What Is Ad Fraud?
What Is Ad Fraud? Ad fraud is a type of automated threat identified by the OWASP organization that has become
What Do You Mean By Inadequate Logging And Monitoring?
What is Logging and Monitoring? In the world of cybersecurity, logging and monitoring play a critical role in protecting organizations
CVE-2022-41736 : IBM SPECTRUM SCALE CONTAINER NATIVE STORAGE ACCESS UP TO 5.1.6.0 LOCAL PRIVILEGE ESCALATION
Description IBM Spectrum Scale Container Native Storage Access 5.1.2.1 through 5.1.6.0 contains an unspecified vulnerability that could allow a local
CVE-2023-1968 : ILLUMINA UNIVERSAL COPY SERVICE 2.X BINDING TO AN UNRESTRICTED IP ADDRESS
Description Instruments with Illumina Universal Copy Service v2.x are vulnerable due to binding to an unrestricted IP address. An unauthenticated
CVE-2023-30846 : MICROSOFT TYPED-REST-CLIENT UP TO 1.7.3 INSUFFICIENTLY PROTECTED CREDENTIALS
Description typed-rest-client is a library for Node Rest and Http Clients with typings for use with TypeScript. Users of the
CVE-2023-2269 : LINUX KERNEL 6.2.0 IOCTL.C DM_GET_INACTIVE_TABLE DEADLOCK
Description A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in
What Is Insecure Deserialization? How To Protect The Application From Insecure Deserialization Attacks?
What is Serialization? Serialization is the process of turning an item into a format that can be transmitted over a
CVE-2023-28771 : ZYXEL USG/USG FLEX/VPN/ATP ERROR MESSAGE OS COMMAND INJECTION
Description Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through
What Is A Security Misconfiguration?
What Is Security Misconfiguration? What Is Security Misconfiguration? Security misconfiguration refers to the failure to properly configure and maintain the
CVE-2023-30621 : GIPSY UP TO 1.2 ON DISCORD PING OS COMMAND INJECTION
Description Gipsy is a multi-purpose discord bot which aim to be as modular and user-friendly as possible. In versions prior
CVE-2023-20864 : VMWARE ARIA OPERATIONS FOR LOGS UP TO 8.8.X/8.10.2 DESERIALIZATION
Description VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria
CVE-2023-23451 : SICK FX0-GMOD00010 TELNET OBSOLETE FUNCTION
Description The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW., SICK UE410-EN1 FLEXI ETHERNET GATEW., SICK UE410-EN3S04
What Is XML External Entity Injection? How To Prevent XXE Attacks?
Have you ever wondered how important XML is? And how insecure it can be if XML is parsed in an
CVE-2023-28004 : SCHNEIDER ELECTRIC POWERLOGIC HDPM6000 ETHERNET REQUEST ARRAY INDEX
Description A CWE-129: Improper validation of an array index vulnerability exists where a specially crafted Ethernet request could result in
What Is Account Aggregation And How It Can Be Prevented?
Automated threats identified by the OWASP organization are malicious activities performed by automated tools. Account aggregation is one such automated
CVE-2023-30547 : VM2 UP TO 3.9.16 HANDLEEXCEPTION INJECTION
Description vm2 is a sandbox that can run untrusted code with whitelisted Node’s built-in modules. There exists a vulnerability in
CVE-2023-1803 : REDLINE ROUTER PRIOR 7.17 AUTHENTICATION BYPASS BY ALTERNATE NAME
Description Authentication Bypass by Alternate Name vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass.This issue affects Redline Router:
CVE-2022-33211 : QUALCOMM WCD9330 MODEM MEMORY CORRUPTION
Description memory corruption in modem due to improper check while calculating size of serialized CoAP message. References https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin For More
CVE-2023-27216 : D-LINK DSL-3782 1.03 NETWORK SETTING PRIVILEGE ESCALATION
Description An issue found in D-Link DSL-3782 v.1.03 allows remote authenticated users to execute arbitrary code as root via the
What Is Components With Known Vulnerabilities? How To Mitigate The Risks Associated With The Usage Of Such Components?
Using vulnerable and outdated components is the sixth category in OWASP Top 10 web application security risks and one of
CVE-2023-27497 : SAP DIAGNOSTICS AGENT 720 ON WINDOWS EVENTLOGSERVICECOLLECTOR MISSING AUTHENTICATION
Description Due to missing authentication and input sanitization of code the EventLogServiceCollector of SAP Diagnostics Agent – version 720, allows
What Is Cross-site Scripting?
All about Cross-site Scripting Cross-site scripting (XSS) is a type of web vulnerability that allows attackers to inject malicious scripts
CVE-2023-27876 : IBM TRIRIGA 4.0 XML EXTERNAL ENTITY REFERENCE
Description IBM TRIRIGA 4.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote
CVE-2023-28051 : DELL POWER MANAGER UP TO 3.10 ACCESS CONTROL
Description Dell Power Manager, versions 3.10 and prior, contains an Improper Access Control vulnerability. A low-privileged attacker could potentially exploit