‼ CVE-2023-27596 ‼
📖 Read
via "National Vulnerability Database".
OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.8 and 3.2.5, OpenSIPS crashes when a malformed SDP body is sent multiple times to an OpenSIPS configuration that makes use of the `stream_process` function. This issue was discovered during coverage guided fuzzing of the function `codec_delete_except_re`. By abusing this vulnerability, an attacker is able to crash the server. It affects configurations containing functions that rely on the affected code, such as the function `codec_delete_except_re`. This issue has been fixed in version 3.1.8 and 3.2.5.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27507 ‼
📖 Read
via "National Vulnerability Database".
The Kamailio SIP before 5.5.0 server mishandles INVITE requests with duplicated fields and overlength tag, leading to a buffer overflow that crashes the server or possibly have unspecified other impact.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27598 ‼
📖 Read
via "National Vulnerability Database".
OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, sending a malformed `Via` header to OpenSIPS triggers a segmentation fault when the function `calc_tag_suffix` is called. A specially crafted `Via` header, which is deemed correct by the parser, will pass uninitialized strings to the function `MD5StringArray` which leads to the crash. Abuse of this vulnerability leads to Denial of Service due to a crash. Since the uninitialized string points to memory location `0x0`, no further exploitation appears to be possible. No special network privileges are required to perform this attack, as long as the OpenSIPS configuration makes use of functions such as `sl_send_reply` or `sl_gen_totag` that trigger the vulnerable code. This issue has been fixed in versions 3.1.7 and 3.2.4.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22591 ‼
📖 Read
via "National Vulnerability Database".
IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 through 23.0.1 could allow a user with physical access to the system due to session tokens for not being invalidated after a password reset. IBM X-Force ID: 243710.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25344 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in swig-templates thru 2.0.4 and swig thru 1.4.2, allows attackers to execute arbitrary code via crafted Object.prototype anonymous function.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46773 ‼
📖 Read
via "National Vulnerability Database".
IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools. Invalid credential pools may be created as a result. IBM X-Force ID: 242951.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25680 ‼
📖 Read
via "National Vulnerability Database".
IBM Robotic Process Automation 21.0.1 through 21.0.5 is vulnerable to insufficiently protecting credentials. Queue Provider credentials are not obfuscated while editing queue provider details. IBM X-Force ID: 247032.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26484 ‼
📖 Read
via "National Vulnerability Database".
KubeVirt is a virtual machine management add-on for Kubernetes. In versions 0.59.0 and prior, if a malicious user has taken over a Kubernetes node where virt-handler (the KubeVirt node-daemon) is running, the virt-handler service account can be used to modify all node specs. This can be misused to lure-in system-level-privileged components which can, for instance, read all secrets on the cluster, or can exec into pods on other nodes. This way, a compromised node can be used to elevate privileges beyond the node until potentially having full privileged access to the whole cluster. The simplest way to exploit this, once a user could compromise a specific node, is to set with the virt-handler service account all other nodes to unschedulable and simply wait until system-critical components with high privileges appear on its node. No patches are available as of time of publication. As a workaround, gatekeeper users can add a webhook which will block the `virt-handler` service account to modify the spec of a node.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-28450 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27599 ‼
📖 Read
via "National Vulnerability Database".
OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, when the function `append_hf` handles a SIP message with a malformed To header, a call to the function `abort()` is performed, resulting in a crash. This is due to the following check in `data_lump.c:399` in the function `anchor_lump`. An attacker abusing this vulnerability will crash OpenSIPS leading to Denial of Service. It affects configurations containing functions that make use of the affected code, such as the function `append_hf`. This issue has been fixed in versions 3.1.7 and 3.2.4.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26912 ‼
📖 Read
via "National Vulnerability Database".
Cross site scripting (XSS) vulnerability in xenv S-mall-ssm thru commit 3d9e77f7d80289a30f67aaba1ae73e375d33ef71 on Feb 17, 2020, allows local attackers to execute arbitrary code via the evaluate button.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-28466 ‼
📖 Read
via "National Vulnerability Database".
do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24795 ‼
📖 Read
via "National Vulnerability Database".
Command execution vulnerability was discovered in JHR-N916R router firmware version<=21.11.1.1483.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23150 ‼
📖 Read
via "National Vulnerability Database".
SA-WR915ND router firmware v17.35.1 was discovered to be vulnerable to code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-28487 ‼
📖 Read
via "National Vulnerability Database".
Sudo before 1.9.13 does not escape control characters in sudoreplay output.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24760 ‼
📖 Read
via "National Vulnerability Database".
An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2023-25281 ‼
📖 Read
via "National Vulnerability Database".
A stack overflow vulnerability exists in pingV4Msg component in D-Link DIR820LA1_FW105B03, allows attackers to cause a denial of service via the nextPage parameter to ping.ccp.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27084 ‼
📖 Read
via "National Vulnerability Database".
Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allows local attackers to obtain sensitive information via the AttachmentController parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4009 ‼
📖 Read
via "National Vulnerability Database".
In affected versions of Octopus Deploy it is possible for a user to introduce code via offline package creation📖 Read
via "National Vulnerability Database".
‼ CVE-2023-28486 ‼
📖 Read
via "National Vulnerability Database".
Sudo before 1.9.13 does not escape control characters in log messages.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27095 ‼
📖 Read
via "National Vulnerability Database".
Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module.📖 Read
via "National Vulnerability Database".