π΄ New One-Click Exploit Is a Supply Chain Risk for Linux OSes π΄
π Read
via "Dark Reading".
An overlooked library contains a vulnerability that could enable full remote takeover simply by clicking a link.π Read
via "Dark Reading".
Dark Reading
One-Click 'Gnome' Exploit Is a Supply Chain Risk for Linux OSes
An overlooked library contains a vulnerability that could enable full remote takeover simply by clicking a link.
π΄ Microsoft Patch Tuesday Haunted by Zero-Days, Wormable Bug π΄
π Read
via "Dark Reading".
October's CVE update is here. Here's which security vulnerabilities to patch now to exorcise your Microsoft systems demons.π Read
via "Dark Reading".
Dark Reading
Microsoft Patch Tuesday Haunted by Zero-Days, Wormable Bug
October's CVE update is here. Here's which security vulnerabilities to patch now to exorcise your Microsoft systems demons.
βοΈ Patch Tuesday, October 2023 Edition βοΈ
π Read
via "Krebs on Security".
Microsoft today issued security updates for more than 100 newly-discovered vulnerabilities in its Windows operating system and related software, including four flaws that are already being exploited. In addition, Apple recently released emergency updates to quash a pair of zero-day bugs in iOS.π Read
via "Krebs on Security".
Krebs on Security
Patch Tuesday, October 2023 Edition
Microsoft today issued security updates for more than 100 newly-discovered vulnerabilities in its Windows operating system and related software, including four flaws that are already being exploited. In addition, Apple recently released emergency updatesβ¦
β€1
βΌ CVE-2023-26220 βΌ
π Read
via "National Vulnerability Database".
The Spotfire Library component of TIBCO Software Inc.'s Spotfire Analyst and Spotfire Server contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s Spotfire Analyst: versions 11.4.7 and below, versions 11.5.0, 11.6.0, 11.7.0, 11.8.0, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4, versions 12.1.0 and 12.1.1 and Spotfire Server: versions 11.4.11 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4, and 12.0.5, versions 12.1.0 and 12.1.1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36127 βΌ
π Read
via "National Vulnerability Database".
User enumeration is found in in PHPJabbers Appointment Scheduler 3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36126 βΌ
π Read
via "National Vulnerability Database".
There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Appointment Scheduler v3.0π Read
via "National Vulnerability Database".
π΄ A Frontline Report of Chinese Threat Actor Tactics and Techniques π΄
π Read
via "Dark Reading".
Threat intel experts see a reduced focus on desktop malware as threat groups prioritize passwords and tokens that let them access the same systems as remote workers.π Read
via "Dark Reading".
Dark Reading
A Frontline Report of Chinese Threat Actor Tactics and Techniques
Threat intel experts see a reduced focus on desktop malware as threat groups prioritize passwords and tokens that let them access the same systems as remote workers.
π1
βΌ CVE-2023-5511 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-44689 βΌ
π Read
via "National Vulnerability Database".
e-Gov Client Application (Windows version) versions prior to 2.1.1.0 and e-Gov Client Application (macOS version) versions prior to 1.1.1.0 are vulnerable to improper authorization in handler for custom URL scheme. A crafted URL may direct the product to access an arbitrary website. As a result, the user may become a victim of a phishing attack.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45194 βΌ
π Read
via "National Vulnerability Database".
Use of default credentials vulnerability in MR-GM2 firmware Ver. 3.00.03 and earlier, and MR-GM3 (-D/-K/-S/-DK/-DKS/-M/-W) firmware Ver. 1.03.45 and earlier allows a network-adjacent unauthenticated attacker to intercept wireless LAN communication, when the affected product performs the communication without changing the pre-shared key from the factory-default configuration.π Read
via "National Vulnerability Database".
π¦Ώ F5 Warns Australian IT of Social Engineering Risk Escalation Due to Generative AI π¦Ώ
π Read
via "Tech Republic".
F5 says an artificial intelligence war could start between generative AI-toting bad actors and enterprises guarding data with AI. Australian IT teams will be caught in the crossfire.π Read
via "Tech Republic".
TechRepublic
F5 Warns Australian IT of Social Engineering Risk Escalation Due to Generative AI
F5 says Australian IT teams could be soon caught between generative AI-toting bad actors and enterprises guarding data with AI.
β€1
βΌ CVE-2023-26318 βΌ
π Read
via "National Vulnerability Database".
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Xiaomi Xiaomi Router allows Overflow Buffers.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26320 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44758 βΌ
π Read
via "National Vulnerability Database".
BigFix Insights/IVR fixlet uses improper credential handling within certain fixlet content. An attacker can gain access to information that is not explicitly authorized.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26319 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37536 βΌ
π Read
via "National Vulnerability Database".
An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.π Read
via "National Vulnerability Database".
βΌ CVE-2023-42138 βΌ
π Read
via "National Vulnerability Database".
Out-of-bounds read vulnerability exists in KV STUDIO Ver. 11.62 and earlier and KV REPLAY VIEWER Ver. 2.62 and earlier. If this vulnerability is exploited, information may be disclosed or arbitrary code may be executed by having a user of KV STUDIO PLAYER open a specially crafted file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44997 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Nitin Rathod WP Forms Puzzle Captcha plugin <=Γ 4.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44757 βΌ
π Read
via "National Vulnerability Database".
BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure. An attacker could gain access to sensitive information, modify data in unexpected ways, etc.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42451 βΌ
π Read
via "National Vulnerability Database".
Certain credentials within the BigFix Patch Management Download Plug-ins are stored insecurely and could be exposed to a local privileged user.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4990 βΌ
π Read
via "National Vulnerability Database".
Directory traversal vulnerability in MCL-Net versions prior to 4.6 Update Package (P01) may allow attackers to read arbitrary files.π Read
via "National Vulnerability Database".