βΌ CVE-2023-27730 βΌ
π Read
via "National Vulnerability Database".
Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_lvlhsh_find at src/njs_lvlhsh.c.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27727 βΌ
π Read
via "National Vulnerability Database".
Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_function_frame at src/njs_function.h.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27728 βΌ
π Read
via "National Vulnerability Database".
Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_dump_is_recursive at src/njs_vmcode.c.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27719 βΌ
π Read
via "National Vulnerability Database".
D-Link DIR878 1.30B08 was discovered to contain a stack overflow in the sub_478360 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27720 βΌ
π Read
via "National Vulnerability Database".
D-Link DIR878 1.30B08 was discovered to contain a stack overflow in the sub_48d630 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27718 βΌ
π Read
via "National Vulnerability Database".
D-Link DIR878 1.30B08 was discovered to contain a stack overflow in the sub_498308 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27729 βΌ
π Read
via "National Vulnerability Database".
Nginx NJS v0.7.10 was discovered to contain an illegal memcpy via the function njs_vmcode_return at src/njs_vmcode.c.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29215 βΌ
π Read
via "National Vulnerability Database".
In Apache Linkis <=1.3.1, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in JDBC EengineConn Module will trigger a deserialization vulnerability and eventually lead to remote code execution. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3.2.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27602 βΌ
π Read
via "National Vulnerability Database".
In Apache Linkis <=1.3.1, The PublicService module uploadsΓ files without restrictions on the path to the uploadedΓ files, and file types. We recommend users upgrade the version of Linkis to version 1.3.2.Γ For versions <=1.3.1, we suggest turning on the file path check switch in linkis.properties `wds.linkis.workspace.filesystem.owner.check=true` `wds.linkis.workspace.filesystem.path.check=true`π Read
via "National Vulnerability Database".
βΌ CVE-2023-27603 βΌ
π Read
via "National Vulnerability Database".
In Apache Linkis <=1.3.1, due to the Manager module engineConn material upload does not check the zip path,Γ This is a Zip Slip issue, which will lead to aΓ potential RCE vulnerability. We recommend users upgrade the version of Linkis to version 1.3.2.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27987 βΌ
π Read
via "National Vulnerability Database".
In Apache Linkis <=1.3.1,Γ due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack.Γ Generation rules should add random values. We recommend users upgrade the version of Linkis to version 1.3.2 And modify the default token value. You can refer to Token authorization[1] https://linkis.apache.org/docs/latest/auth/token https://linkis.apache.org/docs/latest/auth/tokenπ Read
via "National Vulnerability Database".
βΌ CVE-2023-26120 βΌ
π Read
via "National Vulnerability Database".
This affects all versions of the package com.xuxueli:xxl-job. HTML uploaded payload executed successfully through /xxl-job-admin/user/add and /xxl-job-admin/user/update.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29216 βΌ
π Read
via "National Vulnerability Database".
In Apache Linkis <=1.3.1, because the parameters are not effectively filtered, the attacker uses the MySQL data source and malicious parameters to configure a new data source to trigger a deserialization vulnerability, eventually leading to remote code execution. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3.2.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45985 βΌ
π Read
via "National Vulnerability Database".
In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read.π Read
via "National Vulnerability Database".
π΄ Rethinking Cybersecurity's Structure & the Role of the Modern CISO π΄
π Read
via "Dark Reading".
A CISO with a focused role will be better prepared to thrive in an organization and accelerate adoption and understanding of cybersecurity.π Read
via "Dark Reading".
Dark Reading
Rethinking Cybersecurity's Structure & the Role of the Modern CISO
A CISO with a focused role will be better prepared to thrive in an organization and accelerate adoption and understanding of cybersecurity.
βΌ CVE-2023-26860 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability found in PrestaShop Igbudget v.1.0.3 and before allow a remote attacker to gain privileges via the LgBudgetBudgetModuleFrontController::displayAjaxGenerateBudget component.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26774 βΌ
π Read
via "National Vulnerability Database".
An issue found in Sales Tracker Management System v.1.0 allows a remote attacker to access sensitive information via sales.php component of the admin/reports endpoint.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36077 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability found in Tailor Mangement System v.1 allows a remote attacker to execute arbitrary code via the customer parameter of the orderadd.php fileπ Read
via "National Vulnerability Database".
βΌ CVE-2023-26788 βΌ
π Read
via "National Vulnerability Database".
Veritas Appliance v4.1.0.1 is affected by Host Header Injection attacks. HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would just cause the request to be sent to a completely different Domain/IP address.π Read
via "National Vulnerability Database".
βΌ CVE-2015-10099 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in CP Appointment Calendar Plugin up to 1.1.5. This affects the function dex_process_ready_to_go_appointment of the file dex_appointments.php. The manipulation of the argument itemnumber leads to sql injection. It is possible to initiate the attack remotely. The name of the patch is e29a9cdbcb0f37d887dd302a05b9e8bf213da01d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-225351.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1426 βΌ
π Read
via "National Vulnerability Database".
The WP Tiles WordPress plugin through 1.1.2 does not ensure that posts to be displayed are not draft/private, allowing any authenticated users, such as subscriber to retrieve the titles of draft and privates posts for example. AN attacker could also retrieve the title of any other type of post.π Read
via "National Vulnerability Database".