βΌ CVE-2023-2697 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in SourceCodester Online Exam System 1.0. Affected is an unknown function of the file /jurusan/data of the component POST Parameter Handler. The manipulation of the argument columns[1][data] leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-228978 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2699 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in SourceCodester Lost and Found Information System 1.0. Affected by this issue is some unknown functionality of the file admin/?page=items/view_item of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228980.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2698 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in SourceCodester Lost and Found Information System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=items/manage_item of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228979.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-32758 βΌ
π Read
via "National Vulnerability Database".
giturlparse (aka git-url-parse) through 1.2.2, as used in Semgrep through 1.21.0, is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing untrusted URLs. This might be relevant if Semgrep is analyzing an untrusted package (for example, to check whether it accesses any Git repository at an http:// URL), and that package's author placed a ReDoS attack payload in a URL used by the package.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22318 βΌ
π Read
via "National Vulnerability Database".
Denial of service in Webconf in Tribe29 Checkmk Appliance before 1.6.5.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32784 βΌ
π Read
via "National Vulnerability Database".
In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1698 βΌ
π Read
via "National Vulnerability Database".
In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.π Read
via "National Vulnerability Database".
π’ VMwareβs ESXi security issues spur new ransomware gang into action π’
π Read
via "ITPro".
The popularity of ESXi combined with a lack of security tools makes it an βattractive targetβ for threat actors π Read
via "ITPro".
ITPro
VMwareβs ESXi security issues spur new ransomware gang into action
The popularity of ESXi combined with a lack of security tools makes it an βattractive targetβ for threat actors
βΌ CVE-2023-23449 βΌ
π Read
via "National Vulnerability Database".
Observable Response Discrepancy in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attackerto gain information about valid usernames by analyzing challenge responses from the server via theREST interface.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47387 βΌ
π Read
via "National Vulnerability Database".
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can leadΓ to a denial-of-service condition, memory overwriting, or remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23447 βΌ
π Read
via "National Vulnerability Database".
Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivilegedremote attacker to influence the availability of the webserver by invocing several open file requests viathe REST interface.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47378 βΌ
π Read
via "National Vulnerability Database".
Multiple CODESYS products in multiple versions are prone to a improper input validation vulnerability. An authenticated remote attacker may craft specific requests that use the vulnerability leading to a denial-of-service condition.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22508 βΌ
π Read
via "National Vulnerability Database".
Improper Input Validation vulnerability in multiple CODESYS V3 products allows an authenticated remote attacker to block consecutive logins of a specific type.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23448 βΌ
π Read
via "National Vulnerability Database".
Inclusion of Sensitive Information in Source Code in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows aremote attacker to gain information about valid usernames via analysis of source code.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31409 βΌ
π Read
via "National Vulnerability Database".
Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an remote attacker to influence the availability of the webserver by invocing a Slowloris style attack via HTTP requests.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22684 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Subscribers.Com Subscribers plugin <=Γ 1.5.3 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47390 βΌ
π Read
via "National Vulnerability Database".
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can leadΓ to a denial-of-service condition, memory overwriting, or remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47393 βΌ
π Read
via "National Vulnerability Database".
An authenticated, remote attacker may use a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple versions of multiple CODESYS products to force a denial-of-service situation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23445 βΌ
π Read
via "National Vulnerability Database".
Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remoteattacker to gain unauthorized access to data fields by using a therefore unpriviledged account via theREST interface.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47388 βΌ
π Read
via "National Vulnerability Database".
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can leadΓ to a denial-of-service condition, memory overwriting, or remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47385 βΌ
π Read
via "National Vulnerability Database".
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpAppForce Component of multiple CODESYS products in multiple versions to write data into the stack which can leadΓ to a denial-of-service condition, memory overwriting, or remote code execution.π Read
via "National Vulnerability Database".