βΌ CVE-2023-0446 βΌ
π Read
via "National Vulnerability Database".
The My YouTube Channel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 3.0.12.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23824 βΌ
π Read
via "National Vulnerability Database".
Auth. SQL Injection (SQLi) vulnerability in WP-TopBar <= 5.36 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40034 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Scripting (XSS) vulnerability found in Rawchen blog-ssm v1.0 allows attackers to execute arbitrary code via the 'notifyInfo' parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23005 βΌ
π Read
via "National Vulnerability Database".
Western Digital has identified a weakness in the UFS standard that could result in a security vulnerability. This vulnerability may exist in some systems where the Host boot ROM code implements the UFS Boot feature to boot from UFS compliant storage devices. The UFS Boot feature, as specified in the UFS standard, is provided by UFS devices to support platforms that need to download the system boot loader from external non-volatile storage locations. Several scenarios have been identified in which adversaries may disable the boot capability, or revert to an old boot loader code, if the host boot ROM code is improperly implemented. UFS Host Boot ROM implementers may be impacted by this vulnerability. UFS devices are only impacted when connected to a vulnerable UFS Host and are not independently impacted by this vulnerability. When present, the vulnerability is in the UFS Host implementation and is not a vulnerability in Western Digital UFS Devices. Western Digital has provided details of the vulnerability to the JEDEC standards body, multiple vendors of host processors, and software solutions providers.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23560 βΌ
π Read
via "National Vulnerability Database".
In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input validation.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46639 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the descarga_etiqueta.php component of Correos Prestashop 1.7.x allows attackers to execute a directory traversal.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22630 βΌ
π Read
via "National Vulnerability Database".
IzyBat Orange casiers before 20221102_1 allows SQL Injection via a getCasier.php?taille= URI.π Read
via "National Vulnerability Database".
βΌ CVE-2018-20104 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22960 βΌ
π Read
via "National Vulnerability Database".
Lexmark products through 2023-01-10 have Improper Control of Interaction Frequency.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21795 βΌ
π Read
via "National Vulnerability Database".
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21796.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21796 βΌ
π Read
via "National Vulnerability Database".
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21795.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21775 βΌ
π Read
via "National Vulnerability Database".
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22484 βΌ
π Read
via "National Vulnerability Database".
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to a polynomial time complexity issue in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has been patched in 0.29.0.gfm.7.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21719 βΌ
π Read
via "National Vulnerability Database".
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22483 βΌ
π Read
via "National Vulnerability Database".
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to several polynomial time complexity issues in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. Various commands, when piped to cmark-gfm with large values, cause the running time to increase quadratically. These vulnerabilities have been patched in version 0.29.0.gfm.7.π Read
via "National Vulnerability Database".
β Apple patches are out β old iPhones get an old zero-day fix at last! β
π Read
via "Naked Security".
Don't delay, especially if you're still running an iOS 12 device... please do it today!π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π2
βΌ CVE-2023-22485 βΌ
π Read
via "National Vulnerability Database".
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior 0.29.0.gfm.7, a crafted markdown document can trigger an out-of-bounds read in the `validate_protocol` function. We believe this bug is harmless in practice, because the out-of-bounds read accesses `malloc` metadata without causing any visible damage.This vulnerability has been patched in 0.29.0.gfm.7.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23331 βΌ
π Read
via "National Vulnerability Database".
Amano Xoffice parking solutions 7.1.3879 is vulnerable to SQL Injection.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45639 βΌ
π Read
via "National Vulnerability Database".
OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a crafted value to the m parameter.π Read
via "National Vulnerability Database".
ποΈ IoT vendors faulted for slow progress in setting up vulnerability disclosure programs ποΈ
π Read
via "The Daily Swig".
Manufacturer complacency βtranslates into an unacceptable risk for consumersβ, warns security expertπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
IoT vendors faulted for slow progress in setting up vulnerability disclosure programs
Manufacturer complacency βtranslates into an unacceptable risk for consumersβ, warns security expert
π4π₯1
βοΈ Administrator of RSOCKS Proxy Botnet Pleads Guilty βοΈ
π Read
via "Krebs on Security".
Denis Emelyantsev, a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of devices worldwide, pleaded guilty to two counts of computer crime violations in a California courtroom this week. The plea comes just months after Emelyantsev was extradited from Bulgaria, where he told investigators, βAmerica is looking for me because I have enormous information and they need it.βπ Read
via "Krebs on Security".
Krebs on Security
Administrator of RSOCKS Proxy Botnet Pleads Guilty
Denis Emelyantsev, a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of devices worldwide, pleaded guilty to two counts of computer crime violations in a California courtroom this week. The pleaβ¦
π₯2π1