🕴 RIT Is the First University to Receive Support From the Google Cybersecurity Clinics Fund 🕴
📖 Read
via "Dark Reading".
📖 Read
via "Dark Reading".
Dark Reading
RIT Is the First University to Receive Support From the Google Cybersecurity Clinics Fund
PRESS RELEASE
‼ CVE-2023-21266 ‼
📖 Read
via "National Vulnerability Database".
In killBackgroundProcesses of ActivityManagerService.java, there is a possible way to escape Google Play protection due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5366 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21291 ‼
📖 Read
via "National Vulnerability Database".
In visitUris of Notification.java, there is a possible way to reveal image contents from another user due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5214 ‼
📖 Read
via "National Vulnerability Database".
In Puppet Bolt versions prior to 3.27.4, a path to escalate privileges was identified.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21244 ‼
📖 Read
via "National Vulnerability Database".
In visitUris of Notification.java, there is a possible bypass of user profile boundaries due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-45282 ‼
📖 Read
via "National Vulnerability Database".
In NASA Open MCT (aka openmct) 2.2.5 before 545a177, prototype pollution can occur via an import action.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21253 ‼
📖 Read
via "National Vulnerability Database".
In multiple locations, there is a possible way to crash multiple system services due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-45303 ‼
📖 Read
via "National Vulnerability Database".
ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute (for content sent to the /api/admin/settings endpoint).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44384 ‼
📖 Read
via "National Vulnerability Database".
Discourse-jira is a Discourse plugin allows Jira projects, issue types, fields and field options will be synced automatically. An administrator user can make an SSRF attack by setting the Jira URL to an arbitrary location and enabling the `discourse_jira_verbose_log` site setting. A moderator user could manipulate the request path to the Jira API, allowing them to perform arbitrary GET requests using the Jira API credentials, potentially with elevated permissions, used by the application.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21252 ‼
📖 Read
via "National Vulnerability Database".
In validatePassword of WifiConfigurationUtil.java, there is a possible way to get the device into a boot loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-45239 ‼
📖 Read
via "National Vulnerability Database".
A lack of input validation exists in tac_plus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent to tac_plus to inject shell commands and gain remote code execution on the tac_plus server.📖 Read
via "National Vulnerability Database".
🕴 WatchGuard Threat Lab Report Finds Endpoint Malware Volumes Decreasing Despite Campaigns Growing More Expansive 🕴
📖 Read
via "Dark Reading".
📖 Read
via "Dark Reading".
Dark Reading
WatchGuard Threat Lab Report Finds Endpoint Malware Volumes Decreasing Despite Campaigns Growing More Expansive
PRESS RELEASE
🕴 Too Rich To Ransomware? MGM Brushes Off $100M in Losses 🕴
📖 Read
via "Dark Reading".
MGM wins big bet that days of operations outages is better business than paying a ransom, following last month's data breach.📖 Read
via "Dark Reading".
Dark Reading
Too Rich to Ransomware? MGM Brushes Off $100M in Losses
MGM wins big bet that choosing days of operations outages is a better business decision than paying a ransom, following last month's data breach.
‼ CVE-2023-5452 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-45311 ‼
📖 Read
via "National Vulnerability Database".
fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project (that depends on fsevents) distributes code that was obtained from that URL at a time when it was controlled by an adversary.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3725 ‼
📖 Read
via "National Vulnerability Database".
Potential buffer overflow vulnerability in the Zephyr CAN bus subsystem📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34355 ‼
📖 Read
via "National Vulnerability Database".
IBM Jazz Foundation (IBM Engineering Lifecycle Management 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) could disclose sensitive version information to a user that could be used in further attacks against the system. IBM X-Force ID: 230498.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2023-45199 ‼
📖 Read
via "National Vulnerability Database".
Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can lead to remote Code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5182 ‼
📖 Read
via "National Vulnerability Database".
Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier. An attacker in the adm group could use this information to find hashed passwords and possibly escalate their privilege.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36123 ‼
📖 Read
via "National Vulnerability Database".
Directory Traversal vulnerability in Hex-Dragon Plain Craft Launcher 2 version Alpha 1.3.9, allows local attackers to execute arbitrary code and gain sensitive information.📖 Read
via "National Vulnerability Database".