‼ CVE-2023-22743 ‼
📖 Read
via "National Vulnerability Database".
Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows version 2.39.2, by carefully crafting DLL and putting into a subdirectory of a specific name living next to the Git for Windows installer, Windows can be tricked into side-loading said DLL. This potentially allows users with local write access to place malicious payloads in a location where automated upgrades might run the Git for Windows installer with elevation. Version 2.39.2 contains a patch for this issue. Some workarounds are available. Never leave untrusted files in the Downloads folder or its sub-folders before executing the Git for Windows installer, or move the installer into a different directory before executing it.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21823 ‼
📖 Read
via "National Vulnerability Database".
Windows Graphics Component Remote Code Execution Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21553 ‼
📖 Read
via "National Vulnerability Database".
Azure DevOps Server Remote Code Execution Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21566 ‼
📖 Read
via "National Vulnerability Database".
Visual Studio Elevation of Privilege Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21778 ‼
📖 Read
via "National Vulnerability Database".
Microsoft Dynamics Unified Service Desk Remote Code Execution Vulnerability📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2023-21808 ‼
📖 Read
via "National Vulnerability Database".
.NET and Visual Studio Remote Code Execution Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25724 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21567 ‼
📖 Read
via "National Vulnerability Database".
Visual Studio Denial of Service Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25723 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23381 ‼
📖 Read
via "National Vulnerability Database".
Visual Studio Remote Code Execution Vulnerability📖 Read
via "National Vulnerability Database".
🕴 Expel Tackles Cloud Threats With MDR for Kubernetes 🕴
📖 Read
via "Dark Reading".
The new managed detection and response platform simplifies cloud security for Kubernetes applications.📖 Read
via "Dark Reading".
Dark Reading
Expel Tackles Cloud Threats With MDR for Kubernetes
The new managed detection and response platform simplifies cloud security for Kubernetes applications.
‼ CVE-2023-20949 ‼
📖 Read
via "National Vulnerability Database".
In s2mpg11_pmic_probe of s2mpg11-regulator.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-259323133References: N/A📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32954 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Insyde InsydeH2O with kernel 5.1 through 5.5. DMA attacks on the SdMmcDevice buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated by using IOMMU protection for the ACPI runtime memory used for the command buffer. This attack can be mitigated by copying the link data to SMRAM before checking it and verifying that all pointers are within the buffer.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32470 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the FwBlockServiceSmm shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU protection for the ACPI runtime memory used for the command buffer. This attack can be mitigated by copying the firmware block services data to SMRAM before checking it.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24580 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-47372 ‼
📖 Read
via "National Vulnerability Database".
Stored cross-site scripting vulnerability in the Create event section in Pandora FMS Console v766 and lower. An attacker typically exploits this vulnerability by injecting XSS payloads on popular pages of a site or passing a link to a victim, tricking them into viewing the page that contains the stored XSS payload.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22377 ‼
📖 Read
via "National Vulnerability Database".
Improper restriction of XML external entity reference (XXE) vulnerability exists in tsClinical Define.xml Generator all versions (v1.0.0 to v1.4.0) and tsClinical Metadata Desktop Tools Version 1.0.3 to Version 1.1.0. If this vulnerability is exploited, an attacker may obtain an arbitrary file which meets a certain condition by reading a specially crafted XML file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32474 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the StorageSecurityCommandDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU protection for the ACPI runtime memory used for the command buffer. This attack can be mitigated by copying the firmware block services data to SMRAM before checking it.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25978 ‼
📖 Read
via "National Vulnerability Database".
All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting (XSS) due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22368 ‼
📖 Read
via "National Vulnerability Database".
Untrusted search path vulnerability in ELECOM Camera Assistant 1.00 and QuickFileDealer Ver.1.2.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32473 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the HddPassword shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU protection for the ACPI runtime memory used for the command buffer. This attack can be mitigated by copying the firmware block services data to SMRAM before checking it.📖 Read
via "National Vulnerability Database".