‼ CVE-2023-21240 ‼
📖 Read
via "National Vulnerability Database".
In Policy of Policy.java, there is a possible boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-34130 ‼
📖 Read
via "National Vulnerability Database".
SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2200 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to inject HTML in an email address field.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21256 ‼
📖 Read
via "National Vulnerability Database".
In SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities via Settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21249 ‼
📖 Read
via "National Vulnerability Database".
In multiple functions of OneTimePermissionUserManager.java, there is a possible one-time permission retention due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37563 ‼
📖 Read
via "National Vulnerability Database".
Exposure of sensitive information to an unauthorized actor issue exists in ELECOM wireless LAN routers, which allows a network-adjacent attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38199 ‼
📖 Read
via "National Vulnerability Database".
coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does not block multiple Content-Type headers, which might allow attackers to bypass a WAF with a crafted payload, aka "Content-Type confusion." This occurs when the web application relies on only the last Content-Type header.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2190 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.10 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. It may be possible for users to view new commits to private projects in a fork created while the project was public.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21238 ‼
📖 Read
via "National Vulnerability Database".
In visitUris of RemoteViews.java, there is a possible leak of images between users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21260 ‼
📖 Read
via "National Vulnerability Database".
In notification access permission dialog box, malicious application can embedded a very long service label that overflow the original user prompt and possibly contains mis-leading information to be appeared as a system message for user confirmation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-34128 ‼
📖 Read
via "National Vulnerability Database".
Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-34131 ‼
📖 Read
via "National Vulnerability Database".
Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics enables an unauthenticated attacker to access restricted web pages. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21257 ‼
📖 Read
via "National Vulnerability Database".
In updateSettingsInternalLI of InstallPackageHelper.java, there is a possible way to sideload an app in the work profile due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2620 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1. A maintainer could modify a webhook URL to leak masked webhook secrets by manipulating other masked portions. This addresses an incomplete fix for CVE-2023-0838.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-0948 ‼
📖 Read
via "National Vulnerability Database".
The PVRSRVBridgeGetMultiCoreInfo ioctl in the PowerVR kernel driver can return uninitialized kernel memory to user space. The contents of this memory could contain sensitive information.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-20942 ‼
📖 Read
via "National Vulnerability Database".
In openMmapStream of AudioFlinger.cpp, there is a possible way to record audio without displaying the microphone privacy indicator due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21239 ‼
📖 Read
via "National Vulnerability Database".
In visitUris of Notification.java, there is a possible way to leak image data across user boundaries due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21400 ‼
📖 Read
via "National Vulnerability Database".
In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-34137 ‼
📖 Read
via "National Vulnerability Database".
SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to authentication bypass vulnerability. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2023-37567 ‼
📖 Read
via "National Vulnerability Database".
ELECOM wireless LAN router WRC-1167GHBK3-A v1.24 and earlier allows a remote unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port of the web management page.📖 Read
via "National Vulnerability Database".
🦿 Hiring Kit: Security Architect 🦿
📖 Read
via "Tech Republic".
Developing and implementing both preventive security protocols and effective response plans is complicated and requires a security architect with a clear vision. This hiring kit from TechRepublic Premium provides a workable framework you can use to find the best candidate for your organization. From the hiring kit: DETERMINING FACTORS, DESIRABLE PERSONALITY TRAITS AND SKILLSETS Depending ...📖 Read
via "Tech Republic".
TechRepublic
Hiring Kit: Security Architect | TechRepublic
Developing and implementing both preventive security protocols and effective response plans is complicated and requires a security architect with a clear