βΌ CVE-2023-32097 βΌ
π Read
via "National Vulnerability Database".
Compiler removal of buffer clearing in sli_crypto_transparent_aead_decrypt_tag in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32098 βΌ
π Read
via "National Vulnerability Database".
Compiler removal of buffer clearing in sli_se_sign_message in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31597 βΌ
π Read
via "National Vulnerability Database".
An issue in Zammad v5.4.0 allows attackers to bypass e-mail verification using an arbitrary address and manipulate the data of the generated user. Attackers are also able to gain unauthorized access to existing tickets.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1132 βΌ
π Read
via "National Vulnerability Database".
Compiler removal of buffer clearing in sli_se_driver_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32100 βΌ
π Read
via "National Vulnerability Database".
Compiler removal of buffer clearing in sli_se_driver_mac_computein Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32096 βΌ
π Read
via "National Vulnerability Database".
Compiler removal of buffer clearing in sli_crypto_transparent_aead_encrypt_tag in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30333 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the component /admin/ThemeController.java of PerfreeBlog v3.1.2 allows attackers to execute arbitrary code via a crafted file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2481 βΌ
π Read
via "National Vulnerability Database".
Compiler removal of buffer clearing in sli_se_opaque_import_key in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0965 βΌ
π Read
via "National Vulnerability Database".
Compiler removal of buffer clearing in sli_cryptoacc_transparent_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36326 βΌ
π Read
via "National Vulnerability Database".
An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. This issue requires the attacker to already have root privileges in order to exploit this vulnerability.This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191; My Cloud OS 5: before 5.26.202.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36328 βΌ
π Read
via "National Vulnerability Database".
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an attacker to create arbitrary shares on arbitrary directories and exfiltrate sensitive files, passwords, users and device configurations was discoveredΓ in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. This can only be exploited once an attacker gains root privileges on the devices using an authentication bypass issue or another vulnerability.This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191; My Cloud OS 5: before 5.26.202.π Read
via "National Vulnerability Database".
π΄ Trojan-Rigged Phishing Attacks Pepper China-Taiwan Conflict π΄
π Read
via "Dark Reading".
Plug X and other information-stealing remote-access Trojans are among the malware targeting networking, manufacturing, and logistics companies in Taiwan.π Read
via "Dark Reading".
Dark Reading
Trojan-Rigged Phishing Attacks Pepper China-Taiwan Conflict
Plug X and other information-stealing remote-access Trojans are among the malware targeting networking, manufacturing, and logistics companies in Taiwan.
π΄ KeePass Vulnerability Imperils Master Passwords π΄
π Read
via "Dark Reading".
A newly discovered bug in the open source password manager, if exploited, lets attackers retrieve a target's master password β and proof-of-concept code is available.π Read
via "Dark Reading".
Dark Reading
KeePass Vulnerability Imperils Master Passwords
A newly discovered bug in the open source password manager, if exploited, lets attackers retrieve a target's master password β and proof-of-concept code is available.
βΌ CVE-2023-2024 βΌ
π Read
via "National Vulnerability Database".
Improper authentication in OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 allow access to an unauthorized user under certain circumstances.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29720 βΌ
π Read
via "National Vulnerability Database".
SofaWiki <=3.8.9 is vulnerable to Cross Site Scripting (XSS) via index.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2025 βΌ
π Read
via "National Vulnerability Database".
OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 may expose sensitive information to an unauthorized user under certain circumstances.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31655 βΌ
π Read
via "National Vulnerability Database".
redis-7.0.10 was discovered to contain a segmentation violation.π Read
via "National Vulnerability Database".
π΄ Enterprises Rely on Multicloud Security to Protect Cloud Workloads π΄
π Read
via "Dark Reading".
As enterprises adopt multicloud, the security picture has gotten foggy. Cloud workload protection platforms and distributed firewalls are creating clarity.π Read
via "Dark Reading".
Dark Reading
Enterprises Rely on Multicloud Security to Protect Cloud Workloads
As enterprises adopt multicloud, the security picture has become foggy. Cloud workload protection platforms and distributed firewalls are creating clarity.
βΌ CVE-2022-35798 βΌ
π Read
via "National Vulnerability Database".
Azure Arc Jumpstart Information Disclosure Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-30470 βΌ
π Read
via "National Vulnerability Database".
A use-after-free related to unsound inference in the bytecode generation when optimizations are enabled for Hermes prior to commit da8990f737ebb9d9810633502f65ed462b819c09 could have been used by an attacker to achieve remote code execution. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24832 βΌ
π Read
via "National Vulnerability Database".
A null pointer dereference bug in Hermes prior to commit 5cae9f72975cf0e5a62b27fdd8b01f103e198708 could have been used by an attacker to crash an Hermes runtime where the EnableHermesInternal config option was set to true. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.π Read
via "National Vulnerability Database".