βΌ CVE-2023-46928 βΌ
π Read
via "National Vulnerability Database".
GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_media_change_pl /afltest/gpac/src/media_tools/isom_tools.c:3293:42.π Read
via "National Vulnerability Database".
π΄ 3 Ways to Close the Cybersecurity Skills Gap β Now π΄
π Read
via "Dark Reading".
The future of the cybersecurity workforce will rely less on long-led legacy education models and more on skills-now training.π Read
via "Dark Reading".
Dark Reading
3 Ways to Close the Cybersecurity Skills Gap β Now
The future of the cybersecurity workforce will rely less on long-led legacy education models and more on skills-now training.
π΄ FBI Director Warns of Increased Iranian Attacks π΄
π Read
via "Dark Reading".
Christopher Wray tells the US Senate that more US infrastructure will be targeted for cyberattacks in the wake of the Gaza conflict.π Read
via "Dark Reading".
Dark Reading
FBI Director Warns of Increased Iranian Attacks
Christopher Wray tells the US Senate that more US infrastructure will be targeted for cyberattacks in the wake of the Gaza conflict.
π΄ Atlassian Customers Should Patch Latest Critical Vuln Immediately π΄
π Read
via "Dark Reading".
Atlassian CISO warns Confluence Data Center and Server customers they're vulnerable to "significant data loss" if all on-premises versions aren't patched.π Read
via "Dark Reading".
Dark Reading
Atlassian Customers Should Patch Latest Critical Vuln Immediately
Atlassian CISO warns Confluence Data Center and Server customers they're vulnerable to "significant data loss" if all on-premises versions aren't patched.
π¦Ώ Amazon Web Services Launches Independent European Cloud as Calls for Data Sovereignty Grow π¦Ώ
π Read
via "Tech Republic".
The AWS Sovereign Cloud will be physically and logically separate from other AWS clouds and has been designed to comply with Europe's stringent data laws.π Read
via "Tech Republic".
TechRepublic
Amazon Web Services Launches Independent European Cloud as Calls for Data Sovereignty Grow
AWS Sovereign Cloud, designed to comply with Europe's stringent data laws, will be physically and logically separate from other AWS clouds.
π¦Ώ 4 Best Small Business VPNs for 2023 π¦Ώ
π Read
via "Tech Republic".
Looking for the best VPN services for SMBs? Here's a comprehensive guide covering the top options for secure remote access and data protection on a budget.π Read
via "Tech Republic".
TechRepublic
The 6 Best Small Business VPNs for 2024
If youβre looking for a small business VPN, solutions like NordLayer, Surfshark VPN or Proton VPN are among the best choices when it comes to protecting company data.
π1
βΌ CVE-2023-20195 βΌ
π Read
via "National Vulnerability Database".
Two vulnerabilities in Cisco ISE could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. These vulnerabilities are due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit these vulnerabilities by uploading a crafted file to an affected device. A successful exploit could allow the attacker to store malicious files in specific directories on the device. The attacker could later use those files to conduct additional attacks, including executing arbitrary code on the affected device with root privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20074 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3972 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client directory (owning the directory with read, write, and execute permissions) on the system. After the insights-client is registered by root, an attacker could then control the directory content that insights are using by putting malicious scripts into it and executing arbitrary code as root (trivially bypassing SELinux protections because insights processes are allowed to disable SELinux system-wide).π Read
via "National Vulnerability Database".
βΌ CVE-2023-20206 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5627 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in NPort 6000 Series, making the authentication mechanism vulnerable. This vulnerability arises from the incorrect implementation of sensitive information protection, potentially allowing malicious users to gain unauthorized access to the web service.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20256 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should be denied to flow through an affected device. These vulnerabilities are due to a logic error that could occur when the affected software constructs and applies per-user-override rules. An attacker could exploit these vulnerabilities by connecting to a network through an affected device that has a vulnerable configuration. A successful exploit could allow the attacker to bypass the interface ACL and access resources that would should be protected.π Read
via "National Vulnerability Database".
βΌ CVE-2023-46911 βΌ
π Read
via "National Vulnerability Database".
There is a Cross Site Scripting (XSS) vulnerability in the choose_style_tree.do interface of Jspxcms v10.2.0 backend.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5847 βΌ
π Read
via "National Vulnerability Database".
Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade to escalate privileges on Windows and Linux hosts.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20086 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in ICMPv6 processing of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper processing of ICMPv6 messages. An attacker could exploit this vulnerability by sending crafted ICMPv6 messages to a targeted Cisco ASA or FTD system with IPv6 enabled. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33227 βΌ
π Read
via "National Vulnerability Database".
The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability This vulnerability allows a low level user to perform the actions with SYSTEM privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33226 βΌ
π Read
via "National Vulnerability Database".
The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33228 βΌ
π Read
via "National Vulnerability Database".
The SolarWinds Network Configuration Manager was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to obtain sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20155 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in a logging API in Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause the device to become unresponsive or trigger an unexpected reload. This vulnerability could also allow an attacker with valid user credentials, but not Administrator privileges, to view a system log file that they would not normally have access to. This vulnerability is due to a lack of rate-limiting of requests that are sent to a specific API that is related to an FMC log. An attacker could exploit this vulnerability by sending a high rate of HTTP requests to the API. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to the FMC CPU spiking to 100 percent utilization or to the device reloading. CPU utilization would return to normal if the attack traffic was stopped before an unexpected reload was triggered.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5178 βΌ
π Read
via "National Vulnerability Database".
A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation in case that the attacker already has local privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20005 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard.π Read
via "National Vulnerability Database".