โผ CVE-2023-24125 โผ
๐ Read
via "National Vulnerability Database".
Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey2_5g parameter at /goform/WifiBasicSet.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-24124 โผ
๐ Read
via "National Vulnerability Database".
Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wrlEn parameter at /goform/WifiBasicSet.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-24121 โผ
๐ Read
via "National Vulnerability Database".
Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the security_5g parameter at /goform/WifiBasicSet.๐ Read
via "National Vulnerability Database".
โผ CVE-2020-5001 โผ
๐ Read
via "National Vulnerability Database".
IBM Financial Transaction Manager 3.2.0 through 3.2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 192953.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-24123 โผ
๐ Read
via "National Vulnerability Database".
Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepauth parameter at /goform/WifiBasicSet.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-22738 โผ
๐ Read
via "National Vulnerability Database".
vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Assigning existing users to a different organizations is currently possible. It may lead to unintended access: if a user from organization A is accidentally assigned to organization B, they will retain their permissions and therefore might be able to access stuff they should not be allowed to access. This issue is patched in version 3.8.0.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-24118 โผ
๐ Read
via "National Vulnerability Database".
Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the security parameter at /goform/WifiBasicSet.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-24122 โผ
๐ Read
via "National Vulnerability Database".
Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the ssid_5g parameter at /goform/WifiBasicSet.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-24119 โผ
๐ Read
via "National Vulnerability Database".
Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the ssid parameter at /goform/WifiBasicSet.๐ Read
via "National Vulnerability Database".
๐ด Ermetic Adds Kubernetes Security to CNAPP ๐ด
๐ Read
via "Dark Reading".
The automated capabilities can discover misconfigurations, compliance violations, and risk or excessive privileges in Kubernetes clusters.๐ Read
via "Dark Reading".
Dark Reading
Ermetic Adds Kubernetes Security to CNAPP
The automated capabilities can discover misconfigurations, compliance violations, and risk or excessive privileges in Kubernetes clusters.
โผ CVE-2023-1146 โผ
๐ Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Generic in GitHub repository flatpressblog/flatpress prior to 1.3.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-0228 โผ
๐ Read
via "National Vulnerability Database".
Improper Authentication vulnerability in ABB Symphony Plus S+ Operations allows Man in the Middle Attack.This issue affects Symphony Plus S+ Operations: from 2.X through 2.1 SP2, 2.2, from 3.X through 3.3 SP1, 3.3 SP2.๐ Read
via "National Vulnerability Database".
๐1
โผ CVE-2023-1107 โผ
๐ Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-0053 โผ
๐ Read
via "National Vulnerability Database".
SAUTER Controls Nova 200รขโฌโ220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior have only FTP and Telnet available for device management. Any sensitive information communicated through these protocols, such as credentials, is sent in cleartext. An attacker could obtain sensitive information such as user credentials to gain access to the system.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-1148 โผ
๐ Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-26046 โผ
๐ Read
via "National Vulnerability Database".
teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version 0.1.1 is vulnerable to bypassing common web attack rules when a specific HTML entities payload is used. This vulnerability allows an attacker to execute arbitrary JavaScript code on the victim's browser and compromise the security of the web application. The vulnerability exists due to teler-waf failure to properly sanitize and filter HTML entities in user input. An attacker can exploit this vulnerability to bypass common web attack threat rules in teler-waf and launch cross-site scripting (XSS) attacks. The attacker can execute arbitrary JavaScript code on the victim's browser and steal sensitive information, such as login credentials and session tokens, or take control of the victim's browser and perform malicious actions. This issue has been fixed in version 0.1.1.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-25155 โผ
๐ Read
via "National Vulnerability Database".
Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis versions. Patches were released in Redis version(s) 6.0.18, 6.2.11 and 7.0.9.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-26053 โผ
๐ Read
via "National Vulnerability Database".
Gradle is a build tool with a focus on build automation and support for multi-language development. This is a collision attack on long IDs (64bits) for PGP keys. Users of dependency verification in Gradle are vulnerable if they use long IDs for PGP keys in a `trusted-key` or `pgp` element in their dependency verification metadata file. The fix is to fail dependency verification if anything but a fingerprint is used in a trust element in dependency verification metadata. The problem is fixed in Gradle 8.0 and above. The problem is also patched in Gradle 6.9.4 and 7.6.1. As a workaround, use only full fingerprint IDs for `trusted-key` or `pgp` element in the metadata is a protection against this issue.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-1106 โผ
๐ Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in GitHub repository flatpressblog/flatpress prior to 1.3.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-1147 โผ
๐ Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-1149 โผ
๐ Read
via "National Vulnerability Database".
Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.8.0.๐ Read
via "National Vulnerability Database".