Seclog - #44
Spotlight: CVE-2023-20198, Attacking AWS Cognito, RCE in Chrome, SSRF to RCE on Mastodon, Security Vuln in CasaOS, Russian Jabber Hijack etc...
The grand essentials of happiness are: something to do, something to love, and something to hope for. — Alexander Chalmers
seclinks
Unpacking CVE-2023-20198: A Critical Weakness In Cisco IOS XE:
Risky Biz News: Israel warns citizens of security camera hack risk
Cybersecurity burnout - Haklule's Experience - Blog Detectify
Persistent cross-site scripting vulnerabilities in Liferay Portal | Pentagrid AG
Squid Caching Proxy Security Audit: 55 vulnerabilities and 35 0days | Squid-Security-Audit
Data Exposure and ServiceNow: The Elephant in the ITSM Room — Enumerated
CVE-2022-4908: SOP bypass in Chrome using Navigation API - Johan Carlsson
Chaining an IDOR with a business-logic error to achieve critical impact :: jub0bs.com
Threat Brief: Cisco IOS XE Web UI Privilege Escalation Vulnerability
Getting RCE in Chrome with incomplete object initialization in the Maglev compiler - The GitHub Blog
Knocking on the Front Door (client side desync attack on Azure CDN) :: Jeti's blog