βΌ CVE-2023-3138 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-3439 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the MCTP protocol in the Linux kernel. The function mctp_unregister() reclaims the device's relevant resource when a netcard detaches. However, a running routine may be unaware of this and cause the use-after-free of the mdev->addrs object, potentially leading to a denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34761 βΌ
π Read
via "National Vulnerability Database".
An unauthenticated attacker within BLE proximity can remotely connect to a 7-Eleven LED Message Cup, Hello Cup 1.3.1 for Android, and bypass the application's client-side chat censor filter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4143 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions starting from 15.7 before 15.8.5, from 15.9 before 15.9.4, and from 15.10 before 15.10.1 that allows for crafted, unapproved MRs to be introduced and merged without authorizationπ Read
via "National Vulnerability Database".
βΌ CVE-2023-32224 βΌ
π Read
via "National Vulnerability Database".
D-Link DSL-224 firmware version 3.0.10 CWE-307: Improper Restriction of Excessive Authentication Attemptsπ Read
via "National Vulnerability Database".
βΌ CVE-2023-3243 βΌ
π Read
via "National Vulnerability Database".
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** [An attacker can capture an authenticating hashand utilize it to create new sessions. The hash is also a poorly salted MD5hash, which could result in a successful brute force password attack.Γ Recommended fix: Upgrade to a supported product suchas AlertonACM.] Out of an abundance of caution, this CVE ID is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded.Γ π Read
via "National Vulnerability Database".
βΌ CVE-2023-3355 βΌ
π Read
via "National Vulnerability Database".
A NULL pointer dereference flaw was found in the Linux kernel's drivers/gpu/drm/msm/msm_gem_submit.c code in the submit_lookup_cmds function, which fails because it lacks a check of the return value of kmalloc(). This issue allows a local user to crash the system.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34652 βΌ
π Read
via "National Vulnerability Database".
PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS) via Add New Course.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21517 βΌ
π Read
via "National Vulnerability Database".
Heap out-of-bound write vulnerability in Exynos baseband prior to SMR Jun-2023 Release 1 allows remote attacker to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3389 βΌ
π Read
via "National Vulnerability Database".
A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.We recommend upgrading past commit 4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable andΓ 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34650 βΌ
π Read
via "National Vulnerability Database".
PHPgurukl Small CRM v.1.0 is vulnerable to Cross Site Scripting (XSS).π Read
via "National Vulnerability Database".
βΌ CVE-2023-32222 βΌ
π Read
via "National Vulnerability Database".
D-Link DSL-G256DG version vBZ_1.00.27 web management interface allows authentication bypass via an unspecified method.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25827 βΌ
π Read
via "National Vulnerability Database".
Emby Server < 4.7.12.0 is vulnerable to a login bypass attack by setting the X-Forwarded-For header to a local IP-address.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21513 βΌ
π Read
via "National Vulnerability Database".
Improper privilege management vulnerability in CC Mode prior to SMR Jun-2023 Release 1 allows physical attackers to manipulate device to operate in way that results in unexpected behavior in CC Mode under specific condition.π Read
via "National Vulnerability Database".
π΄ Russian Spies, War Ministers Reliant on Cybercrime in Pariah State π΄
π Read
via "Dark Reading".
Swiss intelligence warns that Russia ramping up cyberattacks on infrastructure and cyber espionage as on-the-ground options evaporate.π Read
via "Dark Reading".
Dark Reading
Russian Spies, War Ministers Reliant on Cybercrime in Pariah State
Swiss intelligence warns that Russia ramping up cyberattacks on infrastructure and cyber espionage as on-the-ground options evaporate.
β€1
βΌ CVE-2023-36475 βΌ
π Read
via "National Vulnerability Database".
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 5.5.2 and 6.2.1, an attacker can use a prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. A patch is available in versions 5.5.2 and 6.2.1.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-3358 βΌ
π Read
via "National Vulnerability Database".
A null pointer dereference was found in the Linux kernel's Integrated Sensor Hub (ISH) driver. This issue could allow a local user to crash the system.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36474 βΌ
π Read
via "National Vulnerability Database".
Interactsh is an open-source tool for detecting out-of-band interactions. Domains configured with interactsh server prior to version 1.0.0 were vulnerable to subdomain takeover for a specific subdomain, i.e `app.` Interactsh server used to create cname entries for `app` pointing to `projectdiscovery.github.io` as default, which intended to used for hosting interactsh web client using GitHub pages. This is a security issue with a self-hosted interactsh server in which the user may not have configured a web client but still have a CNAME entry pointing to GitHub pages, making them vulnerable to subdomain takeover. This allows a threat actor to host / run arbitrary client side code (cross-site scripting) in a user's browser when browsing the vulnerable subdomain. Version 1.0.0 fixes this issue by making CNAME optional, rather than default.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34736 βΌ
π Read
via "National Vulnerability Database".
Guantang Equipment Management System version 4.12 is vulnerable to Arbitrary File Upload.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3357 βΌ
π Read
via "National Vulnerability Database".
A NULL pointer dereference flaw was found in the Linux kernel AMD Sensor Fusion Hub driver. This flaw allows a local user to crash the system.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34647 βΌ
π Read
via "National Vulnerability Database".
PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS).π Read
via "National Vulnerability Database".