‼ CVE-2023-20869 ‼
📖 Read
via "National Vulnerability Database".
VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-31223 ‼
📖 Read
via "National Vulnerability Database".
Dradis before 4.8.0 allows persistent XSS by authenticated author users, related to avatars.📖 Read
via "National Vulnerability Database".
🕴 CISOs Rethink Data Security with Info-Centric Framework 🕴
📖 Read
via "Dark Reading".
The Data Security Maturity Model ditches application, network, and device silos when it comes to architecting a data security strategy.📖 Read
via "Dark Reading".
Dark Reading
CISOs Rethink Data Security With Info-Centric Framework
The Data Security Maturity Model ditches application, network, and device silos when it comes to architecting a data security strategy.
‼ CVE-2023-30404 ‼
📖 Read
via "National Vulnerability Database".
Aigital Wireless-N Repeater Mini_Router v0.131229 was discovered to contain a remote code execution (RCE) vulnerability via the sysCmd parameter in the formSysCmd function. This vulnerability is exploited via a crafted HTTP request.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2012-5873 ‼
📖 Read
via "National Vulnerability Database".
ARC (aka ARC2) through 2011-12-01 allows reflected XSS via the end_point.php query parameter in an output=htmltab action.📖 Read
via "National Vulnerability Database".
‼ CVE-2012-5872 ‼
📖 Read
via "National Vulnerability Database".
ARC (aka ARC2) through 2011-12-01 allows blind SQL Injection in getTriplePatternSQL in ARC2_StoreSelectQueryHandler.php via comments in a SPARQL WHERE clause.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41739 ‼
📖 Read
via "National Vulnerability Database".
IBM Spectrum Scale (IBM Spectrum Scale Container Native Storage Access 5.1.2.1 through 5.1.6.0) could allow programs running inside the container to overcome isolation mechanism and gain additional capabilities or access sensitive information on the host. IBM X-Force ID: 237815.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27843 ‼
📖 Read
via "National Vulnerability Database".
SQL injection vulnerability found in PrestaShop askforaquote v.5.4.2 and before allow a remote attacker to gain privileges via the QuotesProduct::deleteProduct component.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26735 ‼
📖 Read
via "National Vulnerability Database".
blackbox_exporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26560 ‼
📖 Read
via "National Vulnerability Database".
Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36769 ‼
📖 Read
via "National Vulnerability Database".
IBM Cloud Pak for Data 4.5 and 4.6 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 232034.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30106 ‼
📖 Read
via "National Vulnerability Database".
Sourcecodester Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS) via page=about.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30111 ‼
📖 Read
via "National Vulnerability Database".
Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS).📖 Read
via "National Vulnerability Database".
🕴 Effects of the Hive Ransomware Group Takedown 🕴
📖 Read
via "Dark Reading".
Despite some success in limiting damage from Hive, there's no time to relax security vigilance. 📖 Read
via "Dark Reading".
Dark Reading
Effects of the Hive Ransomware Group Takedown
Despite some success in limiting damage from Hive, there's no time to relax security vigilance.
‼ CVE-2023-24796 ‼
📖 Read
via "National Vulnerability Database".
Password vulnerability found in Vinga WR-AC1200 81.102.1.4370 and before allows a remote attacker to execute arbitrary code via the password parameter at the /goform/sysTools and /adm/systools.asp endpoints.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26286 ‼
📖 Read
via "National Vulnerability Database".
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX runtime services library to execute arbitrary commands. IBM X-Force ID: 248421.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29257 ‼
📖 Read
via "National Vulnerability Database".
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance. IBM X-Force ID: 252011.📖 Read
via "National Vulnerability Database".
🕴 Metaverse Version of the Dark Web Could be Nearly Impenetrable 🕴
📖 Read
via "Dark Reading".
Law enforcement will likely find it much harder to take down criminal activities on the "deepverse."📖 Read
via "Dark Reading".
Dark Reading
Metaverse Version of the Dark Web Could Be Nearly Impenetrable
Law enforcement will likely find it much harder to take down criminal activities on the "deepverse."
‼ CVE-2022-25273 ‼
📖 Read
via "National Vulnerability Database".
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25278 ‼
📖 Read
via "National Vulnerability Database".
Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules or themes may be affected.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25277 ‼
📖 Read
via "National Vulnerability Database".
Drupal core sanitizes filenames with dangerous extensions upon upload (reference: SA-CORE-2020-012) and strips leading and trailing dots from filenames to prevent uploading server configuration files (reference: SA-CORE-2019-010). However, the protections for these two vulnerabilities previously did not work correctly together. As a result, if the site were configured to allow the upload of files with an htaccess extension, these files' filenames would not be properly sanitized. This could allow bypassing the protections provided by Drupal core's default .htaccess files and possible remote code execution on Apache web servers. This issue is mitigated by the fact that it requires a field administrator to explicitly configure a file field to allow htaccess as an extension (a restricted permission), or a contributed module or custom code that overrides allowed file uploads.📖 Read
via "National Vulnerability Database".