βΌ CVE-2023-1178 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab CE/EE affecting all versions from 8.6 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. File integrity may be compromised when source code or installation packages are pulled from a tag or from a release containing a ref to another commit.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45858 βΌ
π Read
via "National Vulnerability Database".
A use of a weak cryptographic algorithm vulnerability [CWE-327] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all versions, 8.8.0 all versions, 8.7.0 all versions may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45859 βΌ
π Read
via "National Vulnerability Database".
An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions, 8.7.0 all versions may allow a local attacker with system access to retrieve users' passwords.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27993 βΌ
π Read
via "National Vulnerability Database".
A relative path traversal [CWE-23] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a privileged attacker to delete arbitrary directories from the underlying file system via crafted CLI commands.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43950 βΌ
π Read
via "National Vulnerability Database".
A URL redirection to untrusted site ('Open Redirect') vulnerability [CWE-601] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.1 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an unauthenticated attacker to redirect users to any arbitrary website via a crafted URL.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22640 βΌ
π Read
via "National Vulnerability Database".
A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.11, FortiOS version 6.2.0 through 6.2.13, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.1, FortiProxy version 7.0.0 through 7.0.7, FortiProxy all versions 2.0, FortiProxy all versions 1.2, FortiProxy all versions 1.1, FortiProxy all versions 1.0 allows an authenticated attacker to execute unauthorized code or commands via specifically crafted requests.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27999 βΌ
π Read
via "National Vulnerability Database".
An improper neutralization of special elements used in an OS command vulnerability [CWE-78]Γ in FortiADC 7.2.0, 7.1.0 through 7.1.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22637 βΌ
π Read
via "National Vulnerability Database".
An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in License Management would permit an authenticated attacker to trigger remote code execution via crafted licenses.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0756 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The main branch of a repository with a specially crafted name allows an attacker to create repositories with malicious code, victims who clone or download these repositories will execute arbitrary code on their systems.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4376 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions, an attacker may be able to map a private email of a GitLab user to their GitLab account on an instance.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45860 βΌ
π Read
via "National Vulnerability Database".
A weak authentication vulnerability [CWE-1390] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in device registration page may allow an unauthenticated attacker to perform password spraying attacks with an increased chance of success.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30331 βΌ
π Read
via "National Vulnerability Database".
An issue in the render function of beetl v3.15.0 allows attackers to execute server-side template injection (SSTI) via a crafted payload.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30077 βΌ
π Read
via "National Vulnerability Database".
Judging Management System v1.0 by oretnom23 was discovered to vulnerable to SQL injection via /php-jms/review_result.php?mainevent_id=, mainevent_id.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27075 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting vulnerability (XSS) in the component microbin/src/pasta.rs of Microbin v1.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.π Read
via "National Vulnerability Database".
π₯1
βΌ CVE-2023-27568 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability inSpryker Commerce OS 0.9 that allows for access to sensitive data via customer/order?orderSearchForm[searchText]=π Read
via "National Vulnerability Database".
π1π₯1
βΌ CVE-2022-47757 βΌ
π Read
via "National Vulnerability Database".
In imo.im 2022.11.1051, a path traversal vulnerability delivered via an unsanitized deeplink can force the application to write a file into the application's data directory. This may allow an attacker to save a shared library under a special directory which the app uses to dynamically load modules. Loading the library can lead to arbitrary code execution.π Read
via "National Vulnerability Database".
π₯2
βΌ CVE-2023-26125 βΌ
π Read
via "National Vulnerability Database".
Versions of the package github.com/gin-gonic/gin before 1.9.0 are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header, potentially leading to cache poisoning.**Note:** Although this issue does not pose a significant threat on its own it can serve as an input vector for other more impactful vulnerabilities. However, successful exploitation may depend on the server configuration and whether the header is used in the application logic.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22651 βΌ
π Read
via "National Vulnerability Database".
Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security checks before resources are admitted into the Kubernetes cluster.The issue only affects users that upgrade from 2.6.x or 2.7.x to 2.7.2. Users that did a fresh install of 2.7.2 (and did not follow an upgrade path) are not affected.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25934 βΌ
π Read
via "National Vulnerability Database".
DELL ECS prior to 3.8.0.2 contains an improper verification of cryptographic signature vulnerability. A network attacker with an ability to intercept the request could potentially exploit this vulnerability to modify the body data of the request.π Read
via "National Vulnerability Database".
π’ As Google launches passwordless authentication for all, what are the business benefits of passkeys? π’
π Read
via "ITPro".
Google follows Apple in its latest shift to passwordless authentication, but what are the benefits? π Read
via "ITPro".
ITPro
As Google launches passwordless authentication for all, what are the business benefits of passkeys?
Google follows Apple in its latest shift to passwordless authentication, but what are the benefits?
β Tracked by hidden tags? Apple and Google unite to propose safety and security standardsβ¦ β
π Read
via "Naked Security".
To bleat, or not to bleat, that is the question.π Read
via "Naked Security".
Naked Security
Tracked by hidden tags? Apple and Google unite to propose safety and security standardsβ¦
To bleat, or not to bleat, that is the question.