βΌ CVE-2023-43786 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44763 βΌ
π Read
via "National Vulnerability Database".
Concrete CMS v9.2.1 is affected by Arbitrary File Upload vulnerability via the Thumbnail" file upload, which allows Cross-Site Scripting (XSS).π Read
via "National Vulnerability Database".
βΌ CVE-2023-5450 βΌ
π Read
via "National Vulnerability Database".
An insufficient verification of data vulnerability exists in BIG-IP Edge Client Installer on macOS that may allow an attacker elevation of privileges during the installation process.Γ Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41964 βΌ
π Read
via "National Vulnerability Database".
The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database (DB) variables.Γ Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39447 βΌ
π Read
via "National Vulnerability Database".
When BIG-IP APM Guided Configurations are configured, undisclosed sensitive information may be logged in restnoded log.Γ Γ Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40542 βΌ
π Read
via "National Vulnerability Database".
When TCP Verified Accept is enabled on a TCP profile that is configured on a Virtual Server, undisclosed requests can cause an increase in memory resource utilization.Γ Note: Software versions which have reached End of Technical Support (EoTS) are not evaluatedπ Read
via "National Vulnerability Database".
βΌ CVE-2023-42768 βΌ
π Read
via "National Vulnerability Database".
When a non-admin user has been assigned an administrator role via an iControl REST PUT request and later the user's role is reverted back to a non-admin role via the Configuration utility, tmsh, or iControl REST. BIG-IP non-admin user can still have access to iControl REST admin resource.Γ Γ Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45219 βΌ
π Read
via "National Vulnerability Database".
Exposure of Sensitive Information vulnerability exist in an undisclosed BIG-IP TMOS shell (tmsh) command which may allow an authenticated attacker with resource administrator role privileges to view sensitive information.Γ Γ Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40537 βΌ
π Read
via "National Vulnerability Database".
An authenticated user's session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION platform.Γ Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41373 βΌ
π Read
via "National Vulnerability Database".
A directory traversal vulnerability exists in the BIG-IP Configuration Utility that may allow an authenticated attacker to execute commands on the BIG-IP system. For BIG-IP system running in Appliance mode, a successful exploit can allow the attacker to cross a security boundary.Γ Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
π΄ Old-School Attacks Are Still a Danger, Despite Newer Techniques π΄
π Read
via "Dark Reading".
The cold, hard truth? Cybercriminals are still perpetuating plenty of unsophisticated attacks for a simple reason: They work.π Read
via "Dark Reading".
Dark Reading
Old-School Attacks Are Still a Danger, Despite Newer Techniques
The cold, hard truth? Cybercriminals are still perpetuating plenty of unsophisticated attacks for a simple reason: They work.
π¦Ώ Australia, New Zealand Enterprises Spend Big on Security β But Will It Be Enough? π¦Ώ
π Read
via "Tech Republic".
Australian and New Zealand businesses will increase spending on cybersecurity by double digitsβ¦ but they might not be able to spend their way to safety.π Read
via "Tech Republic".
TechRepublic
Australia, New Zealand Enterprises Spend Big on Security β But Will It Be Enough?
Australian and New Zealand businesses will increase spending on cybersecurity, but they might not be able to spend their way to safety.
βΌ CVE-2023-5490 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. This vulnerability affects unknown code of the file /useratte/userattestation.php. The manipulation of the argument web_img leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-241642 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30801 βΌ
π Read
via "National Vulnerability Database".
All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and execute arbitrary operating system commands using the "external program" feature in the web user interface. This was reportedly exploited in the wild in March 2023.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44470 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Kvvaradha Kv TinyMCE Editor Add Fonts plugin <=Γ 1.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44476 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Andres Felipe Perea V. CopyRightPro plugin <=Γ 2.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5499 βΌ
π Read
via "National Vulnerability Database".
Information exposure vulnerability in Shenzhen Reachfar v28, the exploitation of which could allow a remote attacker to retrieve all the week's logs stored in the 'log2' directory. An attacker could retrieve sensitive information such as remembered wifi networks, sent messages, SOS device locations and device configurations.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30802 βΌ
π Read
via "National Vulnerability Database".
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to a source code disclosure vulnerability. A remote and unauthenticated attacker can obtain PHP source code by sending an HTTP request with an invalid Content-Length field.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30804 βΌ
π Read
via "National Vulnerability Database".
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authenticated file disclosure vulnerability. A remote and authenticated attacker can read arbitrary system files using the svpn_html/loadfile.php endpoint. This issue is exploitable by a remote and unauthenticated attacker when paired with CVE-2023-30803.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44475 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Michael Simpson Add Shortcodes Actions And Filters plugin <=Γ 2.0.9 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44487 βΌ
π Read
via "National Vulnerability Database".
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.π Read
via "National Vulnerability Database".