βΌ CVE-2023-46722 βΌ
π Read
via "National Vulnerability Database".
The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Prior to version 1.2.0, a cross-site scripting vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Users should upgrade to version 1.2.0 to receive a patch or, as a workaround, apply the patch manually.π Read
via "National Vulnerability Database".
π΄ US Leads 40-Country Alliance to Cut Off Ransomware Payments π΄
π Read
via "Dark Reading".
The parties within the International Counter Ransomware Initiative intend to use information-sharing tools and AI to achieve their goals of cutting off the financial resources of threat actors.π Read
via "Dark Reading".
Dark Reading
US Leads 40-Country Alliance to Cut Off Ransomware Payments
The parties within the International Counter Ransomware Initiative intend to use information-sharing tools and AI to achieve their goals of cutting off the financial resources of threat actors.
π¦Ώ Google Offers Bug Bounties for Generative AI Security Vulnerabilities π¦Ώ
π Read
via "Tech Republic".
Google's Vulnerability Reward Program offers up to $31,337 for discovering potential hazards. Google joins OpenAI and Microsoft in rewarding AI bug hunts.π Read
via "Tech Republic".
TechRepublic
Google Offers Bug Bounties for Generative AI Security Vulnerabilities
Googleβs Vulnerability Reward Program offers up to $31,337 for discovering potential hazards.
π₯1
π΄ Malware 'Meal Kits' Serve Up No-Fuss RAT Attacks π΄
π Read
via "Dark Reading".
The wider availability of turnkey cyberattack kits in the criminal underground is leading to a glut of campaigns using remote access Trojans (RATs).π Read
via "Dark Reading".
Dark Reading
Malware 'Meal Kits' Serve Up No-Fuss RAT Attacks
The wider availability of turnkey cyberattack kits in the criminal underground is leading to a glut of campaigns using remote access Trojans (RATs).
βΌ CVE-2023-37831 βΌ
π Read
via "National Vulnerability Database".
An issue discovered in Elenos ETG150 FM transmitter v3.12 allows attackers to enumerate user accounts based on server responses when credentials are submitted.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37832 βΌ
π Read
via "National Vulnerability Database".
A lack of rate limiting in Elenos ETG150 FM transmitter v3.12 allows attackers to obtain user credentials via brute force and cause other unspecified impacts.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45955 βΌ
π Read
via "National Vulnerability Database".
An issue discovered in Nanoleaf Light strip v3.5.10 allows attackers to cause a denial of service via crafted write binding attribute commands.π Read
via "National Vulnerability Database".
π΄ SEC Charges Against SolarWinds CISO Send Shockwaves Through Security Ranks π΄
π Read
via "Dark Reading".
The legal actions may have a chilling effect on hiring CISOs, who are already in short supply, but may also expose just how budget-constrained most security executives are.π Read
via "Dark Reading".
Dark Reading
SEC Charges Against SolarWinds CISO Send Shockwaves Through Security Ranks
The legal actions may have a chilling effect on hiring CISOs, who are already in short supply, but may also expose just how budget-constrained most security executives are.
βΌ CVE-2023-46485 βΌ
π Read
via "National Vulnerability Database".
An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setTracerouteCfg function of the stecgi.cgi component.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3955 βΌ
π Read
via "National Vulnerability Database".
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3676 βΌ
π Read
via "National Vulnerability Database".
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43295 βΌ
π Read
via "National Vulnerability Database".
Cross Site Request Forgery vulnerability in Click Studios (SA) Pty Ltd Passwordstate v.Build 9785 and before allows a local attacker to execute arbitrary code via a crafted request.π Read
via "National Vulnerability Database".
βΌ CVE-2023-46484 βΌ
π Read
via "National Vulnerability Database".
An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setLedCfg function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41377 βΌ
π Read
via "National Vulnerability Database".
In certain conditions for Calico Typha (v3.26.2, v3.25.1 and below), and Calico Enterprise Typha (v3.17.1, v3.16.3, v3.15.3 and below), a client TLS handshake can block the Calico Typha server indefinitely, resulting in denial of service. The TLS Handshake() call is performed inside the main server handle for loop without any timeout allowing an unclean TLS handshake to block the main loop indefinitely while other connections will be idle waiting for that handshake to finish.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39610 βΌ
π Read
via "National Vulnerability Database".
An issue in TP-Link Tapo C100 v1.1.15 Build 211130 Rel.15378n(4555) and before allows attackers to cause a Denial of Service (DoS) via supplying a crafted web request.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20886 βΌ
π Read
via "National Vulnerability Database".
VMware Workspace ONE UEM console contains an open redirect vulnerability.A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5306 βΌ
π Read
via "National Vulnerability Database".
Online Blood Donation Management System v1.0 is vulnerable to multiple Store Cross-Site Scripting vulnerabilities.Γ The 'city' parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37833 βΌ
π Read
via "National Vulnerability Database".
Improper access control in Elenos ETG150 FM transmitter v3.12 allows attackers to make arbitrary configuration edits that are only accessed by privileged users.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5899 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5515 βΌ
π Read
via "National Vulnerability Database".
The responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks againstweb servers and deployed web applications.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5890 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.π Read
via "National Vulnerability Database".