Search cyberveille.decio.ch

Found 11 bookmarks

Newest

D-Link D-View 8 Unauthenticated Probe-Core Server Communication

A security issue exists in D-Link D-View 8 v2.0.2.89 and prior that could allow an attacker to manipulate the probe inventory of the D-View service. This could result in the disclosure of info

#tenable #EN #2023 #D-Link #D-View #vulnerability #disclosure

·tenable.com·Jan 3, 2024

D-Link D-View 8 Unauthenticated Probe-Core Server Communication

Unauthorized Access to Cross-Tenant Applications in Microsoft Power Platform

A researcher at Tenable has discovered an issue that enables limited, unauthorized access to cross-tenant applications and sensitive data (including but not limited to authentication secrets). Background The issue occurred as a result of insufficient access control to Azure Function hosts, which are launched as part of the creation and operation of custom connectors in Microsoft’s Power Platform (Power Apps, Power Automation).

#tenable #2023 #EN #cross-tenant #Cloud #Microsoft-Power #Platform

·tenable.com·Aug 4, 2023

Unauthorized Access to Cross-Tenant Applications in Microsoft Power Platform

Microsoft…The Truth Is Even Worse Than You Think

Last week, Senator Ron Wyden sent a letter to the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Justice and the Federal Trade Commission (FTC) asking that they hold Microsoft accountable for a repeated pattern of negligent cybersecurity practices, which has enabled Chine

#Amit-Yoran #Microsoft #tenable #transparency #Azure #complaint #Cloud

·linkedin.com·Aug 4, 2023

Microsoft…The Truth Is Even Worse Than You Think

Microsoft’s April 2023 Patch Tuesday Addresses 97 CVEs (CVE-2023-28252)

Microsoft addresses 97 CVEs, including one that was exploited in the wild as a zero day

#tenable #EN #2023 #PatchTuesday #april #zero-day #microsoft #list

·tenable.com·Apr 12, 2023

Microsoft’s April 2023 Patch Tuesday Addresses 97 CVEs (CVE-2023-28252)

Microsoft addresses 97 CVEs, including one that was exploited in the wild as a zero day

#tenable #EN #2023 #PatchTuesday #april #zero-day #microsoft #list

·tenable.com·Apr 12, 2023

Microsoft’s April 2023 Patch Tuesday Addresses 97 CVEs (CVE-2023-28252)

Microsoft’s March 2023 Patch Tuesday Addresses 76 CVEs (CVE-2023-23397)

Microsoft’s March 2023 Patch Tuesday Addresses 76 CVEs (CVE-2023-23397)Microsoft addresses 76 CVEs including two zero-days exploited in the wild, one of which was publicly disclosed.

#tenable #EN #2023 #0-day #PatchTuesday #zero-days #March

·tenable.com·Mar 14, 2023

Microsoft’s March 2023 Patch Tuesday Addresses 76 CVEs (CVE-2023-23397)

Microsoft’s March 2023 Patch Tuesday Addresses 76 CVEs (CVE-2023-23397)Microsoft addresses 76 CVEs including two zero-days exploited in the wild, one of which was publicly disclosed.

#tenable #EN #2023 #0-day #PatchTuesday #zero-days #March

·tenable.com·Mar 14, 2023

Microsoft’s March 2023 Patch Tuesday Addresses 76 CVEs (CVE-2023-23397)

SQL Injection in Multiple WordPress Plugins

* Paid Memberships Pro : CVE-2023-23488 - Unauthenticated SQL Injection * Easy Digital Downloads: CVE-2023-23489 - Unauthenticated SQL Injection * Survey Maker: CVE-2023-23490 - Authenticated SQL Injection

#tenable #2023 #EN #WordPress #Plugins #Advisory #CVE-2023-23488 #CVE-2023 #CVE-2023-23490-23489

·tenable.com·Jan 16, 2023

SQL Injection in Multiple WordPress Plugins

Paid Memberships Pro : CVE-2023-23488 - Unauthenticated SQL Injection * Easy Digital Downloads: CVE-2023-23489 - Unauthenticated SQL Injection * Survey Maker: CVE-2023-23490 - Authenticated SQL Injection

#tenable #2023 #EN #WordPress #Plugins #Advisory #CVE-2023-23488 #CVE-2023 #CVE-2023-23490-23489

·tenable.com·Jan 16, 2023

SQL Injection in Multiple WordPress Plugins

CVE-2022-40684: Critical Authentication Bypass in FortiOS and FortiProxy

Fortinet has patched a critical authentication bypass in its FortiOS and FortiProxy products that could lead to administrator access.

#tenable #EN #2022 #CVE-2022-40684

·tenable.com·Oct 7, 2022

CVE-2022-40684: Critical Authentication Bypass in FortiOS and FortiProxy

Fortinet has patched a critical authentication bypass in its FortiOS and FortiProxy products that could lead to administrator access.

#tenable #EN #2022 #CVE-2022-40684

·tenable.com·Oct 7, 2022

CVE-2022-40684: Critical Authentication Bypass in FortiOS and FortiProxy