‼ CVE-2023-26066 ‼
📖 Read
via "National Vulnerability Database".
Certain Lexmark devices through 2023-02-19 have Improper Validation of an Array Index.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26070 ‼
📖 Read
via "National Vulnerability Database".
Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 4 of 4).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26067 ‼
📖 Read
via "National Vulnerability Database".
Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 1 of 4).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27178 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the upload function of GDidees CMS 3.9.1 allows attackers to execute arbitrary code via a crafted file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26466 ‼
📖 Read
via "National Vulnerability Database".
A user with non-Admin access can change a configuration file on the client to modify the Server URL.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29005 ‼
📖 Read
via "National Vulnerability Database".
Flask-AppBuilder versions before 4.3.0 lack rate limiting which can allow an attacker to brute-force user credentials. Version 4.3.0 includes the ability to enable rate limiting using `AUTH_RATE_LIMITED = True`, `RATELIMIT_ENABLED = True`, and setting an `AUTH_RATE_LIMIT`.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26068 ‼
📖 Read
via "National Vulnerability Database".
Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 2 of 4).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26064 ‼
📖 Read
via "National Vulnerability Database".
Certain Lexmark devices through 2023-02-19 have an Out-of-bounds Write.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27076 ‼
📖 Read
via "National Vulnerability Database".
Command injection vulnerability found in Tenda G103 v.1.0.0.5 allows attacker to execute arbitrary code via a the language parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26495 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Open Design Alliance Drawings SDK before 2024.1. A crafted DWG file can force the SDK to reuse an object that has been freed. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-28093 ‼
📖 Read
via "National Vulnerability Database".
A user with a compromised configuration can start an unsigned binary as a service.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26773 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting vulnerability found in Sales Tracker Management System v.1.0 allows a remote attacker to gain privileges via the product list function in the Master.php file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26065 ‼
📖 Read
via "National Vulnerability Database".
Certain Lexmark devices through 2023-02-19 have an Integer Overflow.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26063 ‼
📖 Read
via "National Vulnerability Database".
Certain Lexmark devices through 2023-02-19 access a Resource By Using an Incompatible Type.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26069 ‼
📖 Read
via "National Vulnerability Database".
Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 3 of 4).📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2023-29192 ‼
📖 Read
via "National Vulnerability Database".
SilverwareGames.io versions before 1.2.19 allow users with access to the game upload panel to edit download links for games uploaded by other developers. This has been fixed in version 1.2.19.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1668 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24721 ‼
📖 Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in LiveAction LiveSP v21.1.2 allows attackers to execute arbitrary web scripts or HTML.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26467 ‼
📖 Read
via "National Vulnerability Database".
A man in the middle can redirect traffic to a malicious server in a compromised configuration.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1916 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x.📖 Read
via "National Vulnerability Database".
🕴 Renewed Focus on Incident Response Brings New Competitors and Partnerships 🕴
📖 Read
via "Dark Reading".
Microsoft and others are doubling down on incident response, adding services and integrating programs to make security analysts and IR engagements more efficient.📖 Read
via "Dark Reading".
Dark Reading
Renewed Focus on Incident Response Brings New Competitors and Partnerships
Microsoft and others are doubling down on incident response, adding services and integrating programs to make security analysts and incident response engagements more efficient.