βΌ CVE-2022-40896 βΌ
π Read
via "National Vulnerability Database".
A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30799 βΌ
π Read
via "National Vulnerability Database".
MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary code on the system.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33876 βΌ
π Read
via "National Vulnerability Database".
A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15332 handles destroying annotations. A specially-crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object which can lead to memory corruption and result in arbitrary code execution. A specially-crafted Javascript code inside a malicious PDF document can cause memory corruption and lead to remote code execution. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32664 βΌ
π Read
via "National Vulnerability Database".
A type confusion vulnerability exists in the Javascript checkThisBox method as implemented in Foxit Reader 12.1.2.15332. A specially-crafted Javascript code inside a malicious PDF document can cause memory corruption and lead to remote code execution. User would need to open a malicious file to trigger the vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33866 βΌ
π Read
via "National Vulnerability Database".
A use-after-free vulnerability exists in the JavaScript engine of Foxit SoftwareΓ’β¬β’s PDF Reader, version 12.1.2.15332. By prematurely deleting objects associated with pages, a specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28744 βΌ
π Read
via "National Vulnerability Database".
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.1.1.15289. A specially crafted PDF document can trigger the reuse of previously freed memory by manipulating form fields of a specific type. This can lead to memory corruption and arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34034 βΌ
π Read
via "National Vulnerability Database".
Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3638 βΌ
π Read
via "National Vulnerability Database".
In GeoVision GV-ADR2701 cameras, an attacker could edit the login response to access the web application.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27379 βΌ
π Read
via "National Vulnerability Database".
A use-after-free vulnerability exists in the JavaScript engine of Foxit SoftwareΓ’β¬β’s PDF Reader, version 12.1.2.15332. By prematurely deleting objects associated with pages, a specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3463 βΌ
π Read
via "National Vulnerability Database".
All versions of GE Digital CIMPLICITY that are not adhering to SDG guidance and accepting documents from untrusted sources are vulnerable to memory corruption issues due to insufficient input validation, including issues such as out-of-bounds reads and writes, use-after-free, stack-based buffer overflows, uninitialized pointers, and a heap-based buffer overflow. Successful exploitation could allow an attacker to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3467 βΌ
π Read
via "National Vulnerability Database".
Privilege Escalation to root administrator (nsroot)π Read
via "National Vulnerability Database".
βΌ CVE-2023-3519 βΌ
π Read
via "National Vulnerability Database".
Unauthenticated remote code executionπ Read
via "National Vulnerability Database".
βΌ CVE-2023-3466 βΌ
π Read
via "National Vulnerability Database".
Reflected Cross-Site Scripting (XSS)π Read
via "National Vulnerability Database".
βΌ CVE-2023-37733 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in tduck-platform v4.0 allows attackers to execute arbitrary code via a crafted HTML file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3674 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted.π Read
via "National Vulnerability Database".
π¦Ώ 5 Deepfake Scams That Threaten Enterprises π¦Ώ
π Read
via "Tech Republic".
Forrester shines a light on the synthetic attacks that can cause organizations considerable headaches.π Read
via "Tech Republic".
TechRepublic
5 Deepfake Scams That Threaten Enterprises
Forrester shines a light on the synthetic attacks that can cause organizations considerable headaches.
π1
π¦Ώ Forresterβs Top 10 Emerging Technologies in 2023 and Beyond π¦Ώ
π Read
via "Tech Republic".
The research firm outlines when the average organization should expect a technology to deliver the benefits necessary to justify continued investment.π Read
via "Tech Republic".
TechRepublic
Forresterβs Top 10 Emerging Technologies in 2023 and Beyond
Discover the top 10 emerging technologies in 2023 from Forrester's report that will offer significant benefits for firms within two to four years.
βΌ CVE-2023-34429 βΌ
π Read
via "National Vulnerability Database".
Weintek Weincloud v0.13.6 could allow an attacker to cause a denial-of-service condition for Weincloud by sending a forged JWT token.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35134 βΌ
π Read
via "National Vulnerability Database".
Weintek Weincloud v0.13.6 could allow an attacker to reset a password with the corresponding accountΓ’β¬β’s JWT token only.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36853 βΌ
π Read
via "National Vulnerability Database".
?In Keysight Geolocation Server v2.4.2 and prior, a low privileged attacker could create a local ZIP file containing a malicious script in any location. The attacker could abuse this to load a DLL with SYSTEM privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37362 βΌ
π Read
via "National Vulnerability Database".
Weintek Weincloud v0.13.6 could allow an attacker to abuse the registration functionality to login with testing credentials to the official website.π Read
via "National Vulnerability Database".