βΌ CVE-2023-2309 βΌ
π Read
via "National Vulnerability Database".
The wpForo Forum WordPress plugin before 2.1.9 does not escape some request parameters while in debug mode, leading to a Reflected Cross-Site Scripting vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2761 βΌ
π Read
via "National Vulnerability Database".
The User Activity Log WordPress plugin before 1.6.3 does not properly sanitise and escape the `txtsearch` parameter before using it in a SQL statement in some admin pages, leading to a SQL injection exploitable by high privilege users such as admin.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-3344 βΌ
π Read
via "National Vulnerability Database".
The Auto Location for WP Job Manager via Google WordPress plugin before 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)π Read
via "National Vulnerability Database".
βΌ CVE-2023-3248 βΌ
π Read
via "National Vulnerability Database".
The All-in-one Floating Contact Form WordPress plugin before 2.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)π Read
via "National Vulnerability Database".
π2
βΌ CVE-2022-28867 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. Here, the /aom/html/EditTemplate.jsf and /aom/html/ViewAllTemplatesPage.jsf templateName parameter is used.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28864 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include malicious code, which is then downloaded as a .csv or .xlsx file and executed on a victim machine. Here, the /aom/html/EditTemplate.jsf and /aom/html/ViewAllTemplatesPage.jsf templateName parameter is used.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28863 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Nokia NetAct 22. A remote user, authenticated to the website, can visit the Site Configuration Tool section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction with the operation=upload value.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28865 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Nokia NetAct 22 through the Site Configuration Tool website section. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. Here, the /netact/sct filename parameter is used.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3863 βΌ
π Read
via "National Vulnerability Database".
A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel. This flaw allows a local user with special privileges to impact a kernel information leak issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30280 βΌ
π Read
via "National Vulnerability Database".
/SecurityManagement/html/createuser.jsf in Nokia NetAct 22 allows CSRF. A remote attacker is able to create users with arbitrary privileges, even administrative privileges. The application (even if it implements a CSRF token for the random GET request) does not ever verify a CSRF token. With a little help of social engineering/phishing (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker's choosing. If the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application.π Read
via "National Vulnerability Database".
β Hacking police radios: 30-year-old crypto flaws in the spotlight β
π Read
via "Naked Security".
"Three may keep a secret, if two of them are dead."π Read
via "Naked Security".
Sophos News
Hacking police radios: 30-year-old crypto flaws in the spotlight
βThree may keep a secret, if two of them are dead.β
βΌ CVE-2023-3384 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the Quay registry. While the image labels created through Quay undergo validation both in the UI and backend by applying a regex (validation.py), the same validation isnot performed when the label comes from an image. This flaw allows an attacker to publish a malicious image to a public registry containing a script that can be executed via Cross-site scripting (XSS).π Read
via "National Vulnerability Database".
βΌ CVE-2023-3748 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory flag set to enter an infinite loop and cause a denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32258 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_LOGOFF and SMB2_CLOSE commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-3640 βΌ
π Read
via "National Vulnerability Database".
A possible unauthorized memory access flaw was found in the Linux kernel's cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the 'Randomize per-cpu entry area' feature was implemented in /arch/x86/mm/cpu_entry_area.c, which works through the init_cea_offsets() function when KASLR is enabled. However, despite this feature, there is still a risk of per-cpu entry area leaks. This issue could allow a local user to gain access to some important data with memory in an expected location and potentially escalate their privileges on the system.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1386 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. When a local user in the guest writes an executable file with SUID or SGID, none of these privileged bits are correctly dropped. As a result, in rare circumstances, this flaw could be used by malicious users in the guest to elevate their privileges within the guest and help a host local user to elevate privileges on the host.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3567 βΌ
π Read
via "National Vulnerability Database".
A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This flaw allows an attacker with local user access to cause a system crash or leak internal kernel information.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32252 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_LOGOFF commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33952 βΌ
π Read
via "National Vulnerability Database".
A double-free vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of vmw_buffer_object objects. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. This flaw allows a local privileged user to escalate privileges and execute code in the context of the kernel.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3745 βΌ
π Read
via "National Vulnerability Database".
A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to crash, resulting in a denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3019 βΌ
π Read
via "National Vulnerability Database".
A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service.π Read
via "National Vulnerability Database".