βΌ CVE-2023-21539 βΌ
π Read
via "National Vulnerability Database".
Windows Authentication Remote Code Execution Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35401 βΌ
π Read
via "National Vulnerability Database".
An authentication bypass vulnerability exists in the get_IFTTTTtoken.cgi functionality of Asus RT-AX82U 3.0.0.4.386_49674-ge182230. A specially-crafted HTTP request can lead to full administrative access to the device. An attacker would need to send a series of HTTP requests to exploit this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21732 βΌ
π Read
via "National Vulnerability Database".
Microsoft ODBC Driver Remote Code Execution Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21776 βΌ
π Read
via "National Vulnerability Database".
Windows Kernel Information Disclosure Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21760 βΌ
π Read
via "National Vulnerability Database".
Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21678, CVE-2023-21765.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21739 βΌ
π Read
via "National Vulnerability Database".
Windows Bluetooth Driver Elevation of Privilege Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21771 βΌ
π Read
via "National Vulnerability Database".
Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21735 βΌ
π Read
via "National Vulnerability Database".
Microsoft Office Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21734.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38393 βΌ
π Read
via "National Vulnerability Database".
A denial of service vulnerability exists in the cfg_server cm_processConnDiagPktList opcode of Asus RT-AX82U 3.0.0.4.386_49674-ge182230 router's configuration service. A specially-crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21730 βΌ
π Read
via "National Vulnerability Database".
Microsoft Cryptographic Services Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21551, CVE-2023-21561.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36441 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Zebra Enterprise Home Screen 4.1.19. The Gboard used by different applications can be used to launch and use several other applications that are restricted by the admin.π Read
via "National Vulnerability Database".
β Popular JWT cloud security library patches βremoteβ code execution hole β
π Read
via "Naked Security".
It's remotely triggerable, but attackers would already have pretty deep network access if they could "prime" your server for compromise.π Read
via "Naked Security".
Naked Security
Popular JWT cloud security library patches βremoteβ code execution hole
Itβs remotely triggerable, but attackers would already have pretty deep network access if they could βprimeβ your server for compromise.
π1
βοΈ Microsoft Patch Tuesday, January 2023 Edition βοΈ
π Read
via "Krebs on Security".
Microsoft today released updates to fix nearly 100 security flaws in its Windows operating systems and other software. Highlights from the first Patch Tuesday of 2023 include a zero-day vulnerability in Windows, printer software flaws reported by the U.S. National Security Agency, and a critical Microsoft SharePoint Server bug that allows a remote, unauthenticated attacker to make an anonymous connection.π Read
via "Krebs on Security".
Krebs on Security
Microsoft Patch Tuesday, January 2023 Edition
Microsoft today released updates to fix nearly 100 security flaws in its Windows operating systems and other software. Highlights from the first Patch Tuesday of 2023 include a zero-day vulnerability in Windows, printer software flaws reported by the U.S.β¦
β Microsoft Patch Tuesday: One 0-day; Win 7 and 8.1 get last-ever patches β
π Read
via "Naked Security".
Get 'em while they're hot. And get 'em for the very last time, if you still have Windows 7 or 8.1...π Read
via "Naked Security".
βΌ CVE-2022-48252 βΌ
π Read
via "National Vulnerability Database".
The jokob-sk/Pi.Alert fork (before 22.12.20) of Pi.Alert allows Remote Code Execution via nmap_scan.php (scan parameter) OS Command Injection.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43391 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted HTTP request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43393 βΌ
π Read
via "National Vulnerability Database".
An improper check for unusual or exceptional conditions in the HTTP request processing function of Zyxel GS1920-24v2 firmware prior to V4.70(ABMH.8)C0, which could allow an unauthenticated attacker to corrupt the contents of the memory and result in a denial-of-service (DoS) condition on a vulnerable device.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43392 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted authorization request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0553 βΌ
π Read
via "National Vulnerability Database".
There is no check to see if slot 0 is being uploaded from the device to the host. When using encrypted images this means the unencrypted firmware can be retrieved easily.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3966 βΌ
π Read
via "National Vulnerability Database".
usb device bluetooth class includes a buffer overflow related to implementation of net_buf_add_mem.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22947 βΌ
π Read
via "National Vulnerability Database".
** DISPUTED ** Insecure folder permissions in the Windows installation path of Shibboleth Service Provider (SP) before 3.4.1 allow an unprivileged local attacker to escalate privileges to SYSTEM via DLL planting in the service executable's folder. This occurs because the installation goes under C:\opt (rather than C:\Program Files) by default. NOTE: the vendor disputes the significance of this report, stating that "We consider the ACLs a best effort thing" and "it was a documentation mistake."π Read
via "National Vulnerability Database".