Yearly Archives: 2023

News

7 reasons to avoid investing in cyber insurance

Read Time:30 Second

With cyberattacks rising at an alarming rate around the world, cyber insurance has become an increasingly popular layer of protection for businesses across all sectors. However, despite its clear appeal as a means of supporting and augmenting cyber risk management, insurance might not be the right fit for all companies in every circumstance. In fact, there are compelling reasons why some might be advised to avoid, delay, or at least seriously reconsider buying or renewing a policy —increasing costs, stringent requirements, coverage limitations, and general complexities are but a few.

To read this article in full, please click here

Read More

Advisories

CVE-2014-125088

Read Time:23 Second

A vulnerability was found in qt-users-jp silk 0.0.1. It has been declared as problematic. This vulnerability affects unknown code of the file contents/root/examples/header.qml. The manipulation of the argument model.key/model.value leads to cross site scripting. The attack can be initiated remotely. The name of the patch is bbc5d6eeea800025ef29edda3fd3c57836239eae. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-221488.

Read More

Advisories

CVE-2013-10019

Read Time:21 Second

A vulnerability was found in OCLC-Research OAICat 1.5.61. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.5.62 is able to address this issue. The name of the patch is 6cc65501869fa663bcd24a70b63f41f5cfe6b3e1. It is recommended to upgrade the affected component. The identifier VDB-221489 was assigned to this vulnerability.

Read More

Advisories

CVE-2012-10008

Read Time:23 Second

A vulnerability, which was classified as critical, has been found in uakfdotb oneapp. This issue affects some unknown processing. The manipulation leads to sql injection. The attack may be initiated remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The name of the patch is 5413ac804f1b09f9decc46a6c37b08352c49669c. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221483.

Read More

Advisories

USN-5880-1: Firefox vulnerabilities

Read Time:1 Minute, 28 Second

Christian Holler discovered that Firefox did not properly manage memory
when using PKCS 12 Safe Bag attributes. An attacker could construct a
PKCS 12 cert bundle in such a way that could allow for arbitrary memory
writes. (CVE-2023-0767)

Johan Carlsson discovered that Firefox did not properly manage child
iframe’s unredacted URI when using Content-Security-Policy-Report-Only
header. An attacker could potentially exploits this to obtain sensitive
information. (CVE-2023-25728)

Vitor Torres discovered that Firefox did not properly manage permissions
of extensions interaction via ExpandedPrincipals. An attacker could
potentially exploits this issue to download malicious files or execute
arbitrary code. (CVE-2023-25729)

Irvan Kurniawan discovered that Firefox did not properly validate
background script invoking requestFullscreen. An attacker could
potentially exploit this issue to perform spoofing attacks. (CVE-2023-25730)

Ronald Crane discovered that Firefox did not properly manage memory when
using EncodeInputStream in xpcom. An attacker could potentially exploits
this issue to cause a denial of service. (CVE-2023-25732)

Samuel Grob discovered that Firefox did not properly manage memory when
using wrappers wrapping a scripted proxy. An attacker could potentially
exploits this issue to cause a denial of service. (CVE-2023-25735)

Holger Fuhrmannek discovered that Firefox did not properly manage memory
when using Module load requests. An attacker could potentially exploits
this issue to cause a denial of service. (CVE-2023-25739)

Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2023-25731,
CVE-2023-25733, CVE-2023-25736, CVE-2023-25737, CVE-2023-25741,
CVE-2023-25742, CVE-2023-25744, CVE-2023-25745)

Read More

Advisories

openssl11-1.1.1k-5.el7

Read Time:31 Second

FEDORA-EPEL-2023-66548f784b

Packages in this update:

openssl11-1.1.1k-5.el7

Update description:

backport from 1.1.1k-9: Fixed Timing Oracle in RSA Decryption

Resolves: CVE-2022-4304

backport from 1.1.1k-9: Fixed Double free after calling PEM_read_bio_ex

Resolves: CVE-2022-4450

backport from 1.1.1k-9: Fixed Use-after-free following BIO_new_NDEF

Resolves: CVE-2023-0215

backport from 1.1.1k-9: Fixed X.400 address type confusion in X.509 GeneralName

Resolves: CVE-2023-0286

backport from 1.1.1k-8: Fix no-ec build

Resolves: rhbz#2071020

Read More

Advisories, CWE, Education

The Most Dangerous Vulnerabilities in Apache Tomcat and How to Protect Against Them

Read Time:2 Minute, 19 Second

Apache Tomcat is an open-source web server and servlet container that is widely used in enterprise environments to run Java web applications. However, like any web server, it is also vulnerable to various security threats. In this article, we’ll explore some of the most dangerous vulnerabilities in Tomcat and provide tips on how to protect your server from potential attacks.

  1. CVE-2020-1938 (Ghostcat) CVE-2020-1938, also known as Ghostcat, is a vulnerability that allows attackers to view sensitive information on Tomcat servers. This vulnerability can be exploited by sending a specially crafted request to the server, allowing an attacker to view files and directories that are not intended to be public. Ghostcat affects Tomcat versions 7.x, 8.x, 9.x, and 10.x.

To protect against Ghostcat, users should ensure that their Tomcat servers are up-to-date with the latest security patches. Additionally, users should limit access to sensitive files and directories, and implement network security measures such as firewalls and VPNs.

  1. CVE-2017-12617 (Apache Tomcat Remote Code Execution) CVE-2017-12617 is a remote code execution vulnerability that allows attackers to execute arbitrary code on Tomcat servers. This vulnerability can be exploited by sending a specially crafted request to the server, allowing an attacker to execute commands on the server as the user running the Tomcat process.

To protect against this vulnerability, users should ensure that their Tomcat servers are up-to-date with the latest security patches. Additionally, users should follow best practices such as restricting access to the Tomcat server to trusted networks and disabling unnecessary features and services.

  1. CVE-2020-9484 (Apache Tomcat RCE) CVE-2020-9484 is a remote code execution vulnerability that allows attackers to execute arbitrary code on Tomcat servers. This vulnerability can be exploited by sending a specially crafted request to the server, allowing an attacker to execute commands on the server with the permissions of the user running the Tomcat process.

To protect against this vulnerability, users should ensure that their Tomcat servers are up-to-date with the latest security patches. Additionally, users should restrict access to the Tomcat server to trusted networks, implement network security measures such as firewalls and VPNs, and limit the use of default or weak passwords.


Apache Tomcat is a popular web server and servlet container that is widely used in enterprise environments. However, it is also vulnerable to various security threats. To protect against these threats, users should ensure that their Tomcat servers are up-to-date with the latest security patches, follow best practices such as restricting access to the server and implementing network security measures, and stay informed about emerging threats and vulnerabilities. By taking these steps, users can help safeguard their Tomcat servers and prevent potential attacks.

Advisories, CWE, Education

ZDI-CAN-18333: A Critical Zero-Day Vulnerability in Microsoft Windows

Read Time:1 Minute, 46 Second

Zero-day vulnerabilities are a serious threat to cybersecurity, as they can be exploited by malicious actors to gain unauthorized access to systems. One such vulnerability is ZDI-CAN-18333, a critical zero-day vulnerability that affects Microsoft Windows. In this article, we’ll take a closer look at what this vulnerability is, how it works, and what you can do to protect your systems.

What is ZDI-CAN-18333?

ZDI-CAN-18333 is a zero-day vulnerability that was discovered by researchers from the Zero Day Initiative (ZDI). The vulnerability affects Microsoft Windows, one of the most widely used operating systems in the world. ZDI-CAN-18333 is considered critical as it could allow attackers to execute arbitrary code on a victim’s system, potentially giving them access to sensitive information.

How does ZDI-CAN-18333 work?

The ZDI-CAN-18333 vulnerability is related to the way that Microsoft Windows processes certain types of user input. Specifically, the vulnerability is related to the way that the operating system handles the printing of documents. By exploiting this flaw, an attacker can execute arbitrary code on a victim’s system, potentially giving them access to sensitive information or allowing them to install other malware.

What can you do to protect your systems?

Microsoft has released a security patch to address the ZDI-CAN-18333 vulnerability, which should be installed as soon as possible. Additionally, users should ensure that their operating system is up to date with the latest version of Microsoft Windows, as older versions may not be eligible for security patches. It’s also recommended to follow standard security practices such as avoiding suspicious websites and downloads, using strong passwords, and enabling two-factor authentication.

Zero-day vulnerabilities like ZDI-CAN-18333 are a serious threat to cybersecurity, and it’s important to stay informed about emerging threats and take steps to protect your systems. By keeping your operating system up to date with the latest security patches and following standard security practices, you can help safeguard your system from potential attacks. Remember to stay vigilant and report any suspicious activity to your IT department or security provider.