βΌ CVE-2022-45079 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Loginizer plugin <=Γ 1.7.5 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28709 βΌ
π Read
via "National Vulnerability Database".
The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCountΓ could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parametersΓ in the query string, the limit for uploaded request parts could beΓ bypassed with the potential for a denial of service to occur.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47611 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Julian Weinert // cs&m Hover Image plugin <=Γ 1.4.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41608 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Thomas Belser Asgaros Forum plugin <=Γ 2.2.0 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47167 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Aram Kocharyan Crayon Syntax Highlighter plugin <=Γ 2.8.4 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23797 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in SecondLineThemes Auto YouTube Importer plugin <=Γ 1.0.3 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44739 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in ThingsForRestaurants Quick Restaurant Reservations plugin <=Γ 1.5.4 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25537 βΌ
π Read
via "National Vulnerability Database".
Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47183 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in StylistWP Extra Block Design, Style, CSS for ANY Gutenberg Blocks plugin <=Γ 0.2.6 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45076 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in WebMat Flexible Elementor Panel plugin <=Γ 2.3.8 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2832 βΌ
π Read
via "National Vulnerability Database".
SQL Injection in GitHub repository unilogies/bumsys prior to 2.2.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31058 βΌ
π Read
via "National Vulnerability Database".
Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers would bypass the'autoDeserialize' option filtering by addingΓ blanks. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it.[1] https://github.com/apache/inlong/pull/7674 https://github.com/apache/inlong/pull/7674π Read
via "National Vulnerability Database".
βΌ CVE-2023-2597 βΌ
π Read
via "National Vulnerability Database".
In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31779 βΌ
π Read
via "National Vulnerability Database".
Wekan v6.84 and earlier is vulnerable to Cross Site Scripting (XSS). An attacker with user privilege on kanban board can insert JavaScript code in in "Reaction to comment" feature.π Read
via "National Vulnerability Database".
π΄ Cyber Warfare Lessons From the Russia-Ukraine Conflict π΄
π Read
via "Dark Reading".
Techniques used in cyber warfare can be sold to anyone β irrespective of borders, authorities, or affiliations. We need to develop strategies to respond at scale.π Read
via "Dark Reading".
Dark Reading
Cyber Warfare Lessons From the Russia-Ukraine Conflict
Techniques used in cyber warfare can be sold to anyone β irrespective of borders, authorities, or affiliations. We need to develop strategies to respond at scale.
π΄ IBM's Polar Buy Creates Focus on a New 'Shadow Data' Cloud Security Area π΄
π Read
via "Dark Reading".
The purchase gives IBM access to a new category of products called "data security posture management" for security data in cloud and SaaS repositories.π Read
via "Dark Reading".
Dark Reading
IBM's Polar Buy Creates Focus on a New 'Shadow Data' Cloud Security Area
The purchase gives IBM access to a new category of products called "data security posture management" for security data in cloud and SaaS repositories.
β Appleβs secret is out: 3 zero-days fixed, so be sure to patch now! β
π Read
via "Naked Security".
All Apple users have zero-days that need patching, though some have more zero-days than others.π Read
via "Naked Security".
Naked Security
Appleβs secret is out: 3 zero-days fixed, so be sure to patch now!
All Apple users have zero-days that need patching, though some have more zero-days than others.
βΌ CVE-2023-25448 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Eric Teubert Archivist Γ’β¬β Custom Archive Templates plugin <=Γ 1.7.4 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31453 βΌ
π Read
via "National Vulnerability Database".
Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. TheΓ attacker can delete others' subscriptions, even if they are not the ownerof the deleted subscription.Γ Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it.[1] https://github.com/apache/inlong/pull/7949 https://github.com/apache/inlong/pull/7949π Read
via "National Vulnerability Database".
βΌ CVE-2023-32346 βΌ
π Read
via "National Vulnerability Database".
TeltonikaΓ’β¬β’s Remote Management System versions prior to 4.10.0 contain a function that allows users to claim their devices. This function returns information based on whether the serial number of a device has already been claimed, the MAC address of a device has already been claimed, or whether the attempt to claim a device was successful. An attacker could exploit this to create a list of the serial numbers and MAC addresses of all devices cloud-connected to the Remote Management System.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32347 βΌ
π Read
via "National Vulnerability Database".
TeltonikaΓ’β¬β’s Remote Management System versions prior to 4.10.0 use device serial numbers and MAC addresses to identify devices from the user perspective for device claiming and from the device perspective for authentication. If an attacker obtained the serial number and MAC address of a device, they could authenticate as that device and steal communication credentials of the device. This could allow an attacker to enable arbitrary command execution as root by utilizing management options within the newly registered devices.π Read
via "National Vulnerability Database".