βΌ CVE-2023-29260 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 252135.π Read
via "National Vulnerability Database".
π2
π¦Ώ Get a Lifetime of Powerful VPN Protection for Your Business Data for Just $70 π¦Ώ
π Read
via "Tech Republic".
Thereβs no reason to take chances of your business suffering a data breach when a lifetime of powerful protection is so affordable.π Read
via "Tech Republic".
TechRepublic
Get a Lifetime of Powerful VPN Protection for Your Business Data for Just $70
Make all of your computers and devices safer regardless of operating system with this VPN Unlimited: Lifetime Subscription for just $69.99.
π€1
βΌ CVE-2023-3762 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Intergard SGS 8.7.0. It has been classified as problematic. This affects an unknown part. The manipulation leads to cleartext storage of sensitive information in memory. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-234447. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3761 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Intergard SGS 8.7.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Password Change Handler. The manipulation leads to cleartext transmission of sensitive information. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-234446 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3763 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Intergard SGS 8.7.0. It has been declared as problematic. This vulnerability affects unknown code of the component SQL Query Handler. The manipulation leads to cleartext transmission of sensitive information. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-234448. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32635 βΌ
π Read
via "National Vulnerability Database".
XBRL data create application version 7.0 and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XBRL file, arbitrary files on the system may be read by an attacker.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3760 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in Intergard SGS 8.7.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Change Password Handler. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-234445 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3759 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in Intergard SGS 8.7.0. Affected is an unknown function. The manipulation leads to permission issues. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-234444. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28754 βΌ
π Read
via "National Vulnerability Database".
Deserialization of Untrusted Data vulnerability in Apache ShardingSphere-Agent, which allows attackers to execute arbitrary code by constructing a special YAML configuration file.The attacker needs to have permission to modify the ShardingSphere Agent YAML configuration file on the target machine, and the target machine can access the URL with the arbitrary code JAR.An attacker can use SnakeYAML to deserialize java.net.URLClassLoader and make it load a JAR from a specified URL, and then deserialize javax.script.ScriptEngineManager to load code using that ClassLoader. When the ShardingSphere JVM process starts and uses the ShardingSphere-Agent, the arbitrary code specified by the attacker will be executed during the deserialization of the YAML configuration file by the Agent.This issue affects ShardingSphere-Agent: through 5.3.2. This vulnerability is fixed in Apache ShardingSphere 5.4.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3757 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in GZ Script Car Rental Script 1.8. Affected is an unknown function of the file /EventBookingCalendar/load.php?controller=GzFront/action=checkout/cid=1/layout=calendar/show_header=T/local=3. The manipulation of the argument first_name/second_name/phone/address_1/country leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-234432. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
π’ Citrix discloses critical NetScaler Gateway vulnerability π’
π Read
via "ITPro".
Users of affected products have been urged to implement patches immediately to mitigate risk π Read
via "ITPro".
ITPro
Citrix discloses critical NetScaler Gateway vulnerability
Users of affected products have been urged to implement patches immediately to mitigate risk
βΌ CVE-2022-40896 βΌ
π Read
via "National Vulnerability Database".
A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30799 βΌ
π Read
via "National Vulnerability Database".
MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary code on the system.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33876 βΌ
π Read
via "National Vulnerability Database".
A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15332 handles destroying annotations. A specially-crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object which can lead to memory corruption and result in arbitrary code execution. A specially-crafted Javascript code inside a malicious PDF document can cause memory corruption and lead to remote code execution. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32664 βΌ
π Read
via "National Vulnerability Database".
A type confusion vulnerability exists in the Javascript checkThisBox method as implemented in Foxit Reader 12.1.2.15332. A specially-crafted Javascript code inside a malicious PDF document can cause memory corruption and lead to remote code execution. User would need to open a malicious file to trigger the vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33866 βΌ
π Read
via "National Vulnerability Database".
A use-after-free vulnerability exists in the JavaScript engine of Foxit SoftwareΓ’β¬β’s PDF Reader, version 12.1.2.15332. By prematurely deleting objects associated with pages, a specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28744 βΌ
π Read
via "National Vulnerability Database".
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.1.1.15289. A specially crafted PDF document can trigger the reuse of previously freed memory by manipulating form fields of a specific type. This can lead to memory corruption and arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34034 βΌ
π Read
via "National Vulnerability Database".
Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3638 βΌ
π Read
via "National Vulnerability Database".
In GeoVision GV-ADR2701 cameras, an attacker could edit the login response to access the web application.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27379 βΌ
π Read
via "National Vulnerability Database".
A use-after-free vulnerability exists in the JavaScript engine of Foxit SoftwareΓ’β¬β’s PDF Reader, version 12.1.2.15332. By prematurely deleting objects associated with pages, a specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3463 βΌ
π Read
via "National Vulnerability Database".
All versions of GE Digital CIMPLICITY that are not adhering to SDG guidance and accepting documents from untrusted sources are vulnerable to memory corruption issues due to insufficient input validation, including issues such as out-of-bounds reads and writes, use-after-free, stack-based buffer overflows, uninitialized pointers, and a heap-based buffer overflow. Successful exploitation could allow an attacker to execute arbitrary code.π Read
via "National Vulnerability Database".