‼ CVE-2023-38684 ‼
📖 Read
via "National Vulnerability Database".
Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, in multiple controller actions, Discourse accepts limit params but does not impose any upper bound on the values being accepted. Without an upper bound, the software may allow arbitrary users to generate DB queries which may end up exhausting the resources on the server. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. There are no known workarounds for this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37906 ‼
📖 Read
via "National Vulnerability Database".
Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a malicious user can edit a post in a topic and cause a DoS with a carefully crafted edit reason. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. There are no known workarounds for this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38685 ‼
📖 Read
via "National Vulnerability Database".
Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, information about restricted-visibility topic tags could be obtained by unauthorized users. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38498 ‼
📖 Read
via "National Vulnerability Database".
Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a malicious user can prevent the defer queue from proceeding promptly on sites hosted in the same multisite installation. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. There are no known workarounds for this vulnerability. Users of multisite configurations should upgrade.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3488 ‼
📖 Read
via "National Vulnerability Database".
Uninitialized buffer in GBL parser in Silicon Labs GSDK v4.3.0 and earlier allows attacker to leak data from Secure stack via malformed GBL file.📖 Read
via "National Vulnerability Database".
🦿 OpenAI, Microsoft, Google, Anthropic Launch Frontier Model Forum to Promote Safe AI 🦿
📖 Read
via "Tech Republic".
The forum's goal is to establish "guardrails" to mitigate the risk of AI. Learn about the group's four core objectives, as well as the criteria for membership.📖 Read
via "Tech Republic".
TechRepublic
OpenAI, Microsoft, Google, Anthropic Launch Frontier Model Forum to Promote Safe AI
The forum's goal is to establish "guardrails" to mitigate the risk of AI. Learn about the group's four core objectives, as well as the criteria for membership.
❤1
🦿 How to Use NordVPN Meshnet for Free 🦿
📖 Read
via "Tech Republic".
The free NordVPN Meshnet helps you create your own VPN tunnel to securely and directly connect different devices. Learn more about Meshnet and how to set it up in this guide.📖 Read
via "Tech Republic".
TechRepublic
How to Use NordVPN Meshnet for Free
The free NordVPN Meshnet helps you create your own VPN tunnel to securely and directly connect different devices. Learn more about Meshnet and how to set it up in this guide.
‼ CVE-2023-3598 ‼
📖 Read
via "National Vulnerability Database".
Out of bounds read and write in ANGLE in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38988 ‼
📖 Read
via "National Vulnerability Database".
An issue in the delete function in the OaNotifyController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete notifications created by Administrators.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-4316 ‼
📖 Read
via "National Vulnerability Database".
Inappropriate implementation in Cast UI in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to spoof browser UI via a crafted HTML page. (Chromium security severity: Low)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4910 ‼
📖 Read
via "National Vulnerability Database".
Inappropriate implementation in Autofill in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)📖 Read
via "National Vulnerability Database".
‼ CVE-2021-4322 ‼
📖 Read
via "National Vulnerability Database".
Use after free in DevTools in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Medium)📖 Read
via "National Vulnerability Database".
👍2
‼ CVE-2022-4920 ‼
📖 Read
via "National Vulnerability Database".
Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4915 ‼
📖 Read
via "National Vulnerability Database".
Inappropriate implementation in URL Formatting in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)📖 Read
via "National Vulnerability Database".
‼ CVE-2021-4321 ‼
📖 Read
via "National Vulnerability Database".
Policy bypass in Blink in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4908 ‼
📖 Read
via "National Vulnerability Database".
Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4925 ‼
📖 Read
via "National Vulnerability Database".
Insufficient validation of untrusted input in QUIC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform header splitting via malicious network traffic. (Chromium security severity: Low)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4919 ‼
📖 Read
via "National Vulnerability Database".
Use after free in Base Internals in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)📖 Read
via "National Vulnerability Database".
‼ CVE-2021-4319 ‼
📖 Read
via "National Vulnerability Database".
Use after free in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4917 ‼
📖 Read
via "National Vulnerability Database".
Incorrect security UI in Notifications in Google Chrome on Android prior to 103.0.5060.53 allowed a remote attacker to obscure the full screen notification via a crafted HTML page. (Chromium security severity: Low)📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2311 ‼
📖 Read
via "National Vulnerability Database".
Insufficient policy enforcement in File System API in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)📖 Read
via "National Vulnerability Database".