Security
Headlines
HeadlinesLatestCVEs

Tag

#cisco

CVE-2023-20188: Cisco Security Advisory: Cisco Small Business 200, 300, and 500 Series Switches Web-Based Management Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business 200 Series Smart Switches, Cisco Small Business 300 Series Managed Switches, and Cisco Small Business 500 Series Stackable Managed Switches could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need to have valid credentials to access the web-based management interface of the affected device. Cisco has not released software updates to address this vulnerability.

CVE
Open in Source
#xss#vulnerability#web#cisco#auth
Exposed Interfaces in US Federal Networks: A Breach Waiting to Happen

By Waqas The research mainly aimed at examining VPNs, firewalls, access points, routers, and other remote server management appliances used by top government agencies in the United States. This is a post from HackRead.com Read the original post: Exposed Interfaces in US Federal Networks: A Breach Waiting to Happen

Vulnerability Spotlight: Use-after-free condition in Google Chrome WebGL

TALOS-2023-1724 (CVE-2023-1531) occurs if the user opens a specially crafted web page in Chrome.

CVE-2023-27940: About the security content of macOS Monterey 12.6.6

The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6. A sandboxed app may be able to observe system-wide network connections

CVE-2023-32369: About the security content of macOS Big Sur 11.7.7

A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to modify protected parts of the file system

CVE-2023-32363: About the security content of macOS Ventura 13.4

A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Ventura 13.4. An app may be able to bypass Privacy preferences

Former Duo Security Co-Founder Jon Oberheide Joins DNSFilter Board of Directors

Cybersecurity expert and proven entrepreneur to help protective DNS leader drive vision and scale through hypergrowth.

Cybersecurity hotlines at colleges could go a long way toward filling the skills gap

These clinics offers pro-bono cybersecurity services — like incident response, general advice and ransomware defense — to community organizations, non-profits and small businesses that normally couldn’t afford to pay a private company for these same services.

Patch Now: Cisco AnyConnect Bug Exploit Released in the Wild

A ready-made, low-complexity path to pwning the popular enterprise VPN clients for remote workers is now circulating in the wild.

Lessons From a Pen Tester: 3 Steps to Stay Safer

From hardening Windows systems to adding access control and segmenting the network, there are steps organizations can take to better secure corporate data.