βΌ CVE-2023-30789 βΌ
π Read
via "National Vulnerability Database".
MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/work` endpoint and job and company parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22813 βΌ
π Read
via "National Vulnerability Database".
A device API endpoint was missing access controls onΓ Western Digital My Cloud OS 5 Mobile App on Android, iOS, Western Digital My Cloud Home Mobile App on iOS, Android, SanDIsk ibi Mobile App on Android, iOS, Western Digital WD Cloud Mobile App on Android, iOS, Western Digital My Cloud OS 5 Web App, Western Digital My Cloud Home Web App, SanDisk ibi Web App and the Western Digital WD Web App.Γ Due to a permissive CORS policy and missing authentication requirement for private IPs, a remote attacker on the same network as the device could obtain device information by convincing a victim user to visit an attacker-controlled server and issue a cross-site request.This issue affects My Cloud OS 5 Mobile App: through 4.21.0; My Cloud Home Mobile App: through 4.21.0; ibi Mobile App: through 4.21.0; WD Cloud Mobile App: through 4.21.0; My Cloud OS 5 Web App: through 4.26.0-6126; My Cloud Home Web App: through 4.26.0-6126; ibi Web App: through 4.26.0-6126; WD Web App: through 4.26.0-6126.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23894 βΌ
π Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Surbma Surbma | GDPR Proof Cookie Consent & Notice Bar plugin <=Γ 17.5.3 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24376 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilityΓ in Nico Graff WP Simple Events plugin <=Γ 1.0 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22710 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in chilidevs Return and Warranty Management System for WooCommerce plugin <=Γ 1.2.3 versions.π Read
via "National Vulnerability Database".
π΄ New Bazel Ruleset Helps Developers Build Secure Container Images π΄
π Read
via "Dark Reading".
A new ruleset from Bazel, an open source build and test tool from Google, allows developers to create Docker images and generate software bills of materials about what is inside the containers.π Read
via "Dark Reading".
Dark Reading
New Bazel Ruleset Helps Developers Build Secure Container Images
A new ruleset from Bazel, an open source build and test tool from Google, allows developers to create Docker images and generate software bills of materials about what is inside the containers.
βΌ CVE-2022-47490 βΌ
π Read
via "National Vulnerability Database".
In soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47494 βΌ
π Read
via "National Vulnerability Database".
In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48235 βΌ
π Read
via "National Vulnerability Database".
In MP3 encoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44283 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow in the component /Enclave.cpp of Electronics and Telecommunications Research Institute ShieldStore commit 58d455617f99705f0ffd8a27616abdf77bdc1bdc allows attackers to cause an information leak via a crafted structure from an untrusted operating system.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48239 βΌ
π Read
via "National Vulnerability Database".
In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4537 βΌ
π Read
via "National Vulnerability Database".
The Hide My WP Ghost Γ’β¬β Security Plugin plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 5.0.18. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address from logging in.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44420 βΌ
π Read
via "National Vulnerability Database".
In modem, there is a possible missing verification of HashMME value in Security Mode Command. This could local denial of service with no additional execution privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44433 βΌ
π Read
via "National Vulnerability Database".
In phoneEx service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31239 βΌ
π Read
via "National Vulnerability Database".
An issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacker to cause a denial of service via the appendvfs.c function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47334 βΌ
π Read
via "National Vulnerability Database".
In phasecheck server, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48234 βΌ
π Read
via "National Vulnerability Database".
In FM service , there is a possible missing params check. This could lead to local denial of service in FM service .π Read
via "National Vulnerability Database".
βΌ CVE-2022-47487 βΌ
π Read
via "National Vulnerability Database".
In thermal service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service local denial of service with no additional execution privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48244 βΌ
π Read
via "National Vulnerability Database".
In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48243 βΌ
π Read
via "National Vulnerability Database".
In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44419 βΌ
π Read
via "National Vulnerability Database".
In modem, there is a possible missing verification of NAS Security Mode Command Replay Attacks in LTE. This could local denial of service with no additional execution privileges.π Read
via "National Vulnerability Database".