โผ CVE-2023-25824 โผ
๐ Read
via "National Vulnerability Database".
Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. Versions from 0.9.0 to 0.12.0 (including) did not properly fail blocking read operations on TLS connections when the transport hit timeouts. Instead it entered an endless loop retrying the read operation, consuming CPU resources. This could be exploited for denial of service attacks. If trace level logging was enabled, it would also produce an excessive amount of log output during the loop, consuming disk space. The problem has been fixed in commit d7eec4e598158ab6a98bf505354e84352f9715ec, please update to version 0.12.1. There are no workarounds, users who cannot update should apply the errno fix detailed in the security advisory.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-0754 โผ
๐ Read
via "National Vulnerability Database".
The affected products are vulnerable to an integer overflow or wraparound, which could allow an attacker to crash the server and remotely execute arbitrary code.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-24205 โผ
๐ Read
via "National Vulnerability Database".
Clash for Windows v0.20.12 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via overwriting the configuration file (cfw-setting.yaml).๐ Read
via "National Vulnerability Database".
๐ด 87% of Container Images in Production Have Critical or High-Severity Vulnerabilities ๐ด
๐ Read
via "Dark Reading".
At the inaugural CloudNativeSecurityCon, DevSecOps practitioners discussed how to shore up the software supply chain.๐ Read
via "Dark Reading".
Dark Reading
87% of Container Images in Production Have Critical or High-Severity Vulnerabilities
At the inaugural CloudNativeSecurityCon, DevSecOps practitioners discussed how to shore up the software supply chain.
โผ CVE-2023-24212 โผ
๐ Read
via "National Vulnerability Database".
Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the timeType function at /goform/SetSysTimeCfg.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-23295 โผ
๐ Read
via "National Vulnerability Database".
Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /goform/formSysCmd. An attacker an modify the sysCmd parameter in order to execute commands as root.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-23296 โผ
๐ Read
via "National Vulnerability Database".
Korenix JetWave 4200 Series 1.3.0 and JetWave 3200 Series 1.6.0 are vulnerable to Denial of Service via /goform/formDefault.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-26468 โผ
๐ Read
via "National Vulnerability Database".
Cerebrate 1.12 does not properly consider organisation_id during creation of API keys.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-23294 โผ
๐ Read
via "National Vulnerability Database".
Korenix JetWave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection. An attacker can modify the file_name parameter to execute commands as root.๐ Read
via "National Vulnerability Database".
๐ฅ1
โผ CVE-2023-26102 โผ
๐ Read
via "National Vulnerability Database".
All versions of the package rangy are vulnerable to Prototype Pollution when using the extend() function in file rangy-core.js.The function uses recursive merge which can lead an attacker to modify properties of the Object.prototype๐ Read
via "National Vulnerability Database".
โผ CVE-2022-46440 โผ
๐ Read
via "National Vulnerability Database".
ttftool v0.9.2 was discovered to contain a segmentation violation via the readU16 function at ttf.c.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-0995 โผ
๐ Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository unilogies/bumsys prior to v2.0.1.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-1607 โผ
๐ Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant allows Cross Site Request Forgery.This issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) รขโฌโ comcode 150047415.๐ Read
via "National Vulnerability Database".
โค1
โผ CVE-2023-0994 โผ
๐ Read
via "National Vulnerability Database".
Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.8.2.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-0996 โผ
๐ Read
via "National Vulnerability Database".
There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-1005 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability was found in JP1016 Markdown-Electron and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to code injection. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. VDB-221738 is the identifier assigned to this vulnerability.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-0999 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in SourceCodester Sales Tracker Management System 1.0. This vulnerability affects unknown code of the file admin/?page=user/list. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221734 is the identifier assigned to this vulnerability.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-22427 โผ
๐ Read
via "National Vulnerability Database".
Stored cross-site scripting vulnerability in Theme switching function of SHIRASAGI v1.16.2 and earlier versions allows a remote attacker with an administrative privilege to inject an arbitrary script.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-0997 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Moosikay E-Commerce System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Moosikay/order.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221732.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-1002 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in MuYuCMS 2.2. This issue affects some unknown processing of the file index.php. The manipulation of the argument file_path leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221735.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-1006 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Medical Certificate Generator App 1.0. It has been classified as problematic. This affects an unknown part of the component New Record Handler. The manipulation of the argument lastname with the input "><script>prompt(1)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-221739.๐ Read
via "National Vulnerability Database".