βΌ CVE-2023-31979 βΌ
π Read
via "National Vulnerability Database".
Catdoc v0.95 was discovered to contain a global buffer overflow via the function process_file at /src/reader.c.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31134 βΌ
π Read
via "National Vulnerability Database".
Tauri is software for building applications for multi-platform deployment. The Tauri IPC is usually strictly isolated from external websites, but in versions 1.0.0 until 1.0.9, 1.1.0 until 1.1.4, and 1.2.0 until 1.2.5, the isolation can be bypassed by redirecting an existing Tauri window to an external website. This is either possible by an application implementing a feature for users to visitarbitrary websites or due to a bug allowing the open redirect. This allows the external website access to the IPC layer and therefore to all configured and exposed Tauri API endpoints and application specific implemented Tauri commands. This issue has been patched in versions 1.0.9, 1.1.4, and 1.2.5. As a workaround, prevent arbitrary input in redirect features and/or only allow trusted websites access to the IPC.π Read
via "National Vulnerability Database".
β Low-level motherboard security keys leaked in MSI breach, claim researchers β
π Read
via "Naked Security".
What can you do if someone steals your keys but you can't change the lock? We explain the dilemma in plain English.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ The Problem of Old Vulnerabilities β and What to Do About It π΄
π Read
via "Dark Reading".
The vulnerabilities most often exploited by ransomware attackers are already known to us.π Read
via "Dark Reading".
Dark Reading
The Problem of Old Vulnerabilities β and What to Do About It
The vulnerabilities most often exploited by ransomware attackers are already known to us.
βΌ CVE-2020-23362 βΌ
π Read
via "National Vulnerability Database".
Insecure Permissons vulnerability found in Shop_CMS YerShop all versions allows a remote attacker to escalate privileges via the cover_id parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23363 βΌ
π Read
via "National Vulnerability Database".
Cross Site Request Forgery (CSRF) vulnerability found in Verytops Verydows all versions that allows an attacker to execute arbitrary code via a crafted script.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31807 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the personal notes function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30085 βΌ
π Read
via "National Vulnerability Database".
Buffer Overflow vulnerability found in Libming swftophp v.0.4.8 allows a local attacker to cause a denial of service via the cws2fws function in util/decompile.c.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31799 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the system annnouncements parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2020-18280 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting vulnerability found in Phodal CMD v.1.0 allows a local attacker to execute arbitrary code via the EMBED SRC function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32066 βΌ
π Read
via "National Vulnerability Database".
Time Tracker is an open source time tracking system. The week view plugin in Time Tracker versions 1.22.11.5782 and prior was not escaping titles for notes in week view table. Because of that, it was possible for a logged in user to enter notes with elements of JavaScript. Such script could then be executed in user browser on subsequent requests to week view. This issue is fixed in version 1.22.12.5783. As a workaround, use `htmlspecialchars` when calling `$field->setTitle` on line #245 in the `week.php` file, as happens in version 1.22.12.5783.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25830 βΌ
π Read
via "National Vulnerability Database".
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victimΓ’β¬β’s browser.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31490 βΌ
π Read
via "National Vulnerability Database".
An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_attr_psid_sub() function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30088 βΌ
π Read
via "National Vulnerability Database".
An issue found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_execute function in mjs.c.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25834 βΌ
π Read
via "National Vulnerability Database".
Changes to user permissions in Portal for ArcGIS 10.9.1 and below are incompletely applied in specific use cases. This issue may allow users to access content that they are no longer privileged to access.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30087 βΌ
π Read
via "National Vulnerability Database".
Buffer Overflow vulnerability found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_mk_string function in mjs.c.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32071 βΌ
π Read
via "National Vulnerability Database".
XWiki Platform is a generic wiki platform. Starting in versions 2.2-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, it's possible to execute javascript with the right of any user by leading him to a special URL on the wiki targeting a page which contains an attachment. This has been patched in XWiki 15.0-rc-1, 14.10.4, and 14.4.8. The easiest possible workaround is to edit file `<xwiki app>/templates/importinline.vm` and apply the modification described in commit 28905f7f518cc6f21ea61fe37e9e1ed97ef36f01.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31801 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skills wheel parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31240 βΌ
π Read
via "National Vulnerability Database".
An issue found in libming v.0.4.8 allows a local attacker to execute arbitrary code via the parseSWF_IMPORTASSETS function in the parser.c file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30083 βΌ
π Read
via "National Vulnerability Database".
Buffer Overflow vulnerability found in Libming swftophp v.0.4.8 allows a local attacker to cause a denial of service via the newVar_N in util/decompile.c.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31802 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skype and linedin_url parameters.π Read
via "National Vulnerability Database".