βΌ CVE-2023-21239 βΌ
π Read
via "National Vulnerability Database".
In visitUris of Notification.java, there is a possible way to leak image data across user boundaries due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21400 βΌ
π Read
via "National Vulnerability Database".
In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34137 βΌ
π Read
via "National Vulnerability Database".
SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to authentication bypass vulnerability. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-37567 βΌ
π Read
via "National Vulnerability Database".
ELECOM wireless LAN router WRC-1167GHBK3-A v1.24 and earlier allows a remote unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port of the web management page.π Read
via "National Vulnerability Database".
π¦Ώ Hiring Kit: Security Architect π¦Ώ
π Read
via "Tech Republic".
Developing and implementing both preventive security protocols and effective response plans is complicated and requires a security architect with a clear vision. This hiring kit from TechRepublic Premium provides a workable framework you can use to find the best candidate for your organization. From the hiring kit: DETERMINING FACTORS, DESIRABLE PERSONALITY TRAITS AND SKILLSETS Depending ...π Read
via "Tech Republic".
TechRepublic
Hiring Kit: Security Architect | TechRepublic
Developing and implementing both preventive security protocols and effective response plans is complicated and requires a security architect with a clear
βΌ CVE-2023-37415 βΌ
π Read
via "National Vulnerability Database".
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Apache Hive Provider.Patching on top of CVE-2023-35797BeforeΓ 6.1.2Γ the proxy_user option can also inject semicolon.This issue affects Apache Airflow Apache Hive Provider: before 6.1.2.It is recommended updating provider version to 6.1.2 in order to avoid this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3319 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iDisplay PlatPlay DS allows Stored XSS.This issue affects PlatPlay DS: before 3.14.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35069 βΌ
π Read
via "National Vulnerability Database".
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Bullwark allows Path Traversal.This issue affects Bullwark: before BLW-2016E-960H.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2957 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lisa Software Florist Site allows SQL Injection.This issue affects Florist Site: before 3.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1547 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Elra Parkmatik allows SQL Injection through SOAP Parameter Tampering, Command Line Execution through SQL Injection.This issue affects Parkmatik: before 02.01-a51.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29449 βΌ
π Read
via "National Vulnerability Database".
JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization. Preprocessing/webhook/global script configuration and testing are only available to Administrative roles (Admin and Superadmin). Administrative privileges should be typically granted to users who need to perform tasks that require more control over the system. The security risk is limited because not all users have this level of access.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29450 βΌ
π Read
via "National Vulnerability Database".
JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbix") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data.π Read
via "National Vulnerability Database".
π’ βBig game ransomwareβ tactics return as attackers eye lucrative payouts π’
π Read
via "ITPro".
Small businesses arenβt out of the firing line, but big business is facing a new wave as operators take gambles π Read
via "ITPro".
IT Pro
βBig game ransomwareβ tactics return as attackers eye lucrative payouts
Small businesses arenβt out of the firing line, but big business is facing a new wave as operators take gambles
β€1π1
βΌ CVE-2023-29454 βΌ
π Read
via "National Vulnerability Database".
Stored or persistent cross-site scripting (XSS) is a type of XSS where the attacker first sends the payload to the web application, then the application saves the payload (e.g., in a database or server-side text files), and finally, the application unintentionally executes the payload for every victim visiting its web pages.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29456 βΌ
π Read
via "National Vulnerability Database".
URL validation scheme receives input from a user and then parses it to identify its various components. The validation scheme can ensure that all URL components comply with internet standards.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23585 βΌ
π Read
via "National Vulnerability Database".
Experion server DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22435 βΌ
π Read
via "National Vulnerability Database".
Experion server may experience a DoS due to a stack overflow when handling a specially crafted message.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24480 βΌ
π Read
via "National Vulnerability Database".
Controller DoS due to stack overflow when decoding a message from the serverπ Read
via "National Vulnerability Database".
βΌ CVE-2023-29452 βΌ
π Read
via "National Vulnerability Database".
Currently, geomap configuration (Administration -> General -> Geographical maps) allows using HTML in the field Γ’β¬ΕAttribution textΓ’β¬οΏ½ when selected Γ’β¬ΕOtherΓ’β¬οΏ½ Tile provider.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25770 βΌ
π Read
via "National Vulnerability Database".
Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25078 βΌ
π Read
via "National Vulnerability Database".
Server or Console Station DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation.π Read
via "National Vulnerability Database".