‼ CVE-2023-1011 ‼
📖 Read
via "National Vulnerability Database".
The AI ChatBot WordPress plugin before 4.4.5 does not escape most of its settings before outputting them back in the dashboard, and does not have a proper CSRF check, allowing attackers to make a logged in admin set XSS payloads in them.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30092 ‼
📖 Read
via "National Vulnerability Database".
SourceCodester Online Pizza Ordering System v1.0 is vulnerable to SQL Injection via the QTY parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29696 ‼
📖 Read
via "National Vulnerability Database".
H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function version_set.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22789 ‼
📖 Read
via "National Vulnerability Database".
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22784 ‼
📖 Read
via "National Vulnerability Database".
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22782 ‼
📖 Read
via "National Vulnerability Database".
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29693 ‼
📖 Read
via "National Vulnerability Database".
H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function set_tftp_upgrad.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22788 ‼
📖 Read
via "National Vulnerability Database".
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22785 ‼
📖 Read
via "National Vulnerability Database".
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0522 ‼
📖 Read
via "National Vulnerability Database".
The Enable/Disable Auto Login when Register WordPress plugin through 1.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1806 ‼
📖 Read
via "National Vulnerability Database".
The WP Inventory Manager WordPress plugin before 2.1.0.12 does not sanitise and escape the message parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrators.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24408 ‼
📖 Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin <=Â 6.11.4 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-28493 ‼
📖 Read
via "National Vulnerability Database".
Auth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Macho Themes NewsMag theme <=Â 2.4.4 versions.📖 Read
via "National Vulnerability Database".
🕴 Why the 'Why' of a Data Breach Matters 🕴
📖 Read
via "Dark Reading".
The motivations of an attacker help establish what protections to put into place to protect assets.📖 Read
via "Dark Reading".
Dark Reading
Why the 'Why' of a Data Breach Matters
The motivations of an attacker help establish what protections to put into place to protect assets.
🕴 Western Digital Confirms Customer Data Stolen in Ransomware Attack 🕴
📖 Read
via "Dark Reading".
Company refutes BlackCat claims, saying it still controls digital signature infrastructure. 📖 Read
via "Dark Reading".
Dark Reading
Western Digital Confirms Customer Data Stolen in Ransomware Attack
Company refutes BlackCat claims, saying it still controls digital signature infrastructure.
‼ CVE-2023-1979 ‼
📖 Read
via "National Vulnerability Database".
The Web Stories for WordPress plugin supports the WordPress built-in functionality of protecting content with a password. The content is then only accessible to website visitors after entering the password. In WordPress, users with the "Author" role can create stories, but don't have the ability to edit password protected stories. The vulnerability allowed users with said role to bypass this permission check when trying to duplicate the protected story in the plugin's own dashboard, giving them access to the seemingly protected content. We recommend upgrading to version 1.32 or beyond commit ad49781c2a35c5c92ef704d4b621ab4e5cb77d68 https://github.com/GoogleForCreators/web-stories-wp/commit/ad49781c2a35c5c92ef704d4b621ab4e5cb77d68📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2583 ‼
📖 Read
via "National Vulnerability Database".
Code Injection in GitHub repository jsreport/jsreport prior to 3.11.3.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30837 ‼
📖 Read
via "National Vulnerability Database".
Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable. This issue was fixed in version 0.3.8.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30551 ‼
📖 Read
via "National Vulnerability Database".
Rekor is an open source software supply chain transparency log. Rekor prior to version 1.1.1 may crash due to out of memory (OOM) conditions caused by reading archive metadata files into memory without checking their sizes first. Verification of a JAR file submitted to Rekor can cause an out of memory crash if files within the META-INF directory of the JAR are sufficiently large. Parsing of an APK file submitted to Rekor can cause an out of memory crash if the .SIGN or .PKGINFO files within the APK are sufficiently large. The OOM crash has been patched in Rekor version 1.1.1. There are no known workarounds.📖 Read
via "National Vulnerability Database".
🕴 1M NextGen Patient Records Compromised in Data Breach 🕴
📖 Read
via "Dark Reading".
BlackCat ransomware operators reportedly stole the sensitive data. 📖 Read
via "Dark Reading".
Dark Reading
1M NextGen Patient Records Compromised in Data Breach
Company says a database was accessed by an "unknown third party" with stolen credentials.
‼ CVE-2023-30844 ‼
📖 Read
via "National Vulnerability Database".
Mutagen provides real-time file synchronization and flexible network forwarding for developers. Prior to versions 0.16.6 and 0.17.1 in `mutagen` and prior to version 0.17.1 in `mutagen-compose`, Mutagen `list` and `monitor` commands are susceptible to control characters that could be provided by remote endpoints. This could cause terminal corruption, either intentional or unintentional, if these characters were present in error messages or file paths/names. This could be used as an attack vector if synchronizing with an untrusted remote endpoint, synchronizing files not under control of the user, or forwarding to/from an untrusted remote endpoint. On very old systems with terminals susceptible to issues such as CVE-2003-0069, the issue could theoretically cause code execution. The problem has been patched in Mutagen v0.16.6 and v0.17.1. Earlier versions of Mutagen are no longer supported and will not be patched. Versions of Mutagen after v0.18.0 will also have the patch merged. As a workaround, avoiding synchronization of untrusted files or interaction with untrusted remote endpoints should mitigate any risk.📖 Read
via "National Vulnerability Database".