‼ CVE-2022-39228 ‼
📖 Read
via "National Vulnerability Database".
vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. vantage6 does not inform the user of wrong username/password combination if the username actually exists. This is an attempt to prevent bots from obtaining usernames. However, if a wrong password is entered a number of times, the user account is blocked temporarily. This issue has been fixed in version 3.8.0.📖 Read
via "National Vulnerability Database".
🕴 Linux Support Expands Cyber Spy Group's Arsenal 🕴
📖 Read
via "Dark Reading".
An infamous Chinese cyber-hacking team has extended its SysUpdate malware framework to target Linux systems.📖 Read
via "Dark Reading".
Dark Reading
Linux Support Expands Cyber Spy Group's Arsenal
An infamous Chinese cyber-hacking team has extended its SysUpdate malware framework to target Linux systems.
🕴 Offensive Security Is Now OffSec - Refresh Reflects Future of Cybersecurity Learning and Skills Development 🕴
📖 Read
via "Dark Reading".
Updated OffSec™ identity substantiates the company's commitment to expanding its cybersecurity content and resources to prepare infosec professionals for the future.📖 Read
via "Dark Reading".
Dark Reading
Offensive Security Is Now OffSec - Refresh Reflects Future of Cybersecurity Learning and Skills Development
Updated OffSecâ„¢ identity substantiates the company's commitment to expanding its cybersecurity content and resources to prepare infosec professionals for the future.
‼ CVE-2023-23005 ‼
📖 Read
via "National Vulnerability Database".
In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the alloc_memory_type return value (expects it to be NULL in the error case, whereas it is actually an error pointer).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23006 ‼
📖 Read
via "National Vulnerability Database".
In the Linux kernel before 5.15.13, drivers/net/ethernet/mellanox/mlx5/core/steering/dr_domain.c misinterprets the mlx5_get_uars_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23003 ‼
📖 Read
via "National Vulnerability Database".
In the Linux kernel before 5.16, tools/perf/util/expr.c lacks a check for the hashmap__new return value.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25931 ‼
📖 Read
via "National Vulnerability Database".
Medtronic identified that the Pelvic Health clinician apps, which are installed on the Smart Programmer mobile device, have a password vulnerability that requires a security update to fix. Not updating could potentially result in unauthorized control of the clinician therapy application, which has greater control over therapy parameters than the patient app. Changes still cannot be made outside of the established therapy parameters of the programmer. For unauthorized access to occur, an individual would need physical access to the Smart Programmer.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4901 ‼
📖 Read
via "National Vulnerability Database".
Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the victim.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24133 ‼
📖 Read
via "National Vulnerability Database".
Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey_5g parameter at /goform/WifiBasicSet.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23000 ‼
📖 Read
via "National Vulnerability Database".
In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return value. Callers expect NULL in the error case, but an error pointer is used.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24129 ‼
📖 Read
via "National Vulnerability Database".
Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey4 parameter at /goform/WifiBasicSet.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24134 ‼
📖 Read
via "National Vulnerability Database".
Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey3 parameter at /goform/WifiBasicSet.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1130 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in SourceCodester Computer Parts Sales and Inventory System 1.0. This affects an unknown part of the file processlogin. The manipulation of the argument user leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222105 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1131 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been found in SourceCodester Computer Parts Sales and Inventory System 1.0 and classified as problematic. This vulnerability affects unknown code of the file customer.php. The manipulation of the argument FIRST_NAME/LAST_NAME/PHONE_NUMBER leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222106 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24131 ‼
📖 Read
via "National Vulnerability Database".
Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey1_5g parameter at /goform/WifiBasicSet.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48309 ‼
📖 Read
via "National Vulnerability Database".
A CSRF vulnerability allows malicious websites to retrieve logs and technical support archives in Sophos Connect versions older than 2.2.90.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48310 ‼
📖 Read
via "National Vulnerability Database".
An information disclosure vulnerability allows sensitive key material to be included in technical support archives in Sophos Connect versions older than 2.2.90.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3162 ‼
📖 Read
via "National Vulnerability Database".
Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions sharing the same API group 2. Users have cluster-wide list or watch authorization on one of those custom resources. 3. The same users are not authorized to read another custom resource in the same API group.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24130 ‼
📖 Read
via "National Vulnerability Database".
Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey parameter at /goform/WifiBasicSet.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23004 ‼
📖 Read
via "National Vulnerability Database".
In the Linux kernel before 5.19, drivers/gpu/drm/arm/malidp_planes.c misinterprets the get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1097 ‼
📖 Read
via "National Vulnerability Database".
Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vulnerable to improper code exploitation via HTTP GET command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods have been tested and validated by a 3rd party analyst and have been confirmed exploitable special thanks to Lionel Musonza for the discovery.📖 Read
via "National Vulnerability Database".