βΌ CVE-2023-27493 βΌ
π Read
via "National Vulnerability Database".
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy does not sanitize or escape request properties when generating request headers. This can lead to characters that are illegal in header values to be sent to the upstream service. In the worst case, it can cause upstream service to interpret the original request as two pipelined requests, possibly bypassing the intent of EnvoyΓ’β¬β’s security policy. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 contain a patch. As a workaround, disable adding request headers based on the downstream request properties, such as downstream certificate properties.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27496 βΌ
π Read
via "National Vulnerability Database".
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the OAuth filter assumes that a `state` query param is present on any response that looks like an OAuth redirect response. Sending it a request with the URI path equivalent to the redirect path, without the `state` parameter, will lead to abnormal termination of Envoy process. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 contain a patch. The issue can also be mitigated by locking down OAuth traffic, disabling the filter, or by filtering traffic before it reaches the OAuth filter (e.g. via a lua script).π Read
via "National Vulnerability Database".
π΄ Industrial Defender Launches Phoenix: OT Visibility & Security Solution for Small to Midsized Operations π΄
π Read
via "Dark Reading".
Phoenix addresses the critical need for smaller operators to secure their operations with an easy-to-use and cost-effective OT security solution.π Read
via "Dark Reading".
Dark Reading
Industrial Defender Launches Phoenix: OT Visibility & Security Solution for Small to Midsized Operations
Phoenix addresses the critical need for smaller operators to secure their operations with an easy-to-use and cost-effective OT security solution.
π΄ Cybereason Secures $100M in Funding Led by SoftBank Corp. π΄
π Read
via "Dark Reading".
Cybereason announces additional funding led by Softbank Corp.π Read
via "Dark Reading".
Dark Reading
Cybereason Secures $100M in Funding Led by SoftBank Corp.
Cybereason announces additional funding led by Softbank Corp.
π΄ CardinalOps Launches MITRE ATT&CK Security Layers for Measuring Detection Posture π΄
π Read
via "Dark Reading".
Enables enterprises to operationalize MITRE ATT&CK and build a multi-layered, threat-informed defense to eliminate gaps based on organizational risk and priorities.π Read
via "Dark Reading".
Dark Reading
CardinalOps Launches MITRE ATT&CK Security Layers for Measuring Detection Posture
Enables enterprises to operationalize MITRE ATT&CK and build a multi-layered, threat-informed defense to eliminate gaps based on organizational risk and priorities.
π΄ F5 Safeguards Digital Services With New AI-Powered App and API Security Capabilities π΄
π Read
via "Dark Reading".
Enhanced API defenses, granular machine learning capabilities, and new managed service offerings provide comprehensive protection across distributed environments.π Read
via "Dark Reading".
Dark Reading
F5 Safeguards Digital Services With New AI-Powered App and API Security Capabilities
Enhanced API defenses, granular machine learning capabilities, and new managed service offerings provide comprehensive protection across distributed environments.
β€2
βΌ CVE-2023-0382 βΌ
π Read
via "National Vulnerability Database".
User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1847 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Online Payroll System 1.0 and classified as critical. This issue affects some unknown processing of the file attendance.php. The manipulation of the argument employee leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224987.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1853 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in SourceCodester Online Payroll System 1.0. This issue affects some unknown processing of the file /admin/employee_edit.php. The manipulation of the argument of leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224993 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1846 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in SourceCodester Online Payroll System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/deduction_row.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224986 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1850 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Online Payroll System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/login.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-224990 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1856 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in SourceCodester Air Cargo Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/transactions/track_shipment.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224995.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1860 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Keysight IXIA Hawkeye 3.3.16.28. It has been declared as problematic. This vulnerability affects unknown code of the file /licenses. The manipulation of the argument view with the input teste"><script>alert(%27c4ng4c3ir0%27)</script> leads to cross site scripting. The attack can be initiated remotely. VDB-224998 is the identifier assigned to this vulnerability. NOTE: Vendor did not respond if and how they may handle this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1857 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/?page=product/manage_product&id=2. The manipulation of the argument Product Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224996.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1851 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in SourceCodester Online Payroll System 1.0. This affects an unknown part of the file /admin/employee_add.php. The manipulation of the argument of leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224991.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1849 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Online Payroll System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/cashadvance_row.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224989 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1854 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in SourceCodester Online Graduate Tracer System 1.0. Affected is an unknown function of the file admin/. The manipulation leads to session expiration. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-224994 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1852 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in SourceCodester Online Payroll System 1.0. This vulnerability affects unknown code of the file /admin/deduction_edit.php. The manipulation of the argument description leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-224992.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26536 βΌ
π Read
via "National Vulnerability Database".
Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Jonk @ Follow me Darling Sp*tify Play Button for WordPress plugin <= 2.05 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1848 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Online Payroll System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/attendance_row.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224988.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1858 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Earnings and Expense Tracker App 1.0. It has been classified as problematic. This affects an unknown part of the file index.php. The manipulation of the argument page leads to information disclosure. It is possible to initiate the attack remotely. The identifier VDB-224997 was assigned to this vulnerability.π Read
via "National Vulnerability Database".