‼ CVE-2023-40061 ‼
📖 Read
via "National Vulnerability Database".
 Insecurejob execution mechanism vulnerability. Thisvulnerability can lead to other attacks as a result.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-20245 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should be denied to flow through an affected device. These vulnerabilities are due to a logic error that could occur when the affected software constructs and applies per-user-override rules. An attacker could exploit these vulnerabilities by connecting to a network through an affected device that has a vulnerable configuration. A successful exploit could allow the attacker to bypass the interface ACL and access resources that would should be protected.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-20177 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the SSL file policy implementation of Cisco Firepower Threat Defense (FTD) Software that occurs when the SSL/TLS connection is configured with a URL Category and the Snort 3 detection engine could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to unexpectedly restart. This vulnerability exists because a logic error occurs when a Snort 3 detection engine inspects an SSL/TLS connection that has either a URL Category configured on the SSL file policy or a URL Category configured on an access control policy with TLS server identity discovery enabled. Under specific, time-based constraints, an attacker could exploit this vulnerability by sending a crafted SSL/TLS connection through an affected device. A successful exploit could allow the attacker to trigger an unexpected reload of the Snort 3 detection engine, resulting in either a bypass or denial of service (DoS) condition, depending on device configuration. The Snort 3 detection engine will restart automatically. No manual intervention is required.📖 Read
via "National Vulnerability Database".
👍1🔥1
🕴 Graylog Secures $39 Million Investment to Accelerate Growth and Security Product Line Expansion 🕴
📖 Read
via "Dark Reading".
📖 Read
via "Dark Reading".
Dark Reading
Graylog Secures $39 Million Investment to Accelerate Growth and Security Product Line Expansion
PRESS RELEASE
🕴 One Ukraine Company Shares Lessons in Prepping for Wartime Cyber Resilience 🕴
📖 Read
via "Dark Reading".
The CTO of MacPaw provides a case study in planning for cybersecurity and uptime in the face of armed conflict.📖 Read
via "Dark Reading".
Dark Reading
One Ukraine Company Shares Lessons in Prepping for Wartime Cyber Resilience
The CTO of MacPaw provides a case study in planning for cybersecurity and uptime in the face of armed conflict.
‼ CVE-2023-5765 ‼
📖 Read
via "National Vulnerability Database".
Improper access control in the password analyzer feature in Devolutions Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to bypass permissions via data source switching.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5859 ‼
📖 Read
via "National Vulnerability Database".
Incorrect security UI in Picture In Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted local HTML page. (Chromium security severity: Low)📖 Read
via "National Vulnerability Database".
‼ CVE-2023-20219 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The attacker would need valid device credentials but does not require administrator privileges to exploit this vulnerability. These vulnerabilities are due to insufficient validation of user-supplied input for certain configuration options. An attacker could exploit these vulnerabilities by using crafted input within the device configuration GUI. A successful exploit could allow the attacker to execute arbitrary commands on the device including the underlying operating system which could also affect the availability of the device.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5358 ‼
📖 Read
via "National Vulnerability Database".
Improper access control in Report log filters feature in Devolutions Server 2023.2.10.0 and earlier allows attackers to retrieve logs from vaults or entries they are not allowed to access via the report request url query parameters.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-20220 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. To exploit these vulnerabilities, the attacker must have valid device credentials, but does not need Administrator privileges. These vulnerabilities are due to insufficient validation of user-supplied input for certain configuration options. An attacker could exploit these vulnerabilities by using crafted input within the device configuration GUI. A successful exploit could allow the attacker to execute arbitrary commands on the device, including on the underlying operating system, which could also affect the availability of the device.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-20031 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the SSL/TLS certificate handling of Snort 3 Detection Engine integration with Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to restart. This vulnerability is due to a logic error that occurs when an SSL/TLS certificate that is under load is accessed when it is initiating an SSL connection. Under specific, time-based constraints, an attacker could exploit this vulnerability by sending a high rate of SSL/TLS connection requests to be inspected by the Snort 3 detection engine on an affected device. A successful exploit could allow the attacker to cause the Snort 3 detection engine to reload, resulting in either a bypass or a denial of service (DoS) condition, depending on device configuration. The Snort detection engine will restart automatically. No manual intervention is required.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5766 ‼
📖 Read
via "National Vulnerability Database".
A remote code execution vulnerability in Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to remotely execute code from another windows user session on the same host via a specially crafted TCP packet.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5849 ‼
📖 Read
via "National Vulnerability Database".
Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)📖 Read
via "National Vulnerability Database".
‼ CVE-2023-20170 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in a specific Cisco ISE CLI command could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, an attacker must have valid Administrator-level privileges on the affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5482 ‼
📖 Read
via "National Vulnerability Database".
Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5852 ‼
📖 Read
via "National Vulnerability Database".
Use after free in Printing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5850 ‼
📖 Read
via "National Vulnerability Database".
Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium)📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5855 ‼
📖 Read
via "National Vulnerability Database".
Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)📖 Read
via "National Vulnerability Database".
‼ CVE-2023-20063 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the inter-device communication mechanisms between devices that are running Cisco Firepower Threat Defense (FTD) Software and devices that are running Cisco Firepower Management (FMC) Software could allow an authenticated, local attacker to execute arbitrary commands with root permissions on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by accessing the expert mode of an affected device and submitting specific commands to a connected system. A successful exploit could allow the attacker to execute arbitrary code in the context of an FMC device if the attacker has administrative privileges on an associated FTD device. Alternatively, a successful exploit could allow the attacker to execute arbitrary code in the context of an FTD device if the attacker has administrative privileges on an associated FMC device.📖 Read
via "National Vulnerability Database".