βΌ CVE-2023-25006 βΌ
π Read
via "National Vulnerability Database".
A malicious actor may convince a user to open a malicious USD file that may trigger a use-after-free vulnerability which could result in code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25007 βΌ
π Read
via "National Vulnerability Database".
A malicious actor may convince a user to open a malicious USD file that may trigger an uninitialized pointer which could result in code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25009 βΌ
π Read
via "National Vulnerability Database".
A malicious actor may convince a user to open a malicious USD file that may trigger an out-of-bounds write vulnerability which could result in code execution.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-32303 βΌ
π Read
via "National Vulnerability Database".
Planet is software that provides satellite data. The secret file stores the user's Planet API authentication information. It should only be accessible by the user, but before version 2.0.1, its permissions allowed the user's group and non-group to read the file as well. This issue was patched in version 2.0.1. As a workaround, set the secret file permissions to only user read/write by hand.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2181 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions before 15.9.8, 15.10.0 before 15.10.7, and 15.11.0 before 15.11.3. A malicious developer could use a git feature called refs/replace to smuggle content into a merge request which would not be visible during review in the UI.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1096 βΌ
π Read
via "National Vulnerability Database".
SnapCenter versions 4.7 prior to 4.7P2 and 4.8 prior to 4.8P1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to gain access as an admin user.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2690 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in SourceCodester Personnel Property Equipment System 1.0. This issue affects some unknown processing of the file admin/returned_reuse_form.php of the component GET Parameter Handler. The manipulation of the argument client_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228971.π Read
via "National Vulnerability Database".
π₯1
βΌ CVE-2023-2691 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in SourceCodester Personnel Property Equipment System 1.0. Affected is an unknown function of the file admin/add_item.php of the component POST Parameter Handler. The manipulation of the argument item_name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228972.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2693 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Online Exam System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /mahasiswa/data of the component POST Parameter Handler. The manipulation of the argument columns[1][data] leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-228974 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2692 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in SourceCodester ICT Laboratory Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file views/room_info.php of the component GET Parameter Handler. The manipulation of the argument name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228973 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2689 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in SourceCodester Billing Management System 1.0. This vulnerability affects unknown code of the file editproduct.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-228970 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2697 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in SourceCodester Online Exam System 1.0. Affected is an unknown function of the file /jurusan/data of the component POST Parameter Handler. The manipulation of the argument columns[1][data] leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-228978 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2699 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in SourceCodester Lost and Found Information System 1.0. Affected by this issue is some unknown functionality of the file admin/?page=items/view_item of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228980.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2698 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in SourceCodester Lost and Found Information System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=items/manage_item of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228979.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-32758 βΌ
π Read
via "National Vulnerability Database".
giturlparse (aka git-url-parse) through 1.2.2, as used in Semgrep through 1.21.0, is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing untrusted URLs. This might be relevant if Semgrep is analyzing an untrusted package (for example, to check whether it accesses any Git repository at an http:// URL), and that package's author placed a ReDoS attack payload in a URL used by the package.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22318 βΌ
π Read
via "National Vulnerability Database".
Denial of service in Webconf in Tribe29 Checkmk Appliance before 1.6.5.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32784 βΌ
π Read
via "National Vulnerability Database".
In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1698 βΌ
π Read
via "National Vulnerability Database".
In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.π Read
via "National Vulnerability Database".
π’ VMwareβs ESXi security issues spur new ransomware gang into action π’
π Read
via "ITPro".
The popularity of ESXi combined with a lack of security tools makes it an βattractive targetβ for threat actors π Read
via "ITPro".
ITPro
VMwareβs ESXi security issues spur new ransomware gang into action
The popularity of ESXi combined with a lack of security tools makes it an βattractive targetβ for threat actors
βΌ CVE-2023-23449 βΌ
π Read
via "National Vulnerability Database".
Observable Response Discrepancy in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attackerto gain information about valid usernames by analyzing challenge responses from the server via theREST interface.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47387 βΌ
π Read
via "National Vulnerability Database".
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can leadΓ to a denial-of-service condition, memory overwriting, or remote code execution.π Read
via "National Vulnerability Database".