Shoham Danino, Anat Bremler-Barr, Yehuda Afek, and Yuval Shavitt discovered
that Bind incorrectly handled the cache size limit. A remote attacker could
possibly use this issue to consume memory, leading to a denial of service.
(CVE-2023-2828)
It was discovered that Bind incorrectly handled the recursive-clients
quota. A remote attacker could possibly use this issue to cause Bind to
crash, resulting in a denial of service. This issue only affected Ubuntu
22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04. (CVE-2023-2911)
Snack giant Mondelez is warning past and present employees that their personal information may now be in the hands of hackers following a data breach at a third-party firm.
Read more in my article on the Hot for Security blog.
An access control issue in Registration.aspx of Temenos CWX 8.5.6 allows authenticated attackers to escalate privileges and perform arbitrary Administrative commands.
There is a CSRF vulnerability on Netman-204 version 02.05. An attacker could manage to change administrator passwords through a Cross Site Request Forgery due to the lack of proper validation on the CRSF token. This vulnerability could allow a remote attacker to access the administrator panel, being able to modify different parameters that are critical for industrial operations.
Data security software provider Baffle has released Baffle Manager 2.0, an interface upgrade to automate enterprise-level data protection for applications, analytics, and AI.
The user interface upgrade is aimed at simplifying application-level encryptions, which were difficult and time-consuming with legacy systems, the company said in a press statement.
“Baffle Manager 2.0 is a single platform where users can create and manage their data protection policies across the cloud, legacy, and third-party applications and stay on the forefront of new AI initiatives,” said Ameesh Divatia, co-founder and chief executive officer at Baffle.
