βΌ CVE-2023-34131 βΌ
π Read
via "National Vulnerability Database".
Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics enables an unauthenticated attacker to access restricted web pages. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21257 βΌ
π Read
via "National Vulnerability Database".
In updateSettingsInternalLI of InstallPackageHelper.java, there is a possible way to sideload an app in the work profile due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2620 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1. A maintainer could modify a webhook URL to leak masked webhook secrets by manipulating other masked portions. This addresses an incomplete fix for CVE-2023-0838.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0948 βΌ
π Read
via "National Vulnerability Database".
The PVRSRVBridgeGetMultiCoreInfo ioctl in the PowerVR kernel driver can return uninitialized kernel memory to user space. The contents of this memory could contain sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20942 βΌ
π Read
via "National Vulnerability Database".
In openMmapStream of AudioFlinger.cpp, there is a possible way to record audio without displaying the microphone privacy indicator due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21239 βΌ
π Read
via "National Vulnerability Database".
In visitUris of Notification.java, there is a possible way to leak image data across user boundaries due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21400 βΌ
π Read
via "National Vulnerability Database".
In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34137 βΌ
π Read
via "National Vulnerability Database".
SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to authentication bypass vulnerability. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-37567 βΌ
π Read
via "National Vulnerability Database".
ELECOM wireless LAN router WRC-1167GHBK3-A v1.24 and earlier allows a remote unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port of the web management page.π Read
via "National Vulnerability Database".
π¦Ώ Hiring Kit: Security Architect π¦Ώ
π Read
via "Tech Republic".
Developing and implementing both preventive security protocols and effective response plans is complicated and requires a security architect with a clear vision. This hiring kit from TechRepublic Premium provides a workable framework you can use to find the best candidate for your organization. From the hiring kit: DETERMINING FACTORS, DESIRABLE PERSONALITY TRAITS AND SKILLSETS Depending ...π Read
via "Tech Republic".
TechRepublic
Hiring Kit: Security Architect | TechRepublic
Developing and implementing both preventive security protocols and effective response plans is complicated and requires a security architect with a clear
βΌ CVE-2023-37415 βΌ
π Read
via "National Vulnerability Database".
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Apache Hive Provider.Patching on top of CVE-2023-35797BeforeΓ 6.1.2Γ the proxy_user option can also inject semicolon.This issue affects Apache Airflow Apache Hive Provider: before 6.1.2.It is recommended updating provider version to 6.1.2 in order to avoid this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3319 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iDisplay PlatPlay DS allows Stored XSS.This issue affects PlatPlay DS: before 3.14.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35069 βΌ
π Read
via "National Vulnerability Database".
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Bullwark allows Path Traversal.This issue affects Bullwark: before BLW-2016E-960H.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2957 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lisa Software Florist Site allows SQL Injection.This issue affects Florist Site: before 3.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1547 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Elra Parkmatik allows SQL Injection through SOAP Parameter Tampering, Command Line Execution through SQL Injection.This issue affects Parkmatik: before 02.01-a51.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29449 βΌ
π Read
via "National Vulnerability Database".
JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization. Preprocessing/webhook/global script configuration and testing are only available to Administrative roles (Admin and Superadmin). Administrative privileges should be typically granted to users who need to perform tasks that require more control over the system. The security risk is limited because not all users have this level of access.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29450 βΌ
π Read
via "National Vulnerability Database".
JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbix") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data.π Read
via "National Vulnerability Database".
π’ βBig game ransomwareβ tactics return as attackers eye lucrative payouts π’
π Read
via "ITPro".
Small businesses arenβt out of the firing line, but big business is facing a new wave as operators take gambles π Read
via "ITPro".
IT Pro
βBig game ransomwareβ tactics return as attackers eye lucrative payouts
Small businesses arenβt out of the firing line, but big business is facing a new wave as operators take gambles
β€1π1
βΌ CVE-2023-29454 βΌ
π Read
via "National Vulnerability Database".
Stored or persistent cross-site scripting (XSS) is a type of XSS where the attacker first sends the payload to the web application, then the application saves the payload (e.g., in a database or server-side text files), and finally, the application unintentionally executes the payload for every victim visiting its web pages.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29456 βΌ
π Read
via "National Vulnerability Database".
URL validation scheme receives input from a user and then parses it to identify its various components. The validation scheme can ensure that all URL components comply with internet standards.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23585 βΌ
π Read
via "National Vulnerability Database".
Experion server DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation.π Read
via "National Vulnerability Database".