JVN#34232595: ASUS Router RT-AX3000 vulnerable to using sensitive cookies without 'Secure' attribute

ASUS Router RT-AX3000 provided by ASUSTeK COMPUTER INC. uses sensitive cookies without 'Secure' attribute CWE-614. Impact When an attacker is in a position to be able to mount a man-in-the-middle attack, and a user is tricked to log into the affected device through an unencrypted 'http' connectio...

CVE-2023-33956

The CVE-2023-33956 entry affects Kanboard before 1.2.30, with an IDOR in a URL parameter that lets any authenticated user read files uploaded by others (under /files), enabling unauthorized disclosure of sensitive documents. The vulnerability stems from insecure direct object reference without pr...

CVE-2023-32334

Summary. CVE-2023-32334 affects IBM Maximo Asset Management 7.6.1.2–7.6.1.3 and IBM Maximo Application Suite (MAS) 8.8.0. The root cause is storing sensitive information in URL parameters, which can disclose data if URLs are exposed in server logs, referrer headers, or browser history. Impact. In...

Cloud Security Tops Concerns for Cybersecurity Leaders: EC-Council's Certified CISO Hall of Fame Report 2023

A survey of global cybersecurity leaders through the 2023 Certified CISO Hall of Fame Report commissioned by the EC-Council identified 4 primary areas of grave concern: cloud security, data security, security governance, and lack of cybersecurity talent. EC-Council, the global leader in...

Cloud Security Tops Concerns for Cybersecurity Leaders: EC-Council's Certified CISO Hall of Fame Report 2023

A survey of global cybersecurity leaders through the 2023 Certified CISO Hall of Fame Report commissioned by the EC-Council identified 4 primary areas of grave concern: cloud security, data security, security governance, and lack of cybersecurity talent. EC-Council, the global leader in...

The Importance of Managing Your Data Security Posture

Data security is reinventing itself. As new data security posture management solutions come to market, organizations are increasingly recognizing the opportunity to provide evidence-based security that proves how their data is being protected. But what exactly is data security posture, and how do...

The Importance of Managing Your Data Security Posture

Data security is reinventing itself. As new data security posture management solutions come to market, organizations are increasingly recognizing the opportunity to provide evidence-based security that proves how their data is being protected. But what exactly is data security posture, and how do...

US hospital forced to divert ambulances after cyberattack

The Idaho Falls Community Hospital fell victim to a cyberattack on Monday May 29, 2023. As a result, the hospital had to divert ambulances to other nearby hospitals and close some of its clinics. The hospital is keeping the public updated through its website and Facebook page. "Our commitment to...

Amazon's Ring cameras were used to spy on customers

Every single Amazon Ring employee was able to access every single customer video, even when it wasn't necessary for their jobs. Not only that, but the employees--along with workers from a third-party contractor in Ukraine--could also download any of those videos and then save and share them as th...

Beware of Ghost Sites: Silent Threat Lurking in Your Salesforce Communities

Improperly deactivated and abandoned Salesforce Sites and Communities aka Experience Cloud could pose severe risks to organizations, leading to unauthorized access to sensitive data. Data security firm Varonis dubbed the abandoned, unprotected, and unmonitored resources "ghost sites." "When these...

Faronics Insight 安全漏洞

Faronics Insight is an effective classroom management tool from Faronics Canada. A security vulnerability exists in Faronics Insight version 10.0.19045, which originates from a man-in-the-middle attack executed against a connected student or teacher that can intercept a student's keystrokes or...

Powering and Protecting Life Online with Nature-Positive Action

...

If the controller for _data.projectId is not defined, it can lead to incorrect execution of _swap() and theft of funds by the beneficiary.

Lines of code Vulnerability details Impact If the controller is not defined in the swap function, then it becomes impossible to mint and burn tokens, which leads to incorrect execution of the function. IJBController controller = IJBControllerjbxTerminal.directory.controllerOfdata.projectId; Proof...

PT-2023-15931 · Dataprobe · Dataprobe Cloud

Name of the Vulnerable Software and Affected Versions: Dataprobe cloud affected versions not specified Description: The Dataprobe cloud stores usernames and passwords in plain text in a specific file. Any user able to read this file from the device could compromise other devices connected to the...

PT-2023-20972 · WordPress · Groundhogg

Name of the Vulnerable Software and Affected Versions: Groundhogg plugin for WordPress versions up to, and including, 2.7.9.8 Description: The issue is related to a missing capability check on the check license functions, allowing authenticated attackers with subscriber-level permissions and abov...

CVE-2022-45459

CVE-2022-45459 involves a vulnerability in Acronis Agent (Windows) and Acronis Cyber Protect 15 (Windows) caused by insecure registry permissions, enabling potential disclosure of sensitive information. Affected versions are Acronis Agent before build 30025 and Acronis Cyber Protect 15 before bui...

Dell CloudLink 加密问题漏洞

Dell CloudLink is a data encryption and key management system from Dell USA. An encryption issue vulnerability exists in Dell CloudLink version 7.1.2 and prior versions. The vulnerability stems from the system's use of insecure encryption, which could be exploited by an attacker to cause certain...

PT-2023-18649 · WordPress · Propertyhive

Name of the Vulnerable Software and Affected Versions: PropertyHive plugin versions 1.5.48 and earlier Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing th...

Solving Your Teams Secure Collaboration Challenges

In today's interconnected world, where organisations regularly exchange sensitive information with customers, partners and employees, secure collaboration has become increasingly vital. However, collaboration can pose a security risk if not managed properly. To ensure that collaboration remains...

CVE-2023-32082

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names not value associated to a lease when Keys parameter is true, even a user doesn't have read permission to the keys. The impact is limit...