βΌ CVE-2023-3759 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in Intergard SGS 8.7.0. Affected is an unknown function. The manipulation leads to permission issues. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-234444. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28754 βΌ
π Read
via "National Vulnerability Database".
Deserialization of Untrusted Data vulnerability in Apache ShardingSphere-Agent, which allows attackers to execute arbitrary code by constructing a special YAML configuration file.The attacker needs to have permission to modify the ShardingSphere Agent YAML configuration file on the target machine, and the target machine can access the URL with the arbitrary code JAR.An attacker can use SnakeYAML to deserialize java.net.URLClassLoader and make it load a JAR from a specified URL, and then deserialize javax.script.ScriptEngineManager to load code using that ClassLoader. When the ShardingSphere JVM process starts and uses the ShardingSphere-Agent, the arbitrary code specified by the attacker will be executed during the deserialization of the YAML configuration file by the Agent.This issue affects ShardingSphere-Agent: through 5.3.2. This vulnerability is fixed in Apache ShardingSphere 5.4.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3757 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in GZ Script Car Rental Script 1.8. Affected is an unknown function of the file /EventBookingCalendar/load.php?controller=GzFront/action=checkout/cid=1/layout=calendar/show_header=T/local=3. The manipulation of the argument first_name/second_name/phone/address_1/country leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-234432. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
π’ Citrix discloses critical NetScaler Gateway vulnerability π’
π Read
via "ITPro".
Users of affected products have been urged to implement patches immediately to mitigate risk π Read
via "ITPro".
ITPro
Citrix discloses critical NetScaler Gateway vulnerability
Users of affected products have been urged to implement patches immediately to mitigate risk
βΌ CVE-2022-40896 βΌ
π Read
via "National Vulnerability Database".
A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30799 βΌ
π Read
via "National Vulnerability Database".
MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary code on the system.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33876 βΌ
π Read
via "National Vulnerability Database".
A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15332 handles destroying annotations. A specially-crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object which can lead to memory corruption and result in arbitrary code execution. A specially-crafted Javascript code inside a malicious PDF document can cause memory corruption and lead to remote code execution. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32664 βΌ
π Read
via "National Vulnerability Database".
A type confusion vulnerability exists in the Javascript checkThisBox method as implemented in Foxit Reader 12.1.2.15332. A specially-crafted Javascript code inside a malicious PDF document can cause memory corruption and lead to remote code execution. User would need to open a malicious file to trigger the vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33866 βΌ
π Read
via "National Vulnerability Database".
A use-after-free vulnerability exists in the JavaScript engine of Foxit SoftwareΓ’β¬β’s PDF Reader, version 12.1.2.15332. By prematurely deleting objects associated with pages, a specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28744 βΌ
π Read
via "National Vulnerability Database".
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.1.1.15289. A specially crafted PDF document can trigger the reuse of previously freed memory by manipulating form fields of a specific type. This can lead to memory corruption and arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34034 βΌ
π Read
via "National Vulnerability Database".
Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3638 βΌ
π Read
via "National Vulnerability Database".
In GeoVision GV-ADR2701 cameras, an attacker could edit the login response to access the web application.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27379 βΌ
π Read
via "National Vulnerability Database".
A use-after-free vulnerability exists in the JavaScript engine of Foxit SoftwareΓ’β¬β’s PDF Reader, version 12.1.2.15332. By prematurely deleting objects associated with pages, a specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3463 βΌ
π Read
via "National Vulnerability Database".
All versions of GE Digital CIMPLICITY that are not adhering to SDG guidance and accepting documents from untrusted sources are vulnerable to memory corruption issues due to insufficient input validation, including issues such as out-of-bounds reads and writes, use-after-free, stack-based buffer overflows, uninitialized pointers, and a heap-based buffer overflow. Successful exploitation could allow an attacker to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3467 βΌ
π Read
via "National Vulnerability Database".
Privilege Escalation to root administrator (nsroot)π Read
via "National Vulnerability Database".
βΌ CVE-2023-3519 βΌ
π Read
via "National Vulnerability Database".
Unauthenticated remote code executionπ Read
via "National Vulnerability Database".
βΌ CVE-2023-3466 βΌ
π Read
via "National Vulnerability Database".
Reflected Cross-Site Scripting (XSS)π Read
via "National Vulnerability Database".
βΌ CVE-2023-37733 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in tduck-platform v4.0 allows attackers to execute arbitrary code via a crafted HTML file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3674 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted.π Read
via "National Vulnerability Database".
π¦Ώ 5 Deepfake Scams That Threaten Enterprises π¦Ώ
π Read
via "Tech Republic".
Forrester shines a light on the synthetic attacks that can cause organizations considerable headaches.π Read
via "Tech Republic".
TechRepublic
5 Deepfake Scams That Threaten Enterprises
Forrester shines a light on the synthetic attacks that can cause organizations considerable headaches.
π1
π¦Ώ Forresterβs Top 10 Emerging Technologies in 2023 and Beyond π¦Ώ
π Read
via "Tech Republic".
The research firm outlines when the average organization should expect a technology to deliver the benefits necessary to justify continued investment.π Read
via "Tech Republic".
TechRepublic
Forresterβs Top 10 Emerging Technologies in 2023 and Beyond
Discover the top 10 emerging technologies in 2023 from Forrester's report that will offer significant benefits for firms within two to four years.