Security
Headlines
HeadlinesLatestCVEs

Tag

#acer

CVE-2023-28864: Chef Infra Server Release Notes

Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. (The data typically includes credentials for additional systems.) The attacker must wait for an admin to run the "chef-server-ctl reconfigure" command.

CVE
Open in Source
#sql#xss#vulnerability#web#ios#mac#windows#apple#amazon#ubuntu#linux#debian#red_hat#dos#apache#redis#nodejs#js#git#java#rce#perl#ldap#nginx#aws#log4j#buffer_overflow#acer#auth#ssh#ruby#rpm#postgres#ssl
CVE-2023-33768: Wemo Smart Plug (Simple Setup Smart Outlet for Smart Home, Control Lights and Devices Remotely Works w/Alexa, Google Assistant, Apple HomeKit)(Pack of 1) - - Amazon.com

Incorrect signature verification of the firmware during the Device Firmware Update process of Belkin Wemo Smart Plug WSP080 v1.2 allows attackers to cause a Denial of Service (DoS) via a crafted firmware file.

CVE-2023-3608

A vulnerability was found in Ruijie BCR810W 2.5.10. It has been rated as critical. This issue affects some unknown processing of the component Tracert Page. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-233477 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Global Neobank Revolut Hacked; $20 Million Stolen

By Waqas Revolut has not yet issued an official statement regarding the cyber attack. This is a post from HackRead.com Read the original post: Global Neobank Revolut Hacked; $20 Million Stolen

Threat Roundup for June 30 to July 7

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 30 and July 7. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key

CVE-2023-37173: Vuls/TOTOLINK/A3300R/cmdi_4 at main · kafroc/Vuls

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function.

CVE-2023-37067: Security issues - Chamilo LMS

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the classes/usergroups management section.

CVE-2023-37065: Security issues - Chamilo LMS

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the session category management section.

CVE-2023-37064: Security issues - Chamilo LMS

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the extra fields management section.