‼ CVE-2023-41089 ‼
📖 Read
via "National Vulnerability Database".
The affected product is vulnerable to an improper authentication vulnerability, which may allow an attacker to impersonate a legitimate user as long as the device keeps the session active, since the attack takes advantage of the cookie header to generate "legitimate" requests.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-45826 ‼
📖 Read
via "National Vulnerability Database".
Leantime is an open source project management system. A 'userId' variable in `app/domain/files/repositories/class.files.php` is not parameterized. An authenticated attacker can send a carefully crafted POST request to `/api/jsonrpc` to exploit an SQL injection vulnerability. Confidentiality is impacted as it allows for dumping information from the database. This issue has been addressed in version 2.4-beta-4. Users are advised to upgrade. There are no known workarounds for this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-35986 ‼
📖 Read
via "National Vulnerability Database".
Sante DICOM Viewer Pro lacks proper validation of user-supplied data when parsing DICOM files. This could lead to a stack-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38127 ‼
📖 Read
via "National Vulnerability Database".
An integer overflow exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause the parser to make an under-sized allocation, which can later allow for memory corruption, potentially resulting in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-34366 ‼
📖 Read
via "National Vulnerability Database".
A use-after-free vulnerability exists in the Figure stream parsing functionality of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause memory corruption, resulting in arbitrary code execution. Victim would need to open a malicious file to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39431 ‼
📖 Read
via "National Vulnerability Database".
Sante DICOM Viewer Pro lacks proper validation of user-supplied data when parsing DICOM files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.📖 Read
via "National Vulnerability Database".
🕴 North Korean State Actors Attack Critical Bug in TeamCity Server 🕴
📖 Read
via "Dark Reading".
Known threat groups Diamond Sleet and Onyx Sleet focus on cyber espionage, data theft, network sabotage, and other malicious actions, Microsoft says.📖 Read
via "Dark Reading".
Dark Reading
North Korean State Actors Attack Critical Bug in TeamCity Server
Known threat groups Diamond Sleet and Onyx Sleet focus on cyber espionage, data theft, network sabotage, and other malicious actions, Microsoft says.
🕴 Fingerprint Raises $33M in Series C Funding to Accelerate Enterprise Device Intelligence and Fraud Prevention Adoption 🕴
📖 Read
via "Dark Reading".
📖 Read
via "Dark Reading".
Dark Reading
Fingerprint Raises $33M in Series C Funding to Accelerate Enterprise Device Intelligence and Fraud Prevention Adoption
PRESS RELEASE
🕴 SailPoint Unveils Annual 'Horizons of Identity Security' Report 🕴
📖 Read
via "Dark Reading".
📖 Read
via "Dark Reading".
Dark Reading
SailPoint Unveils Annual 'Horizons of Identity Security' Report
PRESS RELEASE
🕴 Spec Secures $15M Series A Funding, Accelerating Innovation in Fraud Defense 🕴
📖 Read
via "Dark Reading".
📖 Read
via "Dark Reading".
Dark Reading
Spec Secures $15M Series A Funding, Accelerating Innovation in Fraud Defense
PRESS RELEASE
🕴 23AndMe Hacker Leaks New Tranche of Stolen Data 🕴
📖 Read
via "Dark Reading".
Two weeks after the first data leak from the DNA ancestry service, the threat actor produces an additional 4 million user records they purportedly stole. 📖 Read
via "Dark Reading".
Dark Reading
23AndMe Hacker Leaks New Tranche of Stolen Data
Two weeks after the first data leak from the DNA ancestry service, the threat actor produces an additional 4 million user records they purportedly stole.
🕴 Norton Boosts Security and Privacy With Enhanced Password Manager and AntiTrack 🕴
📖 Read
via "Dark Reading".
📖 Read
via "Dark Reading".
Dark Reading
Norton Boosts Security and Privacy With Enhanced Password Manager and AntiTrack
PRESS RELEASE
🕴 AI 'Will Have a Significant Impact on Energy Industry,' EPRI Tells Congress 🕴
📖 Read
via "Dark Reading".
📖 Read
via "Dark Reading".
Dark Reading
AI 'Will Have a Significant Impact on Energy Industry,' EPRI Tells Congress
PRESS RELEASE
‼ CVE-2023-45822 ‼
📖 Read
via "National Vulnerability Database".
Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which a default unsafe rego built-in was allowed to be used when defining authorization policies. Artifact Hub includes a fine-grained authorization mechanism that allows organizations to define what actions can be performed by their members. It is based on customizable authorization policies that are enforced by the `Open Policy Agent`. Policies are written using `rego` and their data files are expected to be json documents. By default, `rego` allows policies to make HTTP requests, which can be abused to send requests to internal resources and forward the responses to an external entity. In the context of Artifact Hub, this capability should have been disabled. This issue has been resolved in version `1.16.0`. Users are advised to upgrade. There are no known workarounds for this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27795 ‼
📖 Read
via "National Vulnerability Database".
An issue found in IXP Data Easy Install v.6.6.14884.0 allows a local attacker to gain privileges via a static XOR key.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38584 ‼
📖 Read
via "National Vulnerability Database".
In Weintek's cMT3000 HMI Web CGI device, the cgi-bin command_wb.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30132 ‼
📖 Read
via "National Vulnerability Database".
An issue discovered in IXP Data EasyInstall 6.6.14907.0 allows attackers to gain escalated privileges via static Cryptographic Key.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27791 ‼
📖 Read
via "National Vulnerability Database".
An issue found in IXP Data Easy Install 6.6.148840 allows a remote attacker to escalate privileges via insecure PRNG.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30131 ‼
📖 Read
via "National Vulnerability Database".
An issue discovered in IXP EasyInstall 6.6.14884.0 allows attackers to run arbitrary commands, gain escalated privilege, and cause other unspecified impacts via unauthenticated API calls.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43492 ‼
📖 Read
via "National Vulnerability Database".
In Weintek's cMT3000 HMI Web CGI device, the cgi-bin codesys.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40145 ‼
📖 Read
via "National Vulnerability Database".
In Weintek's cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device.📖 Read
via "National Vulnerability Database".