Cap Dev. Better red teaming with continuous Capability Development

TL;DR What Capability Development Cap Dev is in this context The big Cap Dev benefits for red teaming Operations and Development, sharing and improving Improvements to TTPs, hardware, and developing strategies Benefits of using a DevSecOps model for offensive security The essence of Cap Dev Cap D...

Moderate: Red Hat Security Advisory: samba security update

An update for samba is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

SUSE: Security Advisory (SUSE-SU-2023:4523-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2023:4521-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Code injection

fastbots is a library for fast bot and scraper development using selenium and the Page Object Model POM design. Prior to version 0.1.5, an attacker could modify the locators.ini locator file with python code that without proper validation it's executed and it could lead to rce. The vulnerability ...

CVE-2023-48699 fastbots Eval Injection vulnerability

fastbots is a library for fast bot and scraper development using selenium and the Page Object Model POM design. Prior to version 0.1.5, an attacker could modify the locators.ini locator file with python code that without proper validation it's executed and it could lead to rce. The vulnerability ...

CVE-2023-5553

During internal Axis Security Development Model ASDM threat-modelling, a flaw was found in the protection for device tampering commonly known as Secure Boot in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis' knowledge, there are no known exploits of the...

CVE-2023-5553

CVE-2023-5553 affects Axis OS Secure Boot protection. The AXIS OS tampering-protection bypass is the underlying issue, enabling a sophisticated attack to bypass the device’s tamper protection. Public detail indicates affected AXIS OS ranges include versions 10.8–11.6 (per external summaries), wit...

CVE-2023-5553

During internal Axis Security Development Model ASDM threat-modelling, a flaw was found in the protection for device tampering commonly known as Secure Boot in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis' knowledge, there are no known exploits of the...

CVE-2023-5553

During internal Axis Security Development Model ASDM threat-modelling, a flaw was found in the protection for device tampering commonly known as Secure Boot in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis' knowledge, there are no known exploits of the...

Adobe ColdFusion Code Execution Vulnerability

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. A code execution vulnerability exists in Adobe ColdFusion versions 2023.5 and earlier and 2021.11 and...

Adobe ColdFusion Cross-Site Scripting Vulnerability (CNVD-2023-100311)

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion cross-site scripting vulnerability, the vulnerability stems from the lack of effective...

Adobe ColdFusion Input Validation Error Vulnerability (CNVD-2023-91796)

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion has an input validation error vulnerability that can be exploited by an attacker to...

ROS-20231115-04

Visual Studio Coden source code editor vulnerability related to improper control of code generation. code generation. Exploitation of the vulnerability may allow an attacker to execute arbitrary code Visual Studio Code source code editor vulnerability is related to insufficient protection of...

The Continued Evolution of the DarkGate Malware-as-a-Service

The Continued Evolution of the DarkGate Malware-as-a-Service By Ernesto Fernández Provecho, Pham Duy Phuc, Ciana Driscoll and Vinoo Thomas · November 21, 2023 On September 2023, the Trellix Security Operations Center SOC successfully detected and stopped an attack against Musarubra, the holding...

SUSE-SU-2023:4480-1 Security update for gcc13

This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided...

PT-2023-8888 · Gpac +2 · Gpac +2

Name of the Vulnerable Software and Affected Versions: GPAC versions 2.3-DEV-rev617-g671976fcc-master Description: The issue is related to a memory leak in the gf mpd parse string function, located in media tools/mpd.c:75, due to the lack of memory release after its effective term of service...

[SECURITY] Fedora 37 Update: tor-0.4.8.9-1.fc37

The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than making a direct connection, thus allowing both organizations and...

[SECURITY] Fedora 39 Update: gst-devtools-1.22.7-1.fc39

Development and debugging tools for GStreamer...

Microsoft Security Update Validation Report November 2023

Microsoft’s November 2023 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English only environments and issues may still be found upon implementation. Follow best practices for testing and installing softwa...