It was discovered that hawk incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file,
a remote attacker could possibly use this issue to cause a denial of service.
Finding qualified staff to replace vacancies or build out an expanding team can be a nightmare for already overburdened CISOs, especially given there’s a pernicious and ongoing shortage of skilled cybersecurity workers in the job market. One creative alternative to frustratedly trolling job-search sites is to look inward, rather than outward — to find capable, smart people already working at a company in other areas and train them to fill roles on the cyber team.
There are many benefits to upskilling over hiring anew: current employees don’t need to adjust to the corporate culture, they have institutional memory, they have relationships within the company, and they’re already in the human resources channel. The downside is their lack of training and certification — but that’s a small price to pay for gaining a talented team member.
Yeting Li discovered that nth-check incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to cause a
denial of service.
It was discovered that Jhead did not properly handle certain crafted images
while processing the Exif markers. An attacker could possibly use this
issue to crash Jhead, resulting in a denial of service.
Posted by Eldar Marcussen on May 29
PrinterLogic SaaS, multiple vulnerabilities
===========================================================
PrinterLogic’s Enterprise Print Management software allows IT
professionals to simplify printer driver management and empower end
users.
— https://www.printerlogic.com/
Background
———————————-
The following findings were identified by performing both dynamic
testing of the PrinterLogic SaaS platform and code…
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on May 29
SEC Consult Vulnerability Lab Security Advisory < 20230517-0 >
=======================================================================
title: Stored XSS vulnerability in rename functionality
product: Wekan (Open-Source kanban)
vulnerable version: <=6.74
fixed version: 6.75 or higher
CVE number: CVE-2023-28485
impact: Medium
homepage: https://wekan.github.io…
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on May 29
SEC Consult Vulnerability Lab Security Advisory < 20230516-0 >
=======================================================================
title: Multiple Vulnerabilities
product: Serenity and StartSharp Software
vulnerable version: < 6.7.1
fixed version: 6.7.1 or higher
CVE number: CVE-2023-31285, CVE-2023-31286, CVE-2023-31287
impact: high
homepage:…
Posted by Apple Product Security via Fulldisclosure on May 29
APPLE-SA-2023-05-18-2 iOS 15.7.6 and iPadOS 15.7.6
iOS 15.7.6 and iPadOS 15.7.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213765.
Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.
Accessibility
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE
(1st…
