โผ CVE-2022-48521 โผ
๐ Read
via "National Vulnerability Database".
An issue was discovered in OpenDKIM through 2.10.3, and 2.11.x through 2.11.0-Beta2. It fails to keep track of ordinal numbers when removing fake Authentication-Results header fields, which allows a remote attacker to craft an e-mail message with a fake sender address such that programs that rely on Authentication-Results from OpenDKIM will treat the message as having a valid DKIM signature when in fact it has none.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-29406 โผ
๐ Read
via "National Vulnerability Database".
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.๐ Read
via "National Vulnerability Database".
โ๏ธ Apple & Microsoft Patch Tuesday, July 2023 Edition โ๏ธ
๐ Read
via "Krebs on Security".
Microsoft Corp. today released software updates to quash 130 security bugs in its Windows operating systems and related software, including at least five flaws that are already seeing active exploitation. Meanwhile, Apple customers have their own zero-day woes again this month: On Monday, Apple issued (and then quickly pulled) an emergency update to fix a zero-day vulnerability that is being exploited on MacOS and iOS devices.๐ Read
via "Krebs on Security".
Krebs on Security
Apple & Microsoft Patch Tuesday, July 2023 Edition
Microsoft Corp. today released software updates to quash 130 security bugs in its Windows operating systems and related software, including at least five flaws that are already seeing active exploitation. Meanwhile, Apple customers have their own zero-dayโฆ
๐2
โผ CVE-2023-37766 โผ
๐ Read
via "National Vulnerability Database".
GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gf_isom_remove_user_data function at /lib/libgpac.so.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-24491 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability has been discovered in the Citrix Secure Access client for Windowswhich, if exploited, could allow an attacker with access to an endpoint with Standard User Account that has the vulnerable client installed to escalate their local privileges to that ofร NT AUTHORITY\SYSTEM.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-37765 โผ
๐ Read
via "National Vulnerability Database".
GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gf_dump_vrml_sffield function at /lib/libgpac.so.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-3127 โผ
๐ Read
via "National Vulnerability Database".
An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with administrator rights.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-24492 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability has been discovered in the Citrix Secure Access client for Ubuntuร which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link and accepts further prompts.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-37174 โผ
๐ Read
via "National Vulnerability Database".
GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the dump_isom_scene function at /mp4box/filedump.c.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-37767 โผ
๐ Read
via "National Vulnerability Database".
GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the BM_ParseIndexValueReplace function at /lib/libgpac.so.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-33881 โผ
๐ Read
via "National Vulnerability Database".
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-32788 โผ
๐ Read
via "National Vulnerability Database".
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-30942 โผ
๐ Read
via "National Vulnerability Database".
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-3080 โผ
๐ Read
via "National Vulnerability Database".
The WP Mail Catcher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-3166 โผ
๐ Read
via "National Vulnerability Database".
The Lana Email Logger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, Lana Email Logger due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-33888 โผ
๐ Read
via "National Vulnerability Database".
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-4425 โผ
๐ Read
via "National Vulnerability Database".
The Defender Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.6. This is due to missing or incorrect nonce validation on the verify_otp_login_time() function. This makes it possible for unauthenticated attackers to verify a one time login via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-37196 โผ
๐ Read
via "National Vulnerability Database".
A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE toaccess unauthorized content, change, or delete content, or perform unauthorized actions whentampering with the alert settings of endpoints on DCE.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-33899 โผ
๐ Read
via "National Vulnerability Database".
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-33885 โผ
๐ Read
via "National Vulnerability Database".
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-3168 โผ
๐ Read
via "National Vulnerability Database".
The WP Reroute Email plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.๐ Read
via "National Vulnerability Database".