Description of the security update for SharePoint Server Subscription Edition: August 8, 2023 (KB5002437)

Description of the security update for SharePoint Server Subscription Edition: August 8, 2023 KB5002437 Summary This security update resolves a Microsoft SharePoint Server information disclosure vulnerability and a Microsoft SharePoint Server spoofing vulnerability. To learn more about the...

The vulnerability of the BioTime web-based time management platform’s interface, which allows a violator to bypass the administrator password

The vulnerability of the BioTime time tracking web management platform’s interface is related to the use of dangerous methods or functions. Exploiting this vulnerability could allow a malicious actor to bypass the administrator’s password by sending a specially crafted request...

A Penetration Testing Buyer's Guide for IT Security Teams

The frequency and complexity of cyber threats are constantly evolving. At the same time, organizations are now collecting sensitive data that, if compromised, could result in severe financial and reputational damage. According to Cybersecurity Ventures, the cost of cybercrime is predicted to hit ...

Improper Certificate Validation

mindsdb is vulnerable to Improper Certificate Validation. The vulnerability is due to the of verify=False when requesting post data, which disables SSL certificate verification. Security of the Requests methods depends on ensuring SSL certificates are validated. TLS greatly improve security by...

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2023-2530)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

New P2PInfect Worm Targets Redis Servers with Undocumented Breach Methods

The P2PInfect peer-to-peer P2 worm has been observed employing previously undocumented initial access methods to breach susceptible Redis servers and rope them into a botnet. "The malware compromises exposed instances of the Redis data store by exploiting the replication feature," Cado Security...

Sysaid Technologies Sysaid 代码问题漏洞

Sysaid Technologies SysAid is a suite of IT service management solutions from Sysaid Technologies, Israel. A security vulnerability exists in Sysaid Technologies Sysaid versions prior to 23.2.14 b18, which stems from a malicious user with administrative privileges may be able to upload dangerous...

Unmasking Decoy Dog Malware Toolkit Hiding in DNS Traffic

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Decoy Dog, a sophisticated malware toolkit uses DNS for C2 communication, evading detection with its wildcard-type behavior and encryption methods. Its origin remains mysterious, and the malwares...

GHSA-GCH5-HWQF-MXHP Unsoundness in `intern` methods on `intaglio` symbol interners

Affected versions of this crate have a stacked borrows violation when creating references to interned contents. All interner types are affected. The flaw was corrected in version 1.9.0 by reordering move and borrowing operations and storing interned contents by raw pointer instead of as a Box...

Unsoundness in `intern` methods on `intaglio` symbol interners

Affected versions of this crate have a stacked borrows violation when creating references to interned contents. All interner types are affected. The flaw was corrected in version 1.9.0 by reordering move and borrowing operations and storing interned contents by raw pointer instead of as a Box...

New SEC Rules Require U.S. Companies to Reveal Cyber Attacks Within 4 Days

The U.S. Securities and Exchange Commission SEC on Wednesday approved new rules that require publicly traded companies to publicize details of a cyber attack within four days of identifying that it has a "material" impact on their finances, marking a major shift in how computer breaches are...

RUSTSEC-2023-0048 Unsoundness in `intern` methods on `intaglio` symbol interners

Affected versions of this crate have a stacked borrows violation when creating references to interned contents. All interner types are affected. The flaw was corrected in version 1.9.0 by reordering move and borrowing operations and storing interned contents by raw pointer instead of as a Box...

Important: golang

Issue Overview: RESERVED NOTE: https://groups.google.com/g/golang-announce/c/V0aBFqaFsE CVE-2022-41724 Golang: net/http, mime/multipart: denial of service from excessive resource consumption https://groups.google.com/g/golang-announce/c/V0aBFqaFsE CVE-2022-41725 The ScalarMult and ScalarBaseMult...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python310 (SUSE-SU-2023:2884-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2884-1 advisory. - Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile...

SUSE-SU-2023:2884-1 Security update for python310

This update for python310 fixes the following issues: - Make marshalling of set and frozenset deterministic bsc1211765 python310 was updated to 3.10.12: - urllib.parse.urlsplit now strips leading C0 control and space characters following the specification for URLs defined by WHATWG in response to...

WordPress WooCommerce Disable Payment Methods based on cart conditions Plugin < 1.16.0 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce Disable Payment Methods based on cart conditions Type Plugin Vulnerable versions 1.16.0 Fixed in 1.16.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID...

copyparty vulnerable to path traversal attack

Summary All versions before 1.8.2 have a path traversal vulnerability, allowing an attacker to download unintended files from the server. Details Unauthenticated users were able to retrieve any files which are accessible according to OS-level permissions from the copyparty process. Usually, this ...

Microsoft Windows Authentication Methods 安全漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from the U.S.-based Microsoft Corporation Microsoft. A security vulnerability exists in Microsoft Windows Authentication Methods. An attacker could exploit this vulnerability to cause a denial of service. The following...

ROS-2-1680

2.1680 Vulnerability in Mozilla Firefox browser CVE-2021-29967 1. Vulnerability description: Vulnerability in the Mozilla Firefox browser that allows an attacker to execute arbitrary code on the target system.Identifier of the Information Security Threats Data Bank of the FSTEC of Russia : 2...

LSP6KeyManagerCore reentrancy vulnerability

Lines of code Vulnerability details Impact Both LSP6KeyManager and LSP6KeyManagerInit inherit from LSP6KeyManagerCore. Consider our previous 3 contracts as A, B and C. We write a contract D, call the A.execute method, and let it execute D.execute. When executing D.execute, we can also execute...