โผ CVE-2023-45608 โผ
๐ Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Nicola Modugno Smart Cookie Kit plugin <=ร 2.3.1 versions.๐ Read
via "National Vulnerability Database".
๐ฆฟ What Australian IT Leaders Need to Focus on Ahead of Privacy Act Reforms ๐ฆฟ
๐ Read
via "Tech Republic".
The Australian federal government aims to deliver changes to privacy laws in 2024. Organisations are being warned to prepare ahead of time by creating a comprehensive map of organisational data.๐ Read
via "Tech Republic".
TechRepublic
What Australian IT Leaders Need to Focus on Ahead of Privacy Reforms
Australian organisations can prepare for privacy law changes from the government by creating a comprehensive map of organisational data.
โผ CVE-2023-45607 โผ
๐ Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Hector Cabrera WordPress Popular Posts plugin <=ร 6.3.2 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-45630 โผ
๐ Read
via "National Vulnerability Database".
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in wpdevart Gallery รขโฌโ Image and Video Gallery with Thumbnails plugin <=ร 2.0.3 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-45604 โผ
๐ Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Scott Reilly Get Custom Field Values plugin <=ร 4.0.1 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-30781 โผ
๐ Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Theme Blvd Tweeple plugin <=ร 0.9.5 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-5631 โผ
๐ Read
via "National Vulnerability Database".
Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attackerto load arbitrary JavaScript code.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-45602 โผ
๐ Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Shopfiles Ltd Ebook Store plugin <=ร 5.785 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-45632 โผ
๐ Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WebDorado SpiderVPlayer plugin <=ร 1.5.22 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-45628 โผ
๐ Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in QROkes QR Twitter Widget plugin <=ร 0.2.3 versions.๐ Read
via "National Vulnerability Database".
๐ด North Korea's Kimsuky Doubles Down on Remote Desktop Control ๐ด
๐ Read
via "Dark Reading".
The sophisticated APT employs various tactics to abuse Windows and other built-in protocols with both custom and public malware to take over victim systems.๐ Read
via "Dark Reading".
Dark Reading
North Korea's Kimsuky Doubles Down on Remote Desktop Control
The sophisticated APT employs various tactics to abuse Windows and other built-in protocols with both custom and public malware to take over victim systems.
๐ฆฟ ExpressVPN Review (2023): Pricing, Features, Pros, & Cons ๐ฆฟ
๐ Read
via "Tech Republic".
Editor has the option to alter SEO's meta description or write their own DEK to draw readers into the article most effectively. Alternatively, editor can assign DEK writing to the assigned writer. Consider the top picks or major editorial call-outs for inclusion.๐ Read
via "Tech Republic".
TechRepublic
ExpressVPN Review: Pricing, Features, Pros, & Cons
How much does ExpressVPN cost, and is it trustworthy? Read our ExpressVPN review to learn about pricing, security, performance, and more.
๐ด D-Link Confirms Breach, Rebuts Hacker's Claims About Scope ๐ด
๐ Read
via "Dark Reading".
The router specialist says the attacker's claims to have heisted millions and millions of records are significantly overblown. But an incident did happen, stemming from a successful phish.๐ Read
via "Dark Reading".
Dark Reading
D-Link Confirms Breach, Rebuts Hacker's Claims About Scope
The router specialist says the attacker's claims to have heisted millions and millions of records are significantly overblown. But an incident did happen, stemming from a successful phish.
๐ด What CISOs Should Exclude From SEC Cybersecurity Filings ๐ด
๐ Read
via "Dark Reading".
Should CISOs include only known information in the SEC filings for a material security incident, or is there room to include details that may change during the investigation?๐ Read
via "Dark Reading".
Dark Reading
What CISOs Should Exclude From SEC Cybersecurity Filings
Should CISOs include only known information in the SEC filings for a material security incident, or is there room to include details that may change during the investigation?
โผ CVE-2023-35656 โผ
๐ Read
via "National Vulnerability Database".
In multiple functions of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-45813 โผ
๐ Read
via "National Vulnerability Database".
Torbot is an open source tor network intelligence tool. In affected versions the `torbot.modules.validators.validate_link function` uses the python-validators URL validation regex. This particular regular expression has an exponential complexity which allows an attacker to cause an application crash using a well-crafted argument. An attacker can use a well-crafted URL argument to exploit the vulnerability in the regular expression and cause a Denial of Service on the system. The validators file has been removed in version 4.0.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-4601 โผ
๐ Read
via "National Vulnerability Database".
A stack-based buffer overflow vulnerability exists in NI System Configuration that could result in information disclosure and/or arbitrary code execution. Successful exploitation requires that an attacker can provide a specially crafted response. This affects NI System Configuration 2023 Q3 and all previous versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-43803 โผ
๐ Read
via "National Vulnerability Database".
Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint `/v2/pkgs/tools/installed` and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can delete arbitrary files or folders belonging to the user that runs the Arduino Create Agent via a crafted HTTP POST request. This issue has been addressed in version `1.3.3`. Users are advised to upgrade. There are no known workarounds for this vulnerability.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-35663 โผ
๐ Read
via "National Vulnerability Database".
In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-43802 โผ
๐ Read
via "National Vulnerability Database".
Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint `/upload` which handles request with the `filename` parameter. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can escalate their privileges to those of the user running the Arduino Create Agent service via a crafted HTTP POST request. This issue has been addressed in version `1.3.3`. Users are advised to upgrade. There are no known workarounds for this vulnerability.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-45145 โผ
๐ Read
via "National Vulnerability Database".
Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection. This problem has existed since Redis 2.6.0-RC1. This issue has been addressed in Redis versions 7.2.2, 7.0.14 and 6.2.14. Users are advised to upgrade. For users unable to upgrade, it is possible to work around the problem by disabling Unix sockets, starting Redis with a restrictive umask, or storing the Unix socket file in a protected directory.๐ Read
via "National Vulnerability Database".