βΌ CVE-2023-41304 βΌ
π Read
via "National Vulnerability Database".
Parameter verification vulnerability in the window module.Successful exploitation of this vulnerability may cause the size of an app window to be adjusted to that of a floating window.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44105 βΌ
π Read
via "National Vulnerability Database".
Vulnerability of permissions not being strictly verified in the window management module.Successful exploitation of this vulnerability may cause features to perform abnormally.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44116 βΌ
π Read
via "National Vulnerability Database".
Vulnerability of access permissions not being strictly verified in the APPWidget module.Successful exploitation of this vulnerability may cause some apps to run without being authorized.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44108 βΌ
π Read
via "National Vulnerability Database".
Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44097 βΌ
π Read
via "National Vulnerability Database".
Vulnerability of the permission to access device SNs being improperly managed.Successful exploitation of this vulnerability may affect service confidentiality.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44095 βΌ
π Read
via "National Vulnerability Database".
Use-After-Free (UAF) vulnerability in the surfaceflinger module.Successful exploitation of this vulnerability can cause system crash.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37538 βΌ
π Read
via "National Vulnerability Database".
HCL Digital Experience is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site).π Read
via "National Vulnerability Database".
βΌ CVE-2023-44981 βΌ
π Read
via "National Vulnerability Database".
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper (quorum.auth.enableSasl=true), the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The instance part in SASL auth ID is optional and if it's missing, like 'eve@EXAMPLE.COM', the authorization check will be skipped.Γ As a result an arbitrary endpoint could join the cluster and begin propagating counterfeit changes to the leader, essentially giving it complete read-write access to the data tree.Γ Quorum Peer authentication is not enabled by default.Users are recommended to upgrade to version 3.9.1, 3.8.3, 3.7.2, which fixes the issue.Alternately ensure the ensemble election/quorum communication is protected by a firewall as this will mitigate the issue.See the documentation for more details on correct cluster administration.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44107 βΌ
π Read
via "National Vulnerability Database".
Vulnerability of defects introduced in the design process in the screen projection module.Successful exploitation of this vulnerability may affect service availability and integrity.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44106 βΌ
π Read
via "National Vulnerability Database".
API permission management vulnerability in the Fwk-Display module.Successful exploitation of this vulnerability may cause features to perform abnormally.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5520 βΌ
π Read
via "National Vulnerability Database".
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.π Read
via "National Vulnerability Database".
π΄ Reassessing the Impacts of Risk Management With NIST Framework 2.0 π΄
π Read
via "Dark Reading".
The latest NIST Cybersecurity Framework draft highlights four major themes that organizations should pay attention to for managing risk.π Read
via "Dark Reading".
Dark Reading
Reassessing the Impacts of Risk Management With NIST Framework 2.0
The latest NIST Cybersecurity Framework draft highlights four major themes that organizations should pay attention to for managing risk.
βΌ CVE-2023-44110 βΌ
π Read
via "National Vulnerability Database".
Out-of-bounds access vulnerability in the audio module.Successful exploitation of this vulnerability may affect availability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44111 βΌ
π Read
via "National Vulnerability Database".
Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44100 βΌ
π Read
via "National Vulnerability Database".
Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44104 βΌ
π Read
via "National Vulnerability Database".
Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5521 βΌ
π Read
via "National Vulnerability Database".
Incorrect Authorization in GitHub repository tiann/kernelsu prior to v0.6.9.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44118 βΌ
π Read
via "National Vulnerability Database".
Vulnerability of undefined permissions in the MeeTime module.Successful exploitation of this vulnerability will affect availability and confidentiality.π Read
via "National Vulnerability Database".
π¦Ώ How Australiaβs Banking Sector Can Embrace Cross-Collaboration to Combat the Scam Epidemic π¦Ώ
π Read
via "Tech Republic".
The ACCC has given the green light for cross-banking collaboration to address scams. Here's how IT pros in financial services can take advantage of this opportunity.π Read
via "Tech Republic".
TechRepublic
Australia's Banking Sector Can Embrace Cross-Collaboration to Combat Scams
The ACCC has given the green light for cross-banking collaboration to address scams. Here's how IT pros in financial services can take advantage of this opportunity.
π΄ Data Thieves Test-Drive Unique Certificate Abuse Tactic π΄
π Read
via "Dark Reading".
An SEO poisoning campaign is spreading the RecordBreaker/Raccoon Stealer and LummaC2 infostealers by attempting to confound software certificate checks.π Read
via "Dark Reading".
Dark Reading
Data Thieves Test-Drive Unique Certificate Abuse Tactic
An SEO poisoning campaign is spreading the RecordBreaker/Raccoon Stealer and LummaC2 infostealers by attempting to confound software certificate checks.
βΌ CVE-2023-4957 βΌ
π Read
via "National Vulnerability Database".
A vulnerability of authentication bypass has been found on a Zebra Technologies ZTC ZT410-203dpi ZPL printer. This vulnerability allows an attacker that is in the same network as the printer, to change the username and password for the Web Page by sending a specially crafted POST request to the setvarsResults.cgi file. For this vulnerability to be exploitable, the printers protected mode must be disabled.π Read
via "National Vulnerability Database".