βΌ CVE-2023-25832 βΌ
π Read
via "National Vulnerability Database".
There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.0 and below that may allow an attacker to trick an authorized user into executing unwanted actions.Γ π Read
via "National Vulnerability Database".
βΌ CVE-2023-25831 βΌ
π Read
via "National Vulnerability Database".
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victimΓ’β¬β’s browser.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28126 βΌ
π Read
via "National Vulnerability Database".
An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to gain access by exploiting the SetUser method or can exploit the Race Condition in the authentication message.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28316 βΌ
π Read
via "National Vulnerability Database".
A security vulnerability has been discovered in the implementation of 2FA on the rocket.chat platform, where other active sessions are not invalidated upon activating 2FA. This could potentially allow an attacker to maintain access to a compromised account even after 2FA is enabled.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28318 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been discovered in Rocket.Chat, where messages can be hidden regardless of the Message_KeepHistory or Message_ShowDeletedStatus server configuration. This allows users to bypass the intended message deletion behavior, hiding messages and deletion notices.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2610 βΌ
π Read
via "National Vulnerability Database".
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28317 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been discovered in Rocket.Chat, where editing messages can change the original timestamp, causing the UI to display messages in an incorrect order.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2156 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the system.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28128 βΌ
π Read
via "National Vulnerability Database".
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28125 βΌ
π Read
via "National Vulnerability Database".
An improper authentication vulnerability exists in Avalanche Premise versions 6.3.x and below that could allow an attacker to gain access to the server by registering to receive messages from the server and perform an authentication bypass.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31478 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and key.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28127 βΌ
π Read
via "National Vulnerability Database".
A path traversal vulnerability exists in Avalanche version 6.3.x and below that when exploited could result in possible information disclosure.π Read
via "National Vulnerability Database".
βοΈ Microsoft Patch Tuesday, May 2023 Edition βοΈ
π Read
via "Krebs on Security".
Microsoft today released software updates to fix at least four dozen security holes in its Windows operating systems and other software, including patches for two zero-day vulnerabilities that are already being exploited in active attacks.π Read
via "Krebs on Security".
Krebs on Security
Microsoft Patch Tuesday, May 2023 Edition
Microsoft today released software updates to fix at least four dozen security holes in its Windows operating systems and other software, including patches for two zero-day vulnerabilities that are already being exploited in active attacks.
βΌ CVE-2023-25833 βΌ
π Read
via "National Vulnerability Database".
There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victimΓ’β¬β’s browser (no stateful change made or customer data rendered).π Read
via "National Vulnerability Database".
βΌ CVE-2022-36330 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow vulnerability was discovered on firmware version validation that could lead to an unauthenticated remote code executionΓ in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices. An attacker would require exploitation of another vulnerability to raise their privileges in order to exploit this buffer overflow vulnerability.This issue affects My Cloud Home and My Cloud Home Duo: through 9.4.0-191; ibi: through 9.4.0-191.Γ π Read
via "National Vulnerability Database".
βΌ CVE-2023-30777 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Engine Advanced Custom Fields Pro, WP Engine Advanced Custom Fields plugins <=Γ 6.1.5 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22361 βΌ
π Read
via "National Vulnerability Database".
Improper privilege management vulnerability in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier allows a remote authenticated attacker to alter a WebUI password of the product.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27385 βΌ
π Read
via "National Vulnerability Database".
Heap-based buffer overflow vulnerability exists in CX-Drive All models V3.01 and earlier. By having a user open a specially crafted SDD file, arbitrary code may be executed and/or information may be disclosed.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32570 βΌ
π Read
via "National Vulnerability Database".
VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24392 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Full Width Banner Slider Wp plugin <=Γ 1.1.7 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27889 βΌ
π Read
via "National Vulnerability Database".
Cross-site request forgery (CSRF) vulnerability in LIQUID SPEECH BALLOON versions prior to 1.2 allows a remote unauthenticated attacker to hijack the authentication of a user and to perform unintended operations by having a user view a malicious page.π Read
via "National Vulnerability Database".