Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script in the <iframe>src parameter.
Yearly Archives: 2023
CVE-2020-19695
Buffer Overflow found in Nginx NJS allows a remote attacker to execute arbitrary code via the njs_object_property parameter of the njs/njs_vm.c function.
CVE-2020-19693
An issue found in Espruino Espruino 6ea4c0a allows an attacker to execute arbitrrary code via oldFunc parameter of the jswrap_object.c:jswrap_function_replacewith endpoint.
CVE-2020-19692
Buffer Overflow vulnerabilty found in Nginx NJS v.0feca92 allows a remote attacker to execute arbitrary code via the njs_module_read in the njs_module.c file.
CVE-2020-19279
Directory Traversal vulnerability found in B3log Wide allows a an attacker to escalate privileges via symbolic links.
CVE-2020-19278
Cross Site Request Forgery vulnerability found in Phachon mm-wiki v.0.1.2 allows a remote attacker to execute arbitrary code via the system/user/save parameter.
CVE-2020-19277
Cross Site Scripting vulnerability found in Phachon mm-wiki v.0.1.2 allows a remote attacker to execute arbitrary code via javascript code in the markdown editor.
pdns-recursor-4.8.4-1.el8
FEDORA-EPEL-2023-d4a7c0e04e
Packages in this update:
pdns-recursor-4.8.4-1.el8
Update description:
Update to 4.8.4
Release notes: https://doc.powerdns.com/recursor/changelog/4.8.html
North Korea Hacking Cryptocurrency Sites with 3CX Exploit
News:
Researchers at Russian cybersecurity firm Kaspersky today revealed that they identified a small number of cryptocurrency-focused firms as at least some of the victims of the 3CX software supply-chain attack that’s unfolded over the past week. Kaspersky declined to name any of those victim companies, but it notes that they’re based in “western Asia.”
Security firms CrowdStrike and SentinelOne last week pinned the operation on North Korean hackers, who compromised 3CX installer software that’s used by 600,000 organizations worldwide, according to the vendor. Despite the potentially massive breadth of that attack, which SentinelOne dubbed “Smooth Operator,” Kaspersky has now found that the hackers combed through the victims infected with its corrupted software to ultimately target fewer than 10 machines—at least as far as Kaspersky could observe so far—and that they seemed to be focusing on cryptocurrency firms with “surgical precision.”
TikTok Fined £12.7m For Violating UK Data Privacy Laws
The ICO said TikTok failed to provide proper information on how data is collected, used and shared