SUSE CVE-2015-0283

The slapi-nis plug-in before 0.54.2 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service infinite loop and CPU consumption via a request for a 1 group with a large number of members or 2 user that belongs to a large number o...

FOGProject Path Traversal Vulnerability

FOGProject is a free open source network computer cloning and management solution. It can be used to deploy and manage any desktop operating system. A path traversal vulnerability exists in versions of FOGProject prior to 1.5.10, which stems from the fact that endpoints that provide limited...

EPA Won’t Force Water Utilities to Audit Their Cybersecurity

The industry pushed back: Despite the EPAs willingness to provide training and technical support to help states and public water system organizations implement cybersecurity surveys, the move garnered opposition from both GOP state attorneys and trade groups. Republican state attorneys that were...

Export apps setting and import by using PowerShell

Export apps setting from one delivery group and import to a different delivery group by using PowerShell...

Amazon Linux 2 : docker (ALASECS-2023-013)

The version of docker installed on the remote host is prior to 20.10.22-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2023-013 advisory. A flaw was found in Moby. This flaw allows an attacker to bypass primary group restrictions due to a flaw in the...

Multiple State-Sponsored Groups Exploit WinRAR Vulnerability in Phishing Attacks

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A series of phishing attacks linked to a Russian state-sponsored group, leveraging a WinRAR vulnerability to steal data, including browser credentials via PowerShell commands and exfiltrating it through ...

leaked all users names from a user without known permissions

Description - From any user account without authority go to /admin/users page to view employee information but can leak all employee names that exist on the platform. - The vulnerabilities occurred in the 3 features : delete, set active state, assign role in page /admin/users and...

DDoS Attacks Leveraged by Attackers in Israel Conflict

Over the last few years, we’ve observed Distributed Denial of Service DDoS attacks used in many conflicts. In the Russia-Ukraine war, DDoS was used both by government cyber agencies and individual hacktivist groups to disrupt the flow of information and deface sites to promote propaganda. The...

Improper Access Control

femanager is vulnerable to Improper Access Control. The vulnerability is due to a lack of proper access control checks in the plugin, allowing a remote user to create frontend user accounts with unauthorized access to configured frontend groups...

GHSA-93J4-V838-8767 TYPO3 extension femanager Broken Access Control vulnerability

femanager fails to check access permissions for the invitation component. Depending on the configuration of the plugin, a remote user can create frontend user accounts with access to configured frontend groups...

Low: containerd

Issue Overview: No CVE associated with this advisory Affected Packages: containerd Issue Correction: Run dnf update containerd --releasever 2023.2.20231002 or dnf update --advisory ALAS2023-2023-374 --releasever 2023.2.20231002 to update your system. More information on how to update your system...

Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2023-374)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-374 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks ...

CVE-2023-43722

Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "ordersstatusgroupsname1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...

‘Snatch’ Ransom Group Exposes Visitor IP Addresses

The victim shaming site operated by the Snatch ransomware group is leaking data about its true online location and internal operations, as well as the Internet addresses of its visitors, KrebsOnSecurity has found. The leaked data suggest that Snatch is one of several ransomware groups using paid...

Critical JetBrains TeamCity Flaw Could Expose Source Code and Build Pipelines to Attackers

A critical security vulnerability in the JetBrains TeamCity continuous integration and continuous deployment CI/CD software could be exploited by unauthenticated attackers to achieve remote code execution on affected systems. The flaw, tracked as CVE-2023-42793, carries a CVSS score of 9.8 and ha...

How to Interpret the 2023 MITRE ATT&CK Evaluation Results

Thorough, independent tests are a vital resource as cybersecurity leaders and their teams evaluate vendors' abilities to guard against increasingly sophisticated threats to their organization. And perhaps no assessment is more widely trusted than the annual MITRE Engenuity ATT&CK Evaluations:...

iCMS Cross-Site Request Forgery Vulnerability

iCMS is a software application. An efficient and simple content management system built with PHP and MySQL. A security vulnerability exists in iCMS version v.7.0.16. A remote attacker can exploit this vulnerability to execute arbitrary code via the user.admincp.php, members.admincp.php, and...

How To Enable DsAuthAzureAdNestedGroups Feature For Azure AD Nested Groups

Adding a group as a member of another group nesting is supported with the DSAuthAzureAdNestedGroups feature enabled...

Top US Spies Meet With Privacy Experts Over Surveillance 'Crown Jewel'

Civil rights groups say efforts to get US intelligence agencies to adopt privacy reforms have largely failed. Without those changes, renewal of a post-911 surveillance policy may be doomed...

PT-2023-8563

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software affected versions not specified Description A vulnerability exists in the remote access VPN feature of Cisco ASA and FTD Software that could allow a...