βΌ CVE-2023-0581 βΌ
π Read
via "National Vulnerability Database".
The PrivateContent plugin for WordPress is vulnerable to protection mechanism bypass due to the use of client side validation in versions up to, and including, 8.4.3. This is due to the plugin checking if an IP had been blocklist via client-side scripts rather than server-side. This makes it possible for unauthenticated attackers to bypass any login restrictions that may prevent a brute force attack.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0512 βΌ
π Read
via "National Vulnerability Database".
Divide By Zero in GitHub repository vim/vim prior to 9.0.1247.π Read
via "National Vulnerability Database".
β Serious Security: The Samba logon bug caused by outdated crypto β
π Read
via "Naked Security".
Enjoy our Serious Security deep dive into this real-world example of why cryptographic agility is important!π Read
via "Naked Security".
Naked Security
Serious Security: The Samba logon bug caused by outdated crypto
Enjoy our Serious Security deep dive into this real-world example of why cryptographic agility is important!
βΌ CVE-2023-24830 βΌ
π Read
via "National Vulnerability Database".
Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 before 0.13.3.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48006 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /include/Model/Upload.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4472 βΌ
π Read
via "National Vulnerability Database".
The Simple Sitemap WordPress plugin before 3.5.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34888 βΌ
π Read
via "National Vulnerability Database".
The Remote Mount feature can potentially be abused by valid, authenticated users to make connections to internal services that may not normally be accessible to users. Internal service access controls, as applicable, remain in effect.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32513 βΌ
π Read
via "National Vulnerability Database".
A CWE-521: Weak Password Requirements vulnerability exists that could allow an attacker to gain control of the device when the attacker brute forces the password. Affected Products: C-Bus Network Automation Controller - LSS5500NAC (Versions prior to V1.10.0), Wiser for C-Bus Automation Controller - LSS5500SHAC (Versions prior to V1.10.0), Clipsal C-Bus Network Automation Controller - 5500NAC (Versions prior to V1.10.0), Clipsal Wiser for C-Bus Automation Controller - 5500SHAC (Versions prior to V1.10.0), SpaceLogic C-Bus Network Automation Controller - 5500NAC2 (Versions prior to V1.10.0), SpaceLogic C-Bus Application Controller - 5500AC2 (Versions prior to V1.10.0)π Read
via "National Vulnerability Database".
βΌ CVE-2022-32516 βΌ
π Read
via "National Vulnerability Database".
A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could cause systemΓ’β¬β’s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery (CSRF). Affected Products: ConextΓ’βΒ’ ComBox (All Versions)π Read
via "National Vulnerability Database".
βΌ CVE-2022-32522 βΌ
π Read
via "National Vulnerability Database".
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted mathematically reduced data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)π Read
via "National Vulnerability Database".
βΌ CVE-2022-0223 βΌ
π Read
via "National Vulnerability Database".
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause unauthenticated code execution. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22)π Read
via "National Vulnerability Database".
βΌ CVE-2022-32526 βΌ
π Read
via "National Vulnerability Database".
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted setting value messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)π Read
via "National Vulnerability Database".
βΌ CVE-2022-32517 βΌ
π Read
via "National Vulnerability Database".
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the product does not implement restrictions on the ability to render within frames on external addresses. Affected Products: ConextΓ’βΒ’ ComBox (All Versions)π Read
via "National Vulnerability Database".
βΌ CVE-2022-32525 βΌ
π Read
via "National Vulnerability Database".
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted alarm data messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)π Read
via "National Vulnerability Database".
βΌ CVE-2022-32519 βΌ
π Read
via "National Vulnerability Database".
A CWE-257: Storing Passwords in a Recoverable Format vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. Affected Products: Data Center Expert (Versions prior to V7.9.0)π Read
via "National Vulnerability Database".
βΌ CVE-2022-32521 βΌ
π Read
via "National Vulnerability Database".
A CWE 502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely executed on the server when unsafely deserialized data is posted to the web server. Affected Products: Data Center Expert (Versions prior to V7.9.0)π Read
via "National Vulnerability Database".
βΌ CVE-2022-32529 βΌ
π Read
via "National Vulnerability Database".
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted log data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)π Read
via "National Vulnerability Database".
βΌ CVE-2022-32518 βΌ
π Read
via "National Vulnerability Database".
A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32520. Affected Products: Data Center Expert (Versions prior to V7.9.0)π Read
via "National Vulnerability Database".
βΌ CVE-2023-22389 βΌ
π Read
via "National Vulnerability Database".
Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior store passwords in a plaintext file when the device configuration is exported via Save/RestoreΓ’β¬β>Backup Settings, which could be read by any user accessing the file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32520 βΌ
π Read
via "National Vulnerability Database".
A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32518. Affected Products: Data Center Expert (Versions prior to V7.9.0)π Read
via "National Vulnerability Database".
βΌ CVE-2022-32512 βΌ
π Read
via "National Vulnerability Database".
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause remote code execution when a command which exploits this vulnerability is utilized. Affected Products: CanBRASS (Versions prior to V7.5.1)π Read
via "National Vulnerability Database".