βΌ CVE-2023-37415 βΌ
π Read
via "National Vulnerability Database".
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Apache Hive Provider.Patching on top of CVE-2023-35797BeforeΓ 6.1.2Γ the proxy_user option can also inject semicolon.This issue affects Apache Airflow Apache Hive Provider: before 6.1.2.It is recommended updating provider version to 6.1.2 in order to avoid this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3319 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iDisplay PlatPlay DS allows Stored XSS.This issue affects PlatPlay DS: before 3.14.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35069 βΌ
π Read
via "National Vulnerability Database".
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Bullwark allows Path Traversal.This issue affects Bullwark: before BLW-2016E-960H.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2957 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lisa Software Florist Site allows SQL Injection.This issue affects Florist Site: before 3.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1547 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Elra Parkmatik allows SQL Injection through SOAP Parameter Tampering, Command Line Execution through SQL Injection.This issue affects Parkmatik: before 02.01-a51.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29449 βΌ
π Read
via "National Vulnerability Database".
JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization. Preprocessing/webhook/global script configuration and testing are only available to Administrative roles (Admin and Superadmin). Administrative privileges should be typically granted to users who need to perform tasks that require more control over the system. The security risk is limited because not all users have this level of access.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29450 βΌ
π Read
via "National Vulnerability Database".
JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbix") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data.π Read
via "National Vulnerability Database".
π’ βBig game ransomwareβ tactics return as attackers eye lucrative payouts π’
π Read
via "ITPro".
Small businesses arenβt out of the firing line, but big business is facing a new wave as operators take gambles π Read
via "ITPro".
IT Pro
βBig game ransomwareβ tactics return as attackers eye lucrative payouts
Small businesses arenβt out of the firing line, but big business is facing a new wave as operators take gambles
β€1π1
βΌ CVE-2023-29454 βΌ
π Read
via "National Vulnerability Database".
Stored or persistent cross-site scripting (XSS) is a type of XSS where the attacker first sends the payload to the web application, then the application saves the payload (e.g., in a database or server-side text files), and finally, the application unintentionally executes the payload for every victim visiting its web pages.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29456 βΌ
π Read
via "National Vulnerability Database".
URL validation scheme receives input from a user and then parses it to identify its various components. The validation scheme can ensure that all URL components comply with internet standards.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23585 βΌ
π Read
via "National Vulnerability Database".
Experion server DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22435 βΌ
π Read
via "National Vulnerability Database".
Experion server may experience a DoS due to a stack overflow when handling a specially crafted message.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24480 βΌ
π Read
via "National Vulnerability Database".
Controller DoS due to stack overflow when decoding a message from the serverπ Read
via "National Vulnerability Database".
βΌ CVE-2023-29452 βΌ
π Read
via "National Vulnerability Database".
Currently, geomap configuration (Administration -> General -> Geographical maps) allows using HTML in the field Γ’β¬ΕAttribution textΓ’β¬οΏ½ when selected Γ’β¬ΕOtherΓ’β¬οΏ½ Tile provider.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25770 βΌ
π Read
via "National Vulnerability Database".
Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25078 βΌ
π Read
via "National Vulnerability Database".
Server or Console Station DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24474 βΌ
π Read
via "National Vulnerability Database".
Experion server may experience a DoS due to a heap overflow which could occur when handling a specially crafted messageπ Read
via "National Vulnerability Database".
βΌ CVE-2023-29455 βΌ
π Read
via "National Vulnerability Database".
Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25178 βΌ
π Read
via "National Vulnerability Database".
Controller may be loaded with malicious firmware which could enable remote code executionπ Read
via "National Vulnerability Database".
βΌ CVE-2023-3657 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in SourceCodester AC Repair and Services System 1.0. This issue affects some unknown processing of the file Master.php?f=save_book of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-234011.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3658 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in SourceCodester AC Repair and Services System 1.0. Affected is an unknown function of the file Master.php?f=delete_book of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-234012.π Read
via "National Vulnerability Database".