‼ CVE-2023-32306 ‼
📖 Read
via "National Vulnerability Database".
Time Tracker is an open source time tracking system. A time-based blind injection vulnerability existed in Time Tracker reports in versions prior to 1.22.13.5792. This was happening because the `reports.php` page was not validating all parameters in POST requests. Because some parameters were not checked, it was possible to craft POST requests with malicious SQL for Time Tracker database. This issue is fixed in version 1.22.13.5792. As a workaround, use the fixed code in `ttReportHelper.class.php` from version 1.22.13.5792.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32305 ‼
📖 Read
via "National Vulnerability Database".
aiven-extras is a PostgreSQL extension. Versions prior to 1.1.9 contain a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages missing schema qualifiers on privileged functions called by the aiven-extras extension. A low privileged user can create objects that collide with existing function names, which will then be executed instead. Exploiting this vulnerability could allow a low privileged user to acquire `superuser` privileges, which would allow full, unrestricted access to all data and database functions. And could lead to arbitrary code execution or data access on the underlying host as the `postgres` user. The issue has been patched as of version 1.1.9.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30247 ‼
📖 Read
via "National Vulnerability Database".
File Upload vulnerability found in Oretnom23 Storage Unit Rental Management System v.1.0 allows a remote attacker to execute arbitrary code via the update_settings parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25927 ‼
📖 Read
via "National Vulnerability Database".
IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and 10.0.5 could allow an attacker to crash the webseald process using specially crafted HTTP requests resulting in loss of access to the system. IBM X-Force ID: 247635.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27863 ‼
📖 Read
via "National Vulnerability Database".
IBM Spectrum Protect Plus Server 10.1.13, under specific configurations, could allow an elevated user to obtain SMB credentials that may be used to access vSnap data stores. IBM X-Force ID: 249325.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2458 ‼
📖 Read
via "National Vulnerability Database".
Use after free in ChromeOS Camera in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: High)📖 Read
via "National Vulnerability Database".
🕴 WordPress Plugin Used in 1M+ Websites Patched to Close Critical Bug 🕴
📖 Read
via "Dark Reading".
The privilege escalation flaw is one in thousands that researchers have disclosed in recent years.📖 Read
via "Dark Reading".
Dark Reading
WordPress Plug-in Used in 1M+ Websites Patched to Close Critical Bug
The privilege escalation flaw is one in thousands that researchers have disclosed in recent years.
‼ CVE-2023-20880 ‼
📖 Read
via "National Vulnerability Database".
VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25005 ‼
📖 Read
via "National Vulnerability Database".
A maliciously crafted DLL file can be forced to read beyond allocated boundaries in Autodesk InfraWorks 2023, and 2021 when parsing the DLL files could lead to a resource injection vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-20878 ‼
📖 Read
via "National Vulnerability Database".
VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-20879 ‼
📖 Read
via "National Vulnerability Database".
VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-20877 ‼
📖 Read
via "National Vulnerability Database".
VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25008 ‼
📖 Read
via "National Vulnerability Database".
A malicious actor may convince a user to open a malicious USD file that may trigger an out-of-bounds read vulnerability which could result in code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2088 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25006 ‼
📖 Read
via "National Vulnerability Database".
A malicious actor may convince a user to open a malicious USD file that may trigger a use-after-free vulnerability which could result in code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25007 ‼
📖 Read
via "National Vulnerability Database".
A malicious actor may convince a user to open a malicious USD file that may trigger an uninitialized pointer which could result in code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25009 ‼
📖 Read
via "National Vulnerability Database".
A malicious actor may convince a user to open a malicious USD file that may trigger an out-of-bounds write vulnerability which could result in code execution.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2023-32303 ‼
📖 Read
via "National Vulnerability Database".
Planet is software that provides satellite data. The secret file stores the user's Planet API authentication information. It should only be accessible by the user, but before version 2.0.1, its permissions allowed the user's group and non-group to read the file as well. This issue was patched in version 2.0.1. As a workaround, set the secret file permissions to only user read/write by hand.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2181 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions before 15.9.8, 15.10.0 before 15.10.7, and 15.11.0 before 15.11.3. A malicious developer could use a git feature called refs/replace to smuggle content into a merge request which would not be visible during review in the UI.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1096 ‼
📖 Read
via "National Vulnerability Database".
SnapCenter versions 4.7 prior to 4.7P2 and 4.8 prior to 4.8P1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to gain access as an admin user.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2690 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in SourceCodester Personnel Property Equipment System 1.0. This issue affects some unknown processing of the file admin/returned_reuse_form.php of the component GET Parameter Handler. The manipulation of the argument client_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228971.📖 Read
via "National Vulnerability Database".
🔥1