CVE-2023-44381

CVE-2023-44381 affects October CMS. Affected component: template rendering in the CMS where an authenticated backend user with editor.cms_pages, editor.cms_layouts, or editor.cms_partials permissions can craft a request to inject PHP code into a CMS template due to cms.safe_mode being enabled. Th...

Malicious code in npm_package_devdependencies__types_jest (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5f8a28159fb1b2ef33b43e4aa71b0c85879d6220009091751cfa1590a1900329 The OpenSSF Package Analysis project identified 'npmpackagedevdependenciestypesjest' @ 30.5.0 npm as malicious. It is considered malicious...

7 Uses for Generative AI to Enhance Security Operations

Welcome to a world where Generative AI revolutionizes the field of cybersecurity. Generative AI refers to the use of artificial intelligence AI techniques to generate or create new data, such as images, text, or sounds. It has gained significant attention in recent years due to its ability to...

[SECURITY] Fedora 38 Update: gst-devtools-1.22.7-1.fc38

Development and debugging tools for GStreamer...

CVE-2023-44383

October is a Content Management System CMS and web platform to assist with development workflow. A user with access to the media manager that stores SVG files could create a stored XSS attack against themselves and any other user with access to the media manager when SVG files are supported. This...

CVE-2023-44383

Summary: CVE-2023-44383 affects October CMS versions affected by stored XSS when SVGs are uploaded to the Media Manager. What’s affected: October CMS (versions 3.0–3.5.x per sources) where the media manager stores SVG files. Root cause: Inadequate validation/ sanitization of uploaded SVG content ...

USN-6402-2: LibTomMath vulnerability

USN-6402-1 fixed vulnerabilities in LibTomMath. This update provides the corresponding updates for Ubuntu 23.10. Original advisory details: It was discovered that LibTomMath incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code and cause a denial ...

Extend Wiz to your Developers: Enable secure cloud development with agility

New capabilities extend Wiz CNAPP to secure the entire software pipeline, enabling organizations to securely develop for the cloud...

SOA VS MICROSERVICES – What’s the difference?

Unraveling the Code Landscape: Exploring SOA and Microservices Seamlessly The shifting sands of software development have elevated two pivotal architecture designs to influential pedestals: The Service-Oriented Architecture SOA and Microservices. Understanding their distinct characteristics,...

SUSE: Security Advisory (SUSE-SU-2023:4543-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cap Dev. Better red teaming with continuous Capability Development

TL;DR What Capability Development Cap Dev is in this context The big Cap Dev benefits for red teaming Operations and Development, sharing and improving Improvements to TTPs, hardware, and developing strategies Benefits of using a DevSecOps model for offensive security The essence of Cap Dev Cap D...

Moderate: Red Hat Security Advisory: samba security update

An update for samba is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

SUSE: Security Advisory (SUSE-SU-2023:4523-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2023:4521-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Code injection

fastbots is a library for fast bot and scraper development using selenium and the Page Object Model POM design. Prior to version 0.1.5, an attacker could modify the locators.ini locator file with python code that without proper validation it's executed and it could lead to rce. The vulnerability ...

CVE-2023-48699 fastbots Eval Injection vulnerability

fastbots is a library for fast bot and scraper development using selenium and the Page Object Model POM design. Prior to version 0.1.5, an attacker could modify the locators.ini locator file with python code that without proper validation it's executed and it could lead to rce. The vulnerability ...

CVE-2023-5553

During internal Axis Security Development Model ASDM threat-modelling, a flaw was found in the protection for device tampering commonly known as Secure Boot in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis' knowledge, there are no known exploits of the...

CVE-2023-5553

CVE-2023-5553 affects Axis OS Secure Boot protection. The AXIS OS tampering-protection bypass is the underlying issue, enabling a sophisticated attack to bypass the device’s tamper protection. Public detail indicates affected AXIS OS ranges include versions 10.8–11.6 (per external summaries), wit...

CVE-2023-5553

During internal Axis Security Development Model ASDM threat-modelling, a flaw was found in the protection for device tampering commonly known as Secure Boot in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis' knowledge, there are no known exploits of the...

CVE-2023-5553

During internal Axis Security Development Model ASDM threat-modelling, a flaw was found in the protection for device tampering commonly known as Secure Boot in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis' knowledge, there are no known exploits of the...