Authorization Bypass

gitlab is vulnerable to Authorization Bypasses. Under certain conditions, GitLab REST API may allow unprivileged users to add other users to groups even if that is not possible to do through the Web UI...

Arbitrary File Read

gitlab is vulnerable to Arbitrary File Read. The vulnerability exists due to the incorrect way of handling files, which allows an attacker to read content of the file when importing to the groups...

Add Unique Asset Context with Custom Attributes in CSAM

There is no such thing as “too much context” when it comes to asset management. Continuous discovery and comprehensive, normalized asset data create the foundation for streamlined risk detection and response. The more reliable asset data a security team has, the better it can operationalize an...

Estée Lauder targeted by Cl0p and BlackCat ransomware groups

Estee Lauder is currently at the heart of a compromise storm, revealing a major security issue via a Security Exchange Commission SEC filing on Tuesday. Although no detailed explanation of what has taken place is given, there is confirmation that an attack allowed access to some systems and...

Chromium: CVE-2023-3730 Use after free in Tab Groups

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Microsoft Edge (Chromium) < 114.0.1901.183 / 115.0.1901.183 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 114.0.1901.183 / 115.0.1901.183. It is, therefore, affected by multiple vulnerabilities as referenced in the July 21, 2023 advisory. - Microsoft Edge Chromium-based Spoofing Vulnerability CVE-2023-35392 - Microsoft Edg...

Dell Wyse Management Suite 授权问题漏洞

Wyse Management Suite is a scalable solution for managing and optimizing Wyse endpoints from Dell, USA. The product includes centralized management of Wyse endpoints, asset tracking and automated device discovery. A security bypass vulnerability exists in prior versions of Wyse Management Suite...

Debian DSA-5456-1 : chromium - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5456 advisory. - Use after free in WebRTC. CVE-2023-3727, CVE-2023-3728 - Use after free in Tab Groups. CVE-2023-3730 - Out of bounds memory access in Mojo. CVE-2023-3732 -...

SUSE CVE-2023-3730

Use after free in Tab Groups in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

WordPress BuddyPress Groups Integration for WooCommerce Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)

Software BuddyPress Groups Integration for WooCommerce Type Plugin Vulnerable versions = 1.0.4 Fixed in 1.1.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 74e53a4d5f1c Credits Rafie...

WordPress WordPress Tag Cloud Plugin – Tag Groups Plugin <= 1.44.3.1 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Tag Cloud Plugin – Tag Groups Type Plugin Vulnerable versions = 1.44.3.1 Fixed in 2.0.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 37ceda657852 Credits Rafie...

Google Chrome Security Update (stable-channel-update-for-desktop-2023-07) - Linux

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

Google Chrome Security Update (stable-channel-update-for-desktop-2023-07) - Windows

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

Part 2: An In-Depth Look at the Latest Vulnerability Threat Landscape (Attackers’ Edition)

The previous blog from this three-part series showcased an overview of the vulnerability threat landscape. To summarize quickly, it illustrated the popular methods of exploiting vulnerabilities and the tactical techniques employed by threat actors, malware, and ransomware groups. Perhaps more...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser from Google Inc. in the United States. A security vulnerability exists in Google Chrome Tab Groups that originates from reuse after release...

PT-2023-3713 · Google +2 · Google Chrome +2

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 115.0.5790.98 Description: The issue is related to a use after free vulnerability in the Tab Groups component of Google Chrome, which can lead to heap corruption. This can be exploited by a remote attacker who...

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 115 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 115.0.5790.98 Linux and Mac, 115.0.5790.98/99 Windows contains a number of fixes and improvements -- a list of changes is...

Google Chrome < 115.0.5790.98 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 115.0.5790.98. It is, therefore, affected by multiple vulnerabilities as referenced in the 202307stable-channel-update-for-desktop advisory. - Out of bounds memory access in Mojo in Google Chrome prior to 115.0.5790.98...

Google Chrome < 115.0.5790.98 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 115.0.5790.98. It is, therefore, affected by multiple vulnerabilities as referenced in the 202307stable-channel-update-for-desktop advisory. - Out of bounds memory access in Mojo in Google Chrome prior to 115.0.5790.98...

SUSE CVE-2023-3637

An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significa...