‼ CVE-2023-20879 ‼
📖 Read
via "National Vulnerability Database".
VMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-20877 ‼
📖 Read
via "National Vulnerability Database".
VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25008 ‼
📖 Read
via "National Vulnerability Database".
A malicious actor may convince a user to open a malicious USD file that may trigger an out-of-bounds read vulnerability which could result in code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2088 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25006 ‼
📖 Read
via "National Vulnerability Database".
A malicious actor may convince a user to open a malicious USD file that may trigger a use-after-free vulnerability which could result in code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25007 ‼
📖 Read
via "National Vulnerability Database".
A malicious actor may convince a user to open a malicious USD file that may trigger an uninitialized pointer which could result in code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25009 ‼
📖 Read
via "National Vulnerability Database".
A malicious actor may convince a user to open a malicious USD file that may trigger an out-of-bounds write vulnerability which could result in code execution.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2023-32303 ‼
📖 Read
via "National Vulnerability Database".
Planet is software that provides satellite data. The secret file stores the user's Planet API authentication information. It should only be accessible by the user, but before version 2.0.1, its permissions allowed the user's group and non-group to read the file as well. This issue was patched in version 2.0.1. As a workaround, set the secret file permissions to only user read/write by hand.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2181 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions before 15.9.8, 15.10.0 before 15.10.7, and 15.11.0 before 15.11.3. A malicious developer could use a git feature called refs/replace to smuggle content into a merge request which would not be visible during review in the UI.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1096 ‼
📖 Read
via "National Vulnerability Database".
SnapCenter versions 4.7 prior to 4.7P2 and 4.8 prior to 4.8P1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to gain access as an admin user.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2690 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in SourceCodester Personnel Property Equipment System 1.0. This issue affects some unknown processing of the file admin/returned_reuse_form.php of the component GET Parameter Handler. The manipulation of the argument client_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228971.📖 Read
via "National Vulnerability Database".
🔥1
‼ CVE-2023-2691 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in SourceCodester Personnel Property Equipment System 1.0. Affected is an unknown function of the file admin/add_item.php of the component POST Parameter Handler. The manipulation of the argument item_name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228972.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2693 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Online Exam System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /mahasiswa/data of the component POST Parameter Handler. The manipulation of the argument columns[1][data] leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-228974 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2692 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been found in SourceCodester ICT Laboratory Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file views/room_info.php of the component GET Parameter Handler. The manipulation of the argument name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228973 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2689 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in SourceCodester Billing Management System 1.0. This vulnerability affects unknown code of the file editproduct.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-228970 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2697 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in SourceCodester Online Exam System 1.0. Affected is an unknown function of the file /jurusan/data of the component POST Parameter Handler. The manipulation of the argument columns[1][data] leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-228978 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2699 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in SourceCodester Lost and Found Information System 1.0. Affected by this issue is some unknown functionality of the file admin/?page=items/view_item of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228980.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2698 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in SourceCodester Lost and Found Information System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=items/manage_item of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228979.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2023-32758 ‼
📖 Read
via "National Vulnerability Database".
giturlparse (aka git-url-parse) through 1.2.2, as used in Semgrep through 1.21.0, is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing untrusted URLs. This might be relevant if Semgrep is analyzing an untrusted package (for example, to check whether it accesses any Git repository at an http:// URL), and that package's author placed a ReDoS attack payload in a URL used by the package.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22318 ‼
📖 Read
via "National Vulnerability Database".
Denial of service in Webconf in Tribe29 Checkmk Appliance before 1.6.5.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32784 ‼
📖 Read
via "National Vulnerability Database".
In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation.📖 Read
via "National Vulnerability Database".