The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added ownCloud and Google Chrome vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.
CVE-2023-6345 is a high-severity integer overflow in Skia. Skia is an open-source 2D graphics library that provides common APIs that work across a variety of hardware and software platforms. It serves as the graphics engine for Google Chrome and ChromeOS, Android, Flutter, and many other products.
CVE-2023-49103, vulnerability resides in the Graphapi app, which relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the phpinfo. ownCloud is an open-source software platform designed for file synchronization and sharing. It allows individuals and organizations to create their own private cloud storage services, giving them control over their data while facilitating collaboration and file access across multiple devices. Exposed information includes all the environment variables of the webserver.
In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key. The vulnerability impacts ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1
Multiple threat actors are exploiting these vulnerabilities, and CISA orders federal agencies to fix these vulnerabilities by December 21, 2023.
Nice post 💓💯
Blessed and Happy day 🌞
Greetings pk 🌎
NICE POST 💗🌷
blessed and happy afternoon from Spain 💯🇪🇦
Greetings 🥀