βΌ CVE-2023-37142 βΌ
π Read
via "National Vulnerability Database".
ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::EntryPointInfo::HasInlinees().π Read
via "National Vulnerability Database".
βΌ CVE-2023-22052 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.19 and 21.3-21.10. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java VM accessible data. CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).π Read
via "National Vulnerability Database".
βΌ CVE-2023-37143 βΌ
π Read
via "National Vulnerability Database".
ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function BackwardPass::IsEmptyLoopAfterMemOp().π Read
via "National Vulnerability Database".
βΌ CVE-2023-37141 βΌ
π Read
via "National Vulnerability Database".
ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::ProfilingHelpers::ProfiledNewScArray().π Read
via "National Vulnerability Database".
βΌ CVE-2023-28023 βΌ
π Read
via "National Vulnerability Database".
A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems (server machine and all the ones in its network).Γ π Read
via "National Vulnerability Database".
βΌ CVE-2023-22035 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: iSurvey Module). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Scripting. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Scripting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Scripting accessible data as well as unauthorized read access to a subset of Oracle Scripting accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).π Read
via "National Vulnerability Database".
βΌ CVE-2023-22050 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). Supported versions that are affected are Prior to 9.2.7.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Orchestrator accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).π Read
via "National Vulnerability Database".
βΌ CVE-2023-22053 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.7.42 and prior and 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server and unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H).π Read
via "National Vulnerability Database".
βΌ CVE-2023-22049 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).π Read
via "National Vulnerability Database".
βΌ CVE-2023-22047 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).π Read
via "National Vulnerability Database".
β Google Virus Total leaks list of spooky email addresses β
π Read
via "Naked Security".
Careful with that file, Eugene!π Read
via "Naked Security".
Naked Security
Google Virus Total leaks list of spooky email addresses
Careful with that file, Eugene!
β Microsoft hit by Storm season β a tale of two semi-zero days β
π Read
via "Naked Security".
The first compromise didn't get the crooks as far as they wanted, so they found a second one that did...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2023-3527 βΌ
π Read
via "National Vulnerability Database".
A CSV injection vulnerability was found in theΓ Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used to open the file by a spreadsheet software such as Microsoft Excel.Γ π Read
via "National Vulnerability Database".
βΌ CVE-2023-22508 βΌ
π Read
via "National Vulnerability Database".
This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22508 was introduced in version 7.19.8 of Confluence Data Center & Server.This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction.Atlassian recommends that you upgrade your instance to latest version. If you're unable to upgrade to latest, upgrade to this fixed version: 8.2.0. See the release notes ([https://confluence.atlassian.com/doc/confluence-release-notes-327.html|https://confluence.atlassian.com/doc/confluence-release-notes-327.html]). You can download the latest version of Data Center & Server from the download center ([https://www.atlassian.com/software/confluence/download-archives|https://www.atlassian.com/software/confluence/download-archives]).This vulnerability was discovered by a private user and reported via our Bug Bounty program.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35900 βΌ
π Read
via "National Vulnerability Database".
IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.4 and 23.0.0 through 23.0.5 is vulnerable to disclosing server version information which may be used to determine software vulnerabilities at the operating system level. IBM X-Force ID: 259368.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26023 βΌ
π Read
via "National Vulnerability Database".
Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks. IBM X-Force ID: 247896.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3765 βΌ
π Read
via "National Vulnerability Database".
Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28513 βΌ
π Read
via "National Vulnerability Database".
IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 250397.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26026 βΌ
π Read
via "National Vulnerability Database".
Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks. IBM X-Force ID: 247896.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38933 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling Connect:Direct for UNIX 1.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210574.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3752 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Creativeitem Academy LMS 5.15. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /home/courses. The manipulation of the argument sort_by leads to cross site scripting. The attack may be launched remotely. VDB-234422 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".