βΌ CVE-2023-2248 βΌ
π Read
via "National Vulnerability Database".
A heap out-of-bounds read/write vulnerability in the Linux Kernel traffic control (QoS) subsystem can be exploited to achieve local privilege escalation.TheΓ qfq_change_class function does not properly limit the lmax variable which can lead to out-of-bounds read/write.Γ If the TCA_QFQ_LMAX value is not offered through nlattr, lmax is determined by the MTU value of the network device. The MTU of the loopback device can be set up to 2^31-1 and as a result, it is possible to have an lmax value that exceeds QFQ_MIN_LMAX.We recommend upgrading past commit 3037933448f60f9acb705997eae62013ecb81e0d.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-2236 βΌ
π Read
via "National Vulnerability Database".
A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.BothΓ io_install_fixed_fileΓ and its callers call fput in a file in case of an error, causing a reference underflow which leads to a use-after-free vulnerability.We recommend upgrading past commit 9d94c04c0db024922e886c9fd429659f22f48ea4.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2235 βΌ
π Read
via "National Vulnerability Database".
A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation.The perf_group_detach function did not check the event's siblings' attach_state before calling add_event_to_groups(), butΓ remove_on_exec made it possible to call list_del_event() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability.We recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22923 βΌ
π Read
via "National Vulnerability Database".
A format string vulnerability in a binary of the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker to cause denial-of-service (DoS) conditions on an affected device.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22922 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote unauthenticated attacker to cause DoS conditions by sending crafted packets if Telnet is enabled on a vulnerable device.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29641 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in pandao editor.md thru 1.5.0 allows attackers to inject arbitrary web script or HTML via crafted markdown text.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29636 βΌ
π Read
via "National Vulnerability Database".
Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via the "title" field in the "blog management" page due to the the default configuration not using MyBlogUtils.cleanString.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2451 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Online DJ Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/bookings/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227795.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29637 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in Qbian61 forum-java, allows attackers to inject arbitrary web script or HTML via editing the article content in the "article editor" page.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22919 βΌ
π Read
via "National Vulnerability Database".
The post-authentication command injection vulnerability in the Zyxel NBG6604 firmware version V1.01(ABIR.0)C0 could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29638 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in WinterChenS my-site before commit 3f0423da6d5200c7a46e200da145c1f54ee18548, allows attackers to inject arbitrary web script or HTML via editing blog articles.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22921 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker with administrator privileges to store malicious scripts using a web management interface parameter, resulting in denial-of-service (DoS) conditions on an affected device.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29635 βΌ
π Read
via "National Vulnerability Database".
File upload vulnerability in Antabot White-Jotter v0.2.2, allows remote attackers to execute malicious code via the file parameter to function coversUpload.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29639 βΌ
π Read
via "National Vulnerability Database".
Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via editing an article in the "blog article" page due to the default configuration not utilizing MyBlogUtils.cleanString.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29643 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in PerfreeBlog 3.1.2 allows attackers to execute arbitrary code via the Post function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22924 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker with administrator privileges to cause denial-of-service (DoS) conditions by executing crafted CLI commands on a vulnerable device.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22503 βΌ
π Read
via "National Vulnerability Database".
Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Information Disclosure vulnerability in the macro preview feature.This vulnerability was reported by Rojan Rijal of the Tinder Security Engineering team.The affected versions are before version 7.13.15, from version 7.14.0 before 7.19.7, and from version 7.20.0 before 8.2.0.π Read
via "National Vulnerability Database".
π΄ BlackCat Trolls Western Digital With Leaked Response Meeting Image π΄
π Read
via "Dark Reading".
The ransomware group adds in personal insults to ratchet up pressure on Western Digital threat hunters.π Read
via "Dark Reading".
Dark Reading
BlackCat Trolls Western Digital With Leaked Response Meeting Image
The ransomware group adds in personal insults to ratchet up pressure on Western Digital threat hunters.
π΄ FBI Focuses on Cybersecurity With $90M Budget Request π΄
π Read
via "Dark Reading".
Never before has cyber been higher on the FBI's list of priorities. Will more money allow the Feds to make a greater impact?π Read
via "Dark Reading".
Dark Reading
FBI Focuses on Cybersecurity With $90M Budget Request
Never before has cyber been higher on the FBI's list of priorities. Will more money allow the feds to make a greater impact?
π΄ APT28 Employs Windows Update Lures to Trick Ukrainian Targets π΄
π Read
via "Dark Reading".
The phishing emails were sent using names of system administrators and a letter containing instructions to protect against hackers.π Read
via "Dark Reading".
Dark Reading
APT28 Employs Windows Update Lures to Trick Ukrainian Targets
The phishing emails were sent using names of system administrators and a letter containing instructions to protect against hackers.
β Apple delivers first-ever Rapid Security Response βcyberattackβ patch β leaves some users confused β
π Read
via "Naked Security".
Just when we'd got used to three-numbered versions, such as "13.3.1", here comes an update suffix, bringing you "13.3.1 (a)"...π Read
via "Naked Security".
Naked Security
Apple delivers first-ever Rapid Security Response βcyberattackβ patch β leaves some users confused
Just when weβd got used to three-numbered versions, such as β13.3.1β, here comes an update suffix, bringing you β13.3.1 (a)ββ¦