βΌ CVE-2023-31161 βΌ
π Read
via "National Vulnerability Database".
AnΓ Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow an authenticated remote attacker to use internal resources, allowing a variety of potential effects.See SEL Service Bulletin dated 2022-11-15 for more details.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31154 βΌ
π Read
via "National Vulnerability Database".
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.See SEL Service Bulletin dated 2022-11-15 for more details.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31156 βΌ
π Read
via "National Vulnerability Database".
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.See SEL Service Bulletin dated 2022-11-15 for more details.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31158 βΌ
π Read
via "National Vulnerability Database".
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.See SEL Service Bulletin dated 2022-11-15 for more details.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31165 βΌ
π Read
via "National Vulnerability Database".
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.See SEL Service Bulletin dated 2022-11-15 for more details.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31166 βΌ
π Read
via "National Vulnerability Database".
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to create folders in arbitrary paths of the file system.See SEL Service Bulletin dated 2022-11-15 for more details.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45345 βΌ
π Read
via "National Vulnerability Database".
Buffer Overflow vulnerability found in En3rgy WebcamServer v.0.5.2 allows a remote attacker to cause a denial of service via the WebcamServer.exe file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31159 βΌ
π Read
via "National Vulnerability Database".
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.See SEL Service Bulletin dated 2022-11-15 for more details.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31163 βΌ
π Read
via "National Vulnerability Database".
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.See SEL Service Bulletin dated 2022-11-15 for more details.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31151 βΌ
π Read
via "National Vulnerability Database".
An Improper Certificate Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interfacecould allow a remote unauthenticated attacker to conduct a man-in-the-middle (MitM) attack.See SEL Service Bulletin dated 2022-11-15 for more details.π Read
via "National Vulnerability Database".
π΄ Coalfire Compliance Report Unveils the Next Horizon in Compliance π΄
π Read
via "Dark Reading".
Compliance automation now mission critical to managing and monetizing multiple frameworks.π Read
via "Dark Reading".
Dark Reading
Coalfire Compliance Report Unveils the Next Horizon in Compliance
Compliance automation now mission critical to managing and monetizing multiple frameworks.
βΌ CVE-2022-29841 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerabilityΓ that was caused by a command that read files from a privileged location and created a system command without sanitizing the read data. This command could be triggered by an attacker remotely to cause code execution and gain a reverse shellΓ in Western Digital My Cloud OS 5 devices.This issue affects My Cloud OS 5: before 5.26.119.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29840 βΌ
π Read
via "National Vulnerability Database".
Server-Side Request Forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices. This could allow the URL to exploit other vulnerabilities on the local server.This issue affects My Cloud OS 5 devices before 5.26.202.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29986 βΌ
π Read
via "National Vulnerability Database".
spring-boot-actuator-logview 0.2.13 allows Directory Traversal to sibling directories via LogViewEndpoint.view.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31442 βΌ
π Read
via "National Vulnerability Database".
In Lightbend Akka before 2.8.1, the async-dns resolver (used by Discovery in DNS mode and transitively by Cluster Bootstrap) uses predictable DNS transaction IDs when resolving DNS records, making DNS resolution subject to poisoning by an attacker. If the application performing discovery does not validate (e.g., via TLS) the authenticity of the discovered service, this may result in exfiltration of application data (e.g., persistence events may be published to an unintended Kafka broker). If such validation is performed, then the poisoning constitutes a denial of access to the intended service. This affects Akka 2.5.14 through 2.8.0, and Akka Discovery through 2.8.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30172 βΌ
π Read
via "National Vulnerability Database".
A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31477 βΌ
π Read
via "National Vulnerability Database".
A path traversal issue was discovered on GL.iNet devices before 3.216. Through the file sharing feature, it is possible to share an arbitrary directory, such as /tmp or /etc, because there is no server-side restriction to limit sharing to the USB path.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32668 βΌ
π Read
via "National Vulnerability Database".
LuaTeX before 1.17.0 enables the socket library by default.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2644 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in DigitalPersona FPSensor 1.0.0.1. This issue affects some unknown processing of the file C:\Program Files (x86)\FPSensor\bin\DpHost.exe. The manipulation leads to unquoted search path. Attacking locally is a requirement. The identifier VDB-228773 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2641 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Online Internship Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file admin/login.php of the component POST Parameter Handler. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-228770 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2648 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228777 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".