βΌ CVE-2023-2727 βΌ
π Read
via "National Vulnerability Database".
Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36291 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting vulnerability in Maxsite CMS v.108.7 allows a remote attacker to execute arbitrary code via the f_content parameter in the admin/page_new file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36258 βΌ
π Read
via "National Vulnerability Database".
An issue in langchain v.0.0.199 allows an attacker to execute arbitrary code via the PALChain in the python exec method.π Read
via "National Vulnerability Database".
βΌ CVE-2020-22597 βΌ
π Read
via "National Vulnerability Database".
An issue in Jerrscript- project Jerryscrip v. 2.3.0 allows a remote attacker to execute arbitrary code via the ecma_builtin_array_prototype_object_slice parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36223 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote attacker to execute arbitrary code via a crafted payload to the announcements parameter in the settings function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36610 βΌ
π Read
via "National Vulnerability Database".
?The affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token are generated using predictable time-based values. An attacker with this knowledge could successfully brute force the token and authenticate themselves.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36222 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote attacker to execute arbitrary code via a crafted payload to the comment parameter in the article function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36611 βΌ
π Read
via "National Vulnerability Database".
The affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. This could allow an attacker with Γ’β¬ΕuserΓ’β¬οΏ½ privileges to access files requiring higher privileges by establishing an SSH session and providing the other tokens.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2728 βΌ
π Read
via "National Vulnerability Database".
Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service accountΓ’β¬β’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the `kubernetes.io/enforce-mountable-secrets` annotation are used together with ephemeral containers.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36162 βΌ
π Read
via "National Vulnerability Database".
Cross Site Request Forgery vulnerability in ZZCMS v.2023 alows a remote attacker to gain privileges via the add function in adminlist.php.π Read
via "National Vulnerability Database".
π΄ Fortanix Builds Hardware Security Wall Around Plaintext Search π΄
π Read
via "Dark Reading".
The company's Confidential Data Search technique relies on confidential computing to keep data secure even while it is in use.π Read
via "Dark Reading".
Dark Reading
Fortanix Builds Hardware Security Wall Around Plaintext Search
The company's Confidential Data Search technique relies on confidential computing to keep data secure even while it is in use.
βΌ CVE-2023-20693 βΌ
π Read
via "National Vulnerability Database".
In wlan firmware, there is possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664711; Issue ID: ALPS07664711.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25521 βΌ
π Read
via "National Vulnerability Database".
NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause execution with unnecessary privileges by leveraging a weakness whereby proper input parameter validation is not performed. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20689 βΌ
π Read
via "National Vulnerability Database".
In wlan firmware, there is possible system crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664741; Issue ID: ALPS07664741.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20692 βΌ
π Read
via "National Vulnerability Database".
In wlan firmware, there is possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664720; Issue ID: ALPS07664720.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20753 βΌ
π Read
via "National Vulnerability Database".
In rpmb, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07460390; Issue ID: ALPS07588667.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20691 βΌ
π Read
via "National Vulnerability Database".
In wlan firmware, there is possible system crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664731; Issue ID: ALPS07664731.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20758 βΌ
π Read
via "National Vulnerability Database".
In cmdq, there is a possible memory corruption due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07636133; Issue ID: ALPS07636130.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25517 βΌ
π Read
via "National Vulnerability Database".
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information disclosure and data tampering.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20755 βΌ
π Read
via "National Vulnerability Database".
In keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07510064; Issue ID: ALPS07509605.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20768 βΌ
π Read
via "National Vulnerability Database".
In ion, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560720; Issue ID: ALPS07559800.π Read
via "National Vulnerability Database".