βΌ CVE-2022-48079 βΌ
π Read
via "National Vulnerability Database".
Monnai aaPanel host system v1.5 contains an access control issue which allows attackers to escalate privileges and execute arbitrary code via uploading a crafted PHP file to the virtual host directory of the system.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45807 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) in WPVibes WP Mail Log plugin <= 1.0.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44585 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Magneticlab SΓ rl Homepage Pop-up plugin <= 1.2.5 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48021 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in Zammad v5.3.0 allows attackers to execute arbitrary code or escalate privileges via a crafted message sent to the server.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0123 βΌ
π Read
via "National Vulnerability Database".
Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4634 βΌ
π Read
via "National Vulnerability Database".
All versions prior to Delta ElectronicΓ’β¬β’s CNCSoft version 1.01.34 (running ScreenEditor versions 1.01.5 and prior) are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23635 βΌ
π Read
via "National Vulnerability Database".
In Jellyfin 10.8.x through 10.8.3, the name of a collection is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47132 βΌ
π Read
via "National Vulnerability Database".
A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows attackers to arbitrarily add Administrator users.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48022 βΌ
π Read
via "National Vulnerability Database".
An issue in the component /api/v1/mentions of Zammad v5.3.0 allows authenticated attackers with agent permissions to view information about tickets they are not authorized to see.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0124 βΌ
π Read
via "National Vulnerability Database".
Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to an out-of-bounds write, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24613 βΌ
π Read
via "National Vulnerability Database".
The user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attacker to use the gdb tool to overwrite the backend function call stack after accessing the system with administrator privileges. A successful exploit could leverage this vulnerability in the backend binary file that handles the user interface to a cause denial of service attack. This is fixed in AG 9.4.0.481.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48023 βΌ
π Read
via "National Vulnerability Database".
Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. This is now corrected in v5.3.1 so that only agents with write permissions may change ticket tags.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47130 βΌ
π Read
via "National Vulnerability Database".
A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows a discount coupon to be arbitrarily created if an attacker with administrative privileges interacts on the CSRF page.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25135 βΌ
π Read
via "National Vulnerability Database".
vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verify_serialized checks that a value is serialized by calling unserialize and then checking for errors. The fixed versions are 5.6.7 PL1, 5.6.8 PL1, and 5.6.9 PL1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47131 βΌ
π Read
via "National Vulnerability Database".
A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows an attacker to arbitrarily create a page.π Read
via "National Vulnerability Database".
π₯1
βΌ CVE-2023-23636 βΌ
π Read
via "National Vulnerability Database".
In Jellyfin 10.8.x through 10.8.3, the name of a playlist is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25139 βΌ
π Read
via "National Vulnerability Database".
sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a number, if the buffer is allocated the exact size required to represent that number as a string. For example, 1,234,567 (with padding to 13) overflows by two bytes.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48074 βΌ
π Read
via "National Vulnerability Database".
An issue in NoMachine before v8.2.3 allows attackers to execute arbitrary commands via a crafted .nxs file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25136 βΌ
π Read
via "National Vulnerability Database".
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be triggered by an unauthenticated attacker in the default configuration; however, the vulnerability discoverer reports that "exploiting this vulnerability will not be easy."π Read
via "National Vulnerability Database".
π΄ MITRE Releases Tool to Design Cyber Resilient Systems π΄
π Read
via "Dark Reading".
Engineers can use the Cyber Resiliency Engineering Framework Navigator to visuzalize their cyber resiliency capabilities.π Read
via "Dark Reading".
Dark Reading
MITRE Releases Tool to Design Cyber-Resilient Systems
Engineers can use the Cyber Resiliency Engineering Framework Navigator to visuzalize their cyber-resiliency capabilities.
π΄ How the Cloud Is Shifting CISO Priorities π΄
π Read
via "Dark Reading".
The greatly expanding attack surface created by the cloud needs to be protected.π Read
via "Dark Reading".
Dark Reading
How the Cloud Is Shifting CISO Priorities
The greatly expanding attack surface created by the cloud needs to be protected.