‼ CVE-2023-30506 ‼
📖 Read
via "National Vulnerability Database".
Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2633 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Code Dx Plugin 3.1.0 and earlier does not mask Code Dx server API keys displayed on the configuration form, increasing the potential for attackers to observe and capture them.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30504 ‼
📖 Read
via "National Vulnerability Database".
Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2726 ‼
📖 Read
via "National Vulnerability Database".
Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML page. (Chromium security severity: Medium)📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30507 ‼
📖 Read
via "National Vulnerability Database".
Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2723 ‼
📖 Read
via "National Vulnerability Database".
Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2725 ‼
📖 Read
via "National Vulnerability Database".
Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30501 ‼
📖 Read
via "National Vulnerability Database".
Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30502 ‼
📖 Read
via "National Vulnerability Database".
Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2631 ‼
📖 Read
via "National Vulnerability Database".
A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30510 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability exists in the Aruba EdgeConnect Enterprise web management interface that allows remote authenticated users to issue arbitrary URL requests from the Aruba EdgeConnect Enterprise instance. The impact of this vulnerability is limited to a subset of URLs which can result in the possible disclosure of data due to the network position of the Aruba EdgeConnect Enterprise instance.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2722 ‼
📖 Read
via "National Vulnerability Database".
Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30508 ‼
📖 Read
via "National Vulnerability Database".
Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2195 ‼
📖 Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) vulnerability in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2724 ‼
📖 Read
via "National Vulnerability Database".
Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2721 ‼
📖 Read
via "National Vulnerability Database".
Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30509 ‼
📖 Read
via "National Vulnerability Database".
Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2632 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30503 ‼
📖 Read
via "National Vulnerability Database".
Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30505 ‼
📖 Read
via "National Vulnerability Database".
Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.📖 Read
via "National Vulnerability Database".
🕴 XM Cyber Announces Partnership With SAP to Deliver Robust Security for Hybrid Environments 🕴
📖 Read
via "Dark Reading".
Partnership will provide SAP customers with comprehensive exposure management capabilities and in-depth visibility of attack surfaces.📖 Read
via "Dark Reading".
Dark Reading
XM Cyber Announces Partnership With SAP to Deliver Robust Security for Hybrid Environments
Partnership will provide SAP customers with comprehensive exposure management capabilities and in-depth visibility of attack surfaces.