βΌ CVE-2023-26936 βΌ
π Read
via "National Vulnerability Database".
Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via gmalloc in gmem.ccπ Read
via "National Vulnerability Database".
βΌ CVE-2023-26931 βΌ
π Read
via "National Vulnerability Database".
Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the TextOutputDev.cc function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26934 βΌ
π Read
via "National Vulnerability Database".
An issue found in XPDF v.4.04 allows an attacker to cause a denial of service via a crafted pdf file in the object.cc parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31250 βΌ
π Read
via "National Vulnerability Database".
The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing private files after updating.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30546 βΌ
π Read
via "National Vulnerability Database".
Contiki-NG is an operating system for Internet of Things devices. An off-by-one error can be triggered in the Antelope database management system in the Contiki-NG operating system in versions 4.8 and prior. The problem exists in the Contiki File System (CFS) backend for the storage of data (file os/storage/antelope/storage-cfs.c). In the functions `storage_get_index` and `storage_put_index`, a buffer for merging two strings is allocated with one byte less than the maximum size of the merged strings, causing subsequent function calls to the cfs_open function to read from memory beyond the buffer size. The vulnerability has been patched in the "develop" branch of Contiki-NG, and is expected to be included in the next release. As a workaround, the problem can be fixed by applying the patch in Contiki-NG pull request #2425.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0458 βΌ
π Read
via "National Vulnerability Database".
A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commitΓ 739790605705ddcf18f21782b9c99ad7d53a8c11π Read
via "National Vulnerability Database".
βΌ CVE-2023-26930 βΌ
π Read
via "National Vulnerability Database".
Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the PDFDoc malloc in the pdftotext.cc function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44232 βΌ
π Read
via "National Vulnerability Database".
libming 0.4.8 0.4.8 is vulnerable to Buffer Overflow. In getInt() in decompile.c unknown type may lead to denial of service. This is a different vulnerability than CVE-2018-9132 and CVE-2018-20427.π Read
via "National Vulnerability Database".
π΄ BigID and Thales Collaborate to Deliver Comprehensive Data Protection and Privacy Compliance π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
BigID and Thales Collaborate to Deliver Comprehensive Data Protection and Privacy Compliance
NEW YORK, April 26, 2023 /PRNewswire/ -- BigID, the leading data intelligence platform that enables organizations to know their enterprise data and take action for privacy, security, and governance, today announced a technology partnership with Thales, theβ¦
βΌ CVE-2023-30280 βΌ
π Read
via "National Vulnerability Database".
Buffer Overflow vulnerability found in Netgear R6900 v.1.0.2.26, R6700v3 v.1.0.4.128, R6700 v.1.0.0.26 allows a remote attacker to execute arbitrary code and cause a denial ofservice via the getInputData parameter of the fwSchedule.cgi page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45456 βΌ
π Read
via "National Vulnerability Database".
Denial of service due to unauthenticated API endpoint. The following products are affected: Acronis Agent (Windows, macOS, Linux) before build 30161.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30843 βΌ
π Read
via "National Vulnerability Database".
Payload is a free and open source headless content management system. In versions prior to 1.7.0, if a user has access to documents that contain hidden fields or fields they do not have access to, the user could reverse-engineer those values via brute force. Version 1.7.0 contains a patch. As a workaround, write a `beforeOperation` hook to remove `where` queries that attempt to access hidden field data.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29443 βΌ
π Read
via "National Vulnerability Database".
Zoho ManageEngine ServiceDesk Plus through 14104 allows admin users to conduct an XXE attack.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29836 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting vulnerability found in Exelysis Unified Communication Solutions (EUCS) v.1.0 allows a remote attacker to execute arbitrary code via the Username parameter of the eucsAdmin login form.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2291 βΌ
π Read
via "National Vulnerability Database".
Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a low-privileged user to an Administrative user.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36070 βΌ
π Read
via "National Vulnerability Database".
Insecure Permission vulnerability found in Yoyager v.1.4 and before allows a remote attacker to execute arbitrary code via a crafted .php file to the media component.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29596 βΌ
π Read
via "National Vulnerability Database".
Buffer Overflow vulnerability found in ByronKnoll Cmix v.19 allows an attacker to execute arbitrary code and cause a denial of service via the paq8 function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28009 βΌ
π Read
via "National Vulnerability Database".
HCL Workload Automation is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29835 βΌ
π Read
via "National Vulnerability Database".
Insecure Permission vulnerability found in Wondershare Dr.Fone v.12.9.6 allows a remote attacker to escalate privileges via the service permission function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26567 βΌ
π Read
via "National Vulnerability Database".
Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. This exposes cleartext authentication credentials for the Asterisk Database (MariaDB/MySQL) and Asterisk Manager Interface. For example, an attacker can make a /ari/asterisk/variable?variable=AMPDBPASS API call.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27559 βΌ
π Read
via "National Vulnerability Database".
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted subquery. IBM X-Force ID: 249196.π Read
via "National Vulnerability Database".