βΌ CVE-2023-37538 βΌ
π Read
via "National Vulnerability Database".
HCL Digital Experience is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site).π Read
via "National Vulnerability Database".
βΌ CVE-2023-44981 βΌ
π Read
via "National Vulnerability Database".
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper (quorum.auth.enableSasl=true), the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The instance part in SASL auth ID is optional and if it's missing, like 'eve@EXAMPLE.COM', the authorization check will be skipped.Γ As a result an arbitrary endpoint could join the cluster and begin propagating counterfeit changes to the leader, essentially giving it complete read-write access to the data tree.Γ Quorum Peer authentication is not enabled by default.Users are recommended to upgrade to version 3.9.1, 3.8.3, 3.7.2, which fixes the issue.Alternately ensure the ensemble election/quorum communication is protected by a firewall as this will mitigate the issue.See the documentation for more details on correct cluster administration.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44107 βΌ
π Read
via "National Vulnerability Database".
Vulnerability of defects introduced in the design process in the screen projection module.Successful exploitation of this vulnerability may affect service availability and integrity.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44106 βΌ
π Read
via "National Vulnerability Database".
API permission management vulnerability in the Fwk-Display module.Successful exploitation of this vulnerability may cause features to perform abnormally.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5520 βΌ
π Read
via "National Vulnerability Database".
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.π Read
via "National Vulnerability Database".
π΄ Reassessing the Impacts of Risk Management With NIST Framework 2.0 π΄
π Read
via "Dark Reading".
The latest NIST Cybersecurity Framework draft highlights four major themes that organizations should pay attention to for managing risk.π Read
via "Dark Reading".
Dark Reading
Reassessing the Impacts of Risk Management With NIST Framework 2.0
The latest NIST Cybersecurity Framework draft highlights four major themes that organizations should pay attention to for managing risk.
βΌ CVE-2023-44110 βΌ
π Read
via "National Vulnerability Database".
Out-of-bounds access vulnerability in the audio module.Successful exploitation of this vulnerability may affect availability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44111 βΌ
π Read
via "National Vulnerability Database".
Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44100 βΌ
π Read
via "National Vulnerability Database".
Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44104 βΌ
π Read
via "National Vulnerability Database".
Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5521 βΌ
π Read
via "National Vulnerability Database".
Incorrect Authorization in GitHub repository tiann/kernelsu prior to v0.6.9.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44118 βΌ
π Read
via "National Vulnerability Database".
Vulnerability of undefined permissions in the MeeTime module.Successful exploitation of this vulnerability will affect availability and confidentiality.π Read
via "National Vulnerability Database".
π¦Ώ How Australiaβs Banking Sector Can Embrace Cross-Collaboration to Combat the Scam Epidemic π¦Ώ
π Read
via "Tech Republic".
The ACCC has given the green light for cross-banking collaboration to address scams. Here's how IT pros in financial services can take advantage of this opportunity.π Read
via "Tech Republic".
TechRepublic
Australia's Banking Sector Can Embrace Cross-Collaboration to Combat Scams
The ACCC has given the green light for cross-banking collaboration to address scams. Here's how IT pros in financial services can take advantage of this opportunity.
π΄ Data Thieves Test-Drive Unique Certificate Abuse Tactic π΄
π Read
via "Dark Reading".
An SEO poisoning campaign is spreading the RecordBreaker/Raccoon Stealer and LummaC2 infostealers by attempting to confound software certificate checks.π Read
via "Dark Reading".
Dark Reading
Data Thieves Test-Drive Unique Certificate Abuse Tactic
An SEO poisoning campaign is spreading the RecordBreaker/Raccoon Stealer and LummaC2 infostealers by attempting to confound software certificate checks.
βΌ CVE-2023-4957 βΌ
π Read
via "National Vulnerability Database".
A vulnerability of authentication bypass has been found on a Zebra Technologies ZTC ZT410-203dpi ZPL printer. This vulnerability allows an attacker that is in the same network as the printer, to change the username and password for the Web Page by sending a specially crafted POST request to the setvarsResults.cgi file. For this vulnerability to be exploitable, the printers protected mode must be disabled.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45396 βΌ
π Read
via "National Vulnerability Database".
An Insecure Direct Object Reference (IDOR) vulnerability leads to events profiles access in Elenos ETG150 FM transmitter running on version 3.12.π Read
via "National Vulnerability Database".
π΄ Magecart Campaign Hijacks 404 Pages to Steal Data π΄
π Read
via "Dark Reading".
The novel technique helps hide the cybercriminal campaign's efforts to steal credit card information from visitors to major websites, and it represents an evolution for Magecart.π Read
via "Dark Reading".
Dark Reading
Magecart Campaign Hijacks 404 Pages to Steal Data
The novel technique helps hide the cybercriminal campaign's efforts to steal credit card information from visitors to major websites, and it represents an evolution for Magecart.
π΄ Addressing a Breach Starts With Getting Everyone on the Same Page π΄
π Read
via "Dark Reading".
The best incident-response plans cover contingencies and are fine-tuned in stress tests to ensure collaboration, remediation, and recovery efforts align. π Read
via "Dark Reading".
Dark Reading
Addressing a Breach Starts With Getting Everyone on the Same Page
The best incident-response plans cover contingencies and are fine-tuned in stress tests to ensure collaboration, remediation, and recovery efforts align.
βΌ CVE-2023-28381 βΌ
π Read
via "National Vulnerability Database".
An OS command injection vulnerability exists in the admin.cgi MVPN_trial_init functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35966 βΌ
π Read
via "National Vulnerability Database".
Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the realloc function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32645 βΌ
π Read
via "National Vulnerability Database".
A leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability.π Read
via "National Vulnerability Database".