ā¼ CVE-2023-22386 ā¼
š Read
via "National Vulnerability Database".
Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory.š Read
via "National Vulnerability Database".
ā¼ CVE-2023-21639 ā¼
š Read
via "National Vulnerability Database".
Memory corruption in Audio while processing sva_model_serializer using memory size passed by HIDL client.š Read
via "National Vulnerability Database".
ā¼ CVE-2023-21635 ā¼
š Read
via "National Vulnerability Database".
Memory Corruption in Data Network Stack & Connectivity when sim gets detected on telephony.š Read
via "National Vulnerability Database".
ā¼ CVE-2023-3460 ā¼
š Read
via "National Vulnerability Database".
The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild.š Read
via "National Vulnerability Database".
ā¼ CVE-2023-24851 ā¼
š Read
via "National Vulnerability Database".
Memory Corruption in WLAN HOST while parsing QMI response message from firmware.š Read
via "National Vulnerability Database".
ā¼ CVE-2022-4623 ā¼
š Read
via "National Vulnerability Database".
The ND Shortcodes WordPress plugin before 7.0 does not validate and escape numerous of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksš Read
via "National Vulnerability Database".
ā¼ CVE-2023-28542 ā¼
š Read
via "National Vulnerability Database".
Memory Corruption in WLAN HOST while fetching TX status information.š Read
via "National Vulnerability Database".
ā¼ CVE-2023-2321 ā¼
š Read
via "National Vulnerability Database".
The WPForms Google Sheet Connector WordPress plugin before 3.4.6, gsheetconnector-wpforms-pro WordPress plugin through 3.4.6 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as adminš Read
via "National Vulnerability Database".
ā¼ CVE-2023-21633 ā¼
š Read
via "National Vulnerability Database".
Memory Corruption in Linux while processing QcRilRequestImsRegisterMultiIdentityMessage request.š Read
via "National Vulnerability Database".
ā¼ CVE-2023-1273 ā¼
š Read
via "National Vulnerability Database".
The ND Shortcodes WordPress plugin before 7.0 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacksš Read
via "National Vulnerability Database".
ā¼ CVE-2023-21672 ā¼
š Read
via "National Vulnerability Database".
Memory corruption in Audio while running concurrent tunnel playback or during concurrent audio tunnel recording sessions.š Read
via "National Vulnerability Database".
š¢ Why Fulham FCās geography makes running IT so challenging š¢
š Read
via "ITPro".
Fending off cyber criminals and keeping equipment updated on match days is more difficult than you might think š Read
via "ITPro".
ITPro
Why Fulham FCās geography makes running IT so challenging
Fending off cyber criminals and keeping equipment updated on match days is more difficult than you might think
š1
ā¼ CVE-2023-31999 ā¼
š Read
via "National Vulnerability Database".
All versions of @fastify/oauth2 used a statically generated state parameter at startup time and were used across all requests for all users. The purpose of the Oauth2 state parameter is to prevent Cross-Site-Request-Forgery attacks. As such, it should be unique per user and should be connected to the user's session in some way that will allow the server to validate it.v7.2.0 changes the default behavior to store the state in a cookie with the http-only and same-site=lax attributes set. The state is now by default generated for every user. Note that this contains a breaking change in the checkStateFunction function, which now accepts the full Request object.š Read
via "National Vulnerability Database".
ā¼ CVE-2023-3506 ā¼
š Read
via "National Vulnerability Database".
A vulnerability was found in Active It Zone Active eCommerce CMS 6.5.0. It has been declared as problematic. This vulnerability affects unknown code of the file /ecommerce/support_ticket of the component Create Ticket Page. The manipulation of the argument details with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely. VDB-232954 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.š Read
via "National Vulnerability Database".
ā¼ CVE-2023-3505 ā¼
š Read
via "National Vulnerability Database".
A vulnerability was found in Onest CRM 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/project/update/2 of the component Project List Handler. The manipulation of the argument name with the input <script>alert(1)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-232953 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.š Read
via "National Vulnerability Database".
ā¤1
ā Ghostscript bug could allow rogue documents to run system commands ā
š Read
via "Naked Security".
Even if you've never heard of the venerable Ghostscript project, you may have it installed without knowing.š Read
via "Naked Security".
Sophos News
Naked Security ā Sophos News
ā¼ CVE-2022-42175 ā¼
š Read
via "National Vulnerability Database".
Insecure Direct Object Reference vulnerability in WHMCS module SolusVM 1 4.1.2 allows an attacker to change the password and hostname of other customer servers without authorization.š Read
via "National Vulnerability Database".
ā¼ CVE-2023-33201 ā¼
š Read
via "National Vulnerability Database".
Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.š Read
via "National Vulnerability Database".
ā¤3š1
ā¼ CVE-2023-37208 ā¼
š Read
via "National Vulnerability Database".
When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.š Read
via "National Vulnerability Database".
ā¼ CVE-2023-37207 ā¼
š Read
via "National Vulnerability Database".
A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.š Read
via "National Vulnerability Database".
ā¼ CVE-2023-37202 ā¼
š Read
via "National Vulnerability Database".
Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.š Read
via "National Vulnerability Database".