βΌ CVE-2023-4136 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrafterCMS Engine on Windows, MacOS, Linux, x86, ARM, 64 bit allows Reflected XSS.This issue affects CrafterCMS: from 4.0.0 through 4.0.2, from 3.1.0 through 3.1.27.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4132 βΌ
π Read
via "National Vulnerability Database".
A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4138 βΌ
π Read
via "National Vulnerability Database".
Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.8.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2754 βΌ
π Read
via "National Vulnerability Database".
The Cloudflare WARP client for Windows assigns loopback IPv4 addresses for the DNS Servers, since WARP acts as local DNS server that performs DNS queries in a secure manner, however, if a user is connected to WARP over an IPv6-capable network, te WARP client did not assign loopback IPv6 addresses but Unique Local Addresses, which under certain conditions could point towards unknown devices in the same local network which enables an Attacker to view DNS queries made by the device.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28468 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The FvbServicesRuntimeDxe SMM module exposes an SMI handler that allows an attacker to interact with the SPI flash at run-time from the OS.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4133 βΌ
π Read
via "National Vulnerability Database".
A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39096 βΌ
π Read
via "National Vulnerability Database".
WebBoss.io CMS v3.7.0.1 contains a stored Cross-Site Scripting (XSS) vulnerability due to lack of input validation and output encoding.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25600 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in InsydeH2O. A malicious operating system can tamper with a runtime-writable EFI variable, leading to out-of-bounds memory reads and a denial of service. This is fixed in version 01.01.04.0016.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3766 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was discovered in the odoh-rs rust crate that stems from faulty logic during the parsing of encrypted queries. This issue specifically occurs when processing encrypted query data received from remote clients and enables an attackerΓ with knowledge of this vulnerability to craft and send specially designed encrypted queries to targeted ODOH servers running with odoh-rs. Upon successful exploitation, the server will crash abruptly, disrupting its normal operation and rendering the service temporarily unavailable.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36298 βΌ
π Read
via "National Vulnerability Database".
DedeCMS v5.7.109 has a File Upload vulnerability, leading to remote code execution (RCE).π Read
via "National Vulnerability Database".
βΌ CVE-2023-38812 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3180 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36299 βΌ
π Read
via "National Vulnerability Database".
A File Upload vulnerability in typecho v.1.2.1 allows a remote attacker to execute arbitrary code via the upload and options-general parameters in index.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3348 βΌ
π Read
via "National Vulnerability Database".
The Wrangler command line tool (<=wrangler@3.1.0) was affected by a directory traversal vulnerability when running a local development server for Pages (wrangler pages dev command). This vulnerability enabled an attacker in the same network as the victim to connect to the local development server and access the victim's files present outside of the directory for the development server.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39097 βΌ
π Read
via "National Vulnerability Database".
WebBoss.io CMS v3.7.0.1 contains a stored cross-site scripting (XSS) vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22277 βΌ
π Read
via "National Vulnerability Database".
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22317 and CVE-2023-22314.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26838 βΌ
π Read
via "National Vulnerability Database".
Path traversal vulnerability in Importing Mobile Device Data of Cybozu Remote Service 3.1.2 allows a remote authenticated attacker to cause a denial-of-service (DoS) condition.π Read
via "National Vulnerability Database".
β€1
π΄ World Cup Glory Looms, and So Do Cyber Threats, Microsoft Warns π΄
π Read
via "Dark Reading".
The attack surface of a live event like this summerβs World Cup in Australia and New Zealand rivals that of a large multinational enterprise, or even a small city.π Read
via "Dark Reading".
Dark Reading
World Cup Glory Looms, and So Do Cyber Threats, Microsoft Warns
The attack surface of a live event like this summerβs World Cup in Australia and New Zealand rivals that of a large multinational enterprise, or even a small city.
π΄ As Artificial Intelligence Accelerates, Cybercrime Innovates π΄
π Read
via "Dark Reading".
Rare government, industry alignment on AI threats means we have an opportunity to make rapid strides to improve cybersecurity and slip the hold cybercriminals have on us.π Read
via "Dark Reading".
Dark Reading
As Artificial Intelligence Accelerates, Cybercrime Innovates
Rare government, industry alignment on AI threats means we have an opportunity to make rapid strides to improve cybersecurity and slip the hold cybercriminals have on us.
π΄ Exclusive: CISA Sounds the Alarm on UEFI Security π΄
π Read
via "Dark Reading".
Had Microsoft had adopted a more secure update path to mitigate the BlackLotus UEFI bootkit, it might already be eliminated, a CISA official says.π Read
via "Dark Reading".
Dark Reading
Exclusive: CISA Sounds the Alarm on UEFI Security
Had Microsoft had adopted a more secure update path to mitigate the BlackLotus UEFI bootkit, it might already be eliminated, a CISA official says.
π¦Ώ Cisco announces general availability of XDR platform π¦Ώ
π Read
via "Tech Republic".
In alliance with Cohesity and others, Cisco is fueling near-zero latency between ransomware detection and remediation with its Extended Detection and Response platform.π Read
via "Tech Republic".
TechRepublic
Cisco Announces General Availability of XDR Platform
In alliance with Cohesity and others, Cisco is fueling near-zero latency between ransomware detection and remediation with its Extended Detection and Response platform.