βΌ CVE-2023-35945 βΌ
π Read
via "National Vulnerability Database".
Envoy is a cloud-native high-performance edge/middle/service proxy. EnvoyΓ’β¬β’s HTTP/2 codec may leak a header map and bookkeeping structures upon receiving `RST_STREAM` immediately followed by the `GOAWAY` frames from an upstream server. In nghttp2, cleanup of pending requests due to receipt of the `GOAWAY` frame skips de-allocation of the bookkeeping structure and pending compressed header. The error return [code path] is taken if connection is already marked for not sending more requests due to `GOAWAY` frame. The clean-up code is right after the return statement, causing memory leak. Denial of service through memory exhaustion. This vulnerability was patched in versions(s) 1.26.3, 1.25.8, 1.24.9, 1.23.11.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37463 βΌ
π Read
via "National Vulnerability Database".
cmark-gfm is an extended version of the C reference implementation of CommonMark, a rationalized version of Markdown syntax with a spec. Three polynomial time complexity issues in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. These vulnerabilities have been patched in 0.29.0.gfm.12.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37468 βΌ
π Read
via "National Vulnerability Database".
Feedbacksystem is a personalized feedback system for students using artificial intelligence. Passwords of users using LDAP login are stored in clear text in the database. The LDAP users password is passed unencrypted in the LoginController.scala and stored in the database when logging in for the first time. Users using only local login or the cas login are not affected. This issue has been patched in version 1.19.2.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30563 βΌ
π Read
via "National Vulnerability Database".
A malicious file could be uploaded into a System Manager User Import Function resulting in a hijacked session.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30565 βΌ
π Read
via "National Vulnerability Database".
An insecure connection between Systems Manager and CQI Reporter application could expose infusion data to an attacker.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30564 βΌ
π Read
via "National Vulnerability Database".
Alaris Systems Manager does not perform input validation during the Device Import Function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30562 βΌ
π Read
via "National Vulnerability Database".
A GRE dataset file within Systems Manager can be tampered with and distributed to PCUs.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30561 βΌ
π Read
via "National Vulnerability Database".
The data flowing between the PCU and its modules is insecure. A threat actor with physical access could potentially read or modify data by attaching a specially crafted device while an infusion is running.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37466 βΌ
π Read
via "National Vulnerability Database".
vm2 is an advanced vm/sandbox for Node.js. The library contains critical security issues and should not be used for production. The maintenance of the project has been discontinued. In vm2 for versions up to 3.9.19, `Promise` handler sanitization can be bypassed with `@@species` accessor property allowing attackers to escape the sandbox and run arbitrary code. Remote Code Execution, assuming the attacker has arbitrary code execution primitive inside the context of vm2 sandbox.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37714 βΌ
π Read
via "National Vulnerability Database".
Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromRouteStatic.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37718 βΌ
π Read
via "National Vulnerability Database".
Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromSafeClientFilter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3668 βΌ
π Read
via "National Vulnerability Database".
Improper Encoding or Escaping of Output in GitHub repository froxlor/froxlor prior to 2.0.21.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37721 βΌ
π Read
via "National Vulnerability Database".
Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromSafeMacFilter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37716 βΌ
π Read
via "National Vulnerability Database".
Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromNatStaticSetting.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37723 βΌ
π Read
via "National Vulnerability Database".
Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromqossetting.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37719 βΌ
π Read
via "National Vulnerability Database".
Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromP2pListFilter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37722 βΌ
π Read
via "National Vulnerability Database".
Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromSafeUrlFilter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37715 βΌ
π Read
via "National Vulnerability Database".
Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function frmL7ProtForm.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37717 βΌ
π Read
via "National Vulnerability Database".
Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromDhcpListClient.π Read
via "National Vulnerability Database".
π’ JumpCloud reveals threat actors breached internal systems, following customer speculation π’
π Read
via "ITPro".
Suspicious activity was discovered in June, but a customer link took longer than a week to establish π Read
via "ITPro".
ITPro
JumpCloud reveals nation-state hackers breached internal systems, following customer speculation
Suspicious activity was discovered in June, but a customer link took longer than a week to establish
βΌ CVE-2023-3672 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - DOM in GitHub repository plaidweb/webmention.js prior to 0.5.5.π Read
via "National Vulnerability Database".