โผ CVE-2023-30768 โผ
๐ Read
via "National Vulnerability Database".
Improper access control in the Intel(R) Server Board S2600WTT belonging to the Intel(R) Server Board S2600WT Family with the BIOS version 0016 may allow a privileged user to potentially enable escalation of privilege via local access.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-29242 โผ
๐ Read
via "National Vulnerability Database".
Improper access control for Intel(R) oneAPI Toolkits before version 2021.1 Beta 10 may allow an authenticated user to potentially enable escalation of privilege via local access.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-31197 โผ
๐ Read
via "National Vulnerability Database".
Uncontrolled search path in the Intel(R) Trace Analyzer and Collector before version 2020 update 3 may allow an authenticated user to potentially enable escalation of privilege via local access.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-31922 โผ
๐ Read
via "National Vulnerability Database".
QuickJS commit 2788d71 was discovered to contain a stack-overflow via the component js_proxy_isArray at quickjs.c.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-31199 โผ
๐ Read
via "National Vulnerability Database".
Improper access control in the Intel(R) Solid State Drive Toolbox(TM) before version 3.4.5 may allow a privileged user to potentially enable escalation of privilege via local access.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-27823 โผ
๐ Read
via "National Vulnerability Database".
An authentication bypass in Optoma 1080PSTX C02 allows an attacker to access the administration console without valid credentials.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-31914 โผ
๐ Read
via "National Vulnerability Database".
Jerryscript 3.0 (commit 05dbbd1) was discovered to contain out-of-memory issue in malloc.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-47880 โผ
๐ Read
via "National Vulnerability Database".
An Information disclosure vulnerability in /be/rpc.php in Jedox GmbH Jedox 2020.2.5 allow remote, authenticated users with permissions to modify database connections to disclose a connections' cleartext password via the 'test connection' function.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-30763 โผ
๐ Read
via "National Vulnerability Database".
Heap-based overflow in Intel(R) SoC Watch based software before version 2021.1 may allow a privileged user to potentially enable escalation of privilege via local access.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-31918 โผ
๐ Read
via "National Vulnerability Database".
Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertion Failure via the parser_parse_function_arguments at jerry-core/parser/js/js-parser.c.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-1934 โผ
๐ Read
via "National Vulnerability Database".
The PnPSCADA system, a product of SDG Technologies CC, is afflicted by a critical unauthenticated error-based PostgreSQL Injection vulnerability. Present within the hitlogcsv.jsp endpoint, this security flaw permits unauthenticated attackers to engage with the underlying database seamlessly and passively. Consequently, malicious actors could gain access to vital information, such as Industrial Control System (ICS) and OT data, alongside other sensitive records like SMS and SMS Logs. The unauthorized database access exposes compromised systems to potential manipulation or breach of essential infrastructure data, highlighting the severity of this vulnerability.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-31920 โผ
๐ Read
via "National Vulnerability Database".
Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the vm_loop at jerry-core/vm/vm.c.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-23867 โผ
๐ Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Gautam Thapar Button Builder รขโฌโ Buttons X plugin <=ร 0.8.6 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-31921 โผ
๐ Read
via "National Vulnerability Database".
Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the ecma_big_uint_div_mod at jerry-core/ecma/operations/ecma-big-uint.c.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-32081 โผ
๐ Read
via "National Vulnerability Database".
Vert.x STOMP is a vert.x implementation of the STOMP specification that provides a STOMP server and client. From versions 3.1.0 until 3.9.16 and 4.0.0 until 4.4.2, a Vert.x STOMP server processes client STOMP frames without checking that the client send an initial CONNECT frame replied with a successful CONNECTED frame. The client can subscribe to a destination or publish message without prior authentication. Any Vert.x STOMP server configured with an authentication handler is impacted. The issue is patched in Vert.x 3.9.16 and 4.4.2. There are no trivial workarounds.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-47879 โผ
๐ Read
via "National Vulnerability Database".
A Remote Code Execution (RCE) vulnerability in /be/rpc.php in Jedox 2020.2.5 allows remote authenticated users to load arbitrary PHP classes from the 'rtn' directory and execute its methods.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-31913 โผ
๐ Read
via "National Vulnerability Database".
Jerryscript 3.0 *commit 1a2c047) was discovered to contain an Assertion Failure via the component parser_parse_class at jerry-core/parser/js/js-parser-expr.c.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-31916 โผ
๐ Read
via "National Vulnerability Database".
Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertion Failure via the jmem_heap_finalize at jerry-core/jmem/jmem-heap.c.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-32073 โผ
๐ Read
via "National Vulnerability Database".
WWBN AVideo is an open source video platform. In versions 12.4 and prior, a command injection vulnerability exists at `plugin/CloneSite/cloneClient.json.php` which allows Remote Code Execution if you CloneSite Plugin. This is a bypass to the fix for CVE-2023-30854, which affects WWBN AVideo up to version 12.3. This issue is patched in commit 1df4af01f80d56ff2c4c43b89d0bac151e7fb6e3.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-31919 โผ
๐ Read
via "National Vulnerability Database".
Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the jcontext_raise_exception at jerry-core/jcontext/jcontext.c.๐ Read
via "National Vulnerability Database".
โ Whodunnit? Cybercrook gets 6 years for ransoming his own employer โ
๐ Read
via "Naked Security".
Not just an active adversary, but a two-faced one, too.๐ Read
via "Naked Security".
Naked Security
Whodunnit? Cybercrook gets 6 years for ransoming his own employer
Not just an active adversary, but a two-faced one, too.