βΌ CVE-2023-21102 βΌ
π Read
via "National Vulnerability Database".
In __efi_rt_asm_wrapper of efi-rt-wrapper.S, there is a possible bypass of shadow stack protection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-260821414References: Upstream kernelπ Read
via "National Vulnerability Database".
βΌ CVE-2023-21106 βΌ
π Read
via "National Vulnerability Database".
In adreno_set_param of adreno_gpu.c, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-265016072References: Upstream kernelπ Read
via "National Vulnerability Database".
βΌ CVE-2023-20695 βΌ
π Read
via "National Vulnerability Database".
In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07734012 / ALPS07874363 (For MT6880, MT6890, MT6980 and MT6990 only); Issue ID: ALPS07734012 / ALPS07874363 (For MT6880, MT6890, MT6980 and MT6990 only).π Read
via "National Vulnerability Database".
βΌ CVE-2023-20717 βΌ
π Read
via "National Vulnerability Database".
In vcu, there is a possible leak of dma buffer due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645185; Issue ID: ALPS07645185.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21118 βΌ
π Read
via "National Vulnerability Database".
In unflattenString8 of Sensor.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-269014004π Read
via "National Vulnerability Database".
βΌ CVE-2023-21104 βΌ
π Read
via "National Vulnerability Database".
In applySyncTransaction of WindowOrganizer.java, a missing permission check could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-259938771π Read
via "National Vulnerability Database".
βΌ CVE-2023-20707 βΌ
π Read
via "National Vulnerability Database".
In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628556; Issue ID: ALPS07628556.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20704 βΌ
π Read
via "National Vulnerability Database".
In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767826; Issue ID: ALPS07767826.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2708 βΌ
π Read
via "National Vulnerability Database".
The Video Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the Γ’β¬Λsearch_termΓ’β¬β’ parameter in versions up to, and including, 1.0.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2710 βΌ
π Read
via "National Vulnerability Database".
The video carousel slider with lightbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.0.22 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-29961 βΌ
π Read
via "National Vulnerability Database".
D-Link DIR-605L firmware version 1.17B01 BETA is vulnerable to stack overflow via /goform/formTcpipSetup,π Read
via "National Vulnerability Database".
βΌ CVE-2023-23709 βΌ
π Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Denis WPJAM Basic plugin <=Γ 6.2.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23703 βΌ
π Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Tyche Softwares Arconix Shortcodes plugin <=Γ 2.1.7 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23657 βΌ
π Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Richard Leishman t/a Webforward Mail Subscribe List plugin <=Γ 2.1.9 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23720 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NetReviews SAS Verified Reviews (Avis VΓΒ©rifiΓΒ©s) plugin <=Γ 2.3.13 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23641 βΌ
π Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WPmanage Uji Popup plugin <=Γ 1.4.3 versions.π Read
via "National Vulnerability Database".
π’ Is the new .zip top-level domain a cyber security risk? π’
π Read
via "ITPro".
While some experts have branded the new domain βunnecessaryβ, others dispute its usefulness for attacks π Read
via "ITPro".
Cloud Pro
Is the new .zip top-level domain a cyber security risk?
While some experts have branded the new domain βunnecessaryβ, others dispute its usefulness for attacks
βοΈ Re-Victimization from Police-Auctioned Cell Phones βοΈ
π Read
via "Krebs on Security".
Countless smartphones seized in arrests and searches by police forces across the United States are being auctioned online without first having the data on them erased, a practice that can lead to crime victims being re-victimized, a new study found. In response, the largest online marketplace for items seized in U.S. law enforcement investigations says it now ensures that all phones sold through its platform will be data-wiped prior to auction.π Read
via "Krebs on Security".
Krebs on Security
Re-Victimization from Police-Auctioned Cell Phones
Countless smartphones seized in arrests and searches by police forces across the United States are being auctioned online without first having the data on them erased, a practice that can lead to crime victims being re-victimized, a new study found.β¦
π΄ 4 Big Mistakes to Avoid in OT Incident Response π΄
π Read
via "Dark Reading".
What works in IT may not in an operational technology/industrial control systems environment where availability and safety of operations must be maintained.π Read
via "Dark Reading".
Dark Reading
4 Big Mistakes to Avoid in OT Incident Response
What works in IT may not in an operational technology/industrial control systems environment where availability and safety of operations must be maintained.
βΌ CVE-2023-2730 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.π Read
via "National Vulnerability Database".
π΄ Severe RCE Bugs Open Thousands of Industrial IoT Devices to Cyberattack π΄
π Read
via "Dark Reading".
Researchers found 11 vulnerabilities in products from three industrial cellular router vendors that attackers can exploit through various vectors, bypassing all security layers.π Read
via "Dark Reading".
Dark Reading
Severe RCE Bugs Open Thousands of Industrial IoT Devices to Cyberattack
Researchers found 11 vulnerabilities in products from three industrial cellular router vendors that attackers can exploit through various vectors, bypassing all security layers.