βΌ CVE-2021-46792 βΌ
π Read
via "National Vulnerability Database".
Time-of-check Time-of-use (TOCTOU) in theBIOS2PSP command may allow an attacker with a malicious BIOS to create a racecondition causing the ASP bootloader to perform out-of-bounds SRAM reads uponan S3 resume event potentially leading to a denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30057 βΌ
π Read
via "National Vulnerability Database".
Multiple stored cross-site scripting (XSS) vulnerabilities in FICO Origination Manager Decision Module 4.8.1 allow attackers to execute arbitrary web scripts or HTML via a crafted payload.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30056 βΌ
π Read
via "National Vulnerability Database".
A session takeover vulnerability exists in FICO Origination Manager Decision Module 4.8.1 due to insufficient protection of the JSESSIONID cookie.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46794 βΌ
π Read
via "National Vulnerability Database".
Insufficient bounds checking in ASP (AMD SecureProcessor) may allow for an out of bounds read in SMI (System ManagementInterface) mailbox checksum calculation triggering a data abort, resulting in apotential denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46756 βΌ
π Read
via "National Vulnerability Database".
Insufficient validation of inputs inSVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow anattacker with a malicious Uapp or ABL to send malformed or invalid syscall tothe bootloader resulting in a potential denial of service and loss ofintegrity.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46773 βΌ
π Read
via "National Vulnerability Database".
Insufficient input validation in ABL may enablea privileged attacker to corrupt ASP memory, potentially resulting in a loss ofintegrity or code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46765 βΌ
π Read
via "National Vulnerability Database".
Insufficient input validation in ASP may allowan attacker with a compromised SMM to induce out-of-bounds memory reads withinthe ASP, potentially leading to a denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25832 βΌ
π Read
via "National Vulnerability Database".
There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.0 and below that may allow an attacker to trick an authorized user into executing unwanted actions.Γ π Read
via "National Vulnerability Database".
βΌ CVE-2023-25831 βΌ
π Read
via "National Vulnerability Database".
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victimΓ’β¬β’s browser.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28126 βΌ
π Read
via "National Vulnerability Database".
An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to gain access by exploiting the SetUser method or can exploit the Race Condition in the authentication message.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28316 βΌ
π Read
via "National Vulnerability Database".
A security vulnerability has been discovered in the implementation of 2FA on the rocket.chat platform, where other active sessions are not invalidated upon activating 2FA. This could potentially allow an attacker to maintain access to a compromised account even after 2FA is enabled.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28318 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been discovered in Rocket.Chat, where messages can be hidden regardless of the Message_KeepHistory or Message_ShowDeletedStatus server configuration. This allows users to bypass the intended message deletion behavior, hiding messages and deletion notices.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2610 βΌ
π Read
via "National Vulnerability Database".
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28317 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been discovered in Rocket.Chat, where editing messages can change the original timestamp, causing the UI to display messages in an incorrect order.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2156 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the system.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28128 βΌ
π Read
via "National Vulnerability Database".
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28125 βΌ
π Read
via "National Vulnerability Database".
An improper authentication vulnerability exists in Avalanche Premise versions 6.3.x and below that could allow an attacker to gain access to the server by registering to receive messages from the server and perform an authentication bypass.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31478 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and key.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28127 βΌ
π Read
via "National Vulnerability Database".
A path traversal vulnerability exists in Avalanche version 6.3.x and below that when exploited could result in possible information disclosure.π Read
via "National Vulnerability Database".
βοΈ Microsoft Patch Tuesday, May 2023 Edition βοΈ
π Read
via "Krebs on Security".
Microsoft today released software updates to fix at least four dozen security holes in its Windows operating systems and other software, including patches for two zero-day vulnerabilities that are already being exploited in active attacks.π Read
via "Krebs on Security".
Krebs on Security
Microsoft Patch Tuesday, May 2023 Edition
Microsoft today released software updates to fix at least four dozen security holes in its Windows operating systems and other software, including patches for two zero-day vulnerabilities that are already being exploited in active attacks.
βΌ CVE-2023-25833 βΌ
π Read
via "National Vulnerability Database".
There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victimΓ’β¬β’s browser (no stateful change made or customer data rendered).π Read
via "National Vulnerability Database".