cleartext transmission of sensitive information vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to read sensitive data via unspecified vectors.We have already fixed the vulnerability in the following version:QVPN Windows 2.2.0.0823 and laterπ Read
via "National Vulnerability Database".
π¦Ώ IPVanish VPN Review (2023): Features, Pricing, and Security π¦Ώ
π Read
via "Tech Republic".
Read our comprehensive review of IPVanish VPN. Discover its features, pricing, and more to determine if it meets your online security and privacy needs.π Read
via "Tech Republic".
TechRepublic
IPVanish VPN Review: Is it Really as Secure as Claimed?
Read our comprehensive review of IPVanish VPN. Discover its features, pricing, and more to determine if it meets your online security and privacy needs.
π΄ Predictive Analysis Can Reduce Risks Associated With Data Breaches π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Predictive Analysis Can Reduce Risks Associated With Data Breaches
PRESS RELEASE
π΄ Cybersecurity Funding Rises by 21% in Q3 2023, Pinpoint Search Group's Report Indicates π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Cybersecurity Funding Rises by 21% in Q3 2023, Pinpoint Search Group's Report Indicates
PRESS RELEASE