βΌ CVE-2023-38939 βΌ
π Read
via "National Vulnerability Database".
Tenda F1202 V1.2.0.9 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the mit_ssid parameter in the formWrlsafeset function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39363 βΌ
π Read
via "National Vulnerability Database".
Vyer is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In versions 0.2.15, 0.2.16 and 0.3.0, named re-entrancy locks are allocated incorrectly. Each function using a named re-entrancy lock gets a unique lock regardless of the key, allowing cross-function re-entrancy in contracts compiled with the susceptible versions. A specific set of conditions is required to result in misbehavior of affected contracts, specifically: a `.vy` contract compiled with `vyper` versions `0.2.15`, `0.2.16`, or `0.3.0`; a primary function that utilizes the `@nonreentrant` decorator with a specific `key` and does not strictly follow the check-effects-interaction pattern (i.e. contains an external call to an untrusted party before storage updates); and a secondary function that utilizes the same `key` and would be affected by the improper state caused by the primary function. Version 0.3.1 contains a fix for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38935 βΌ
π Read
via "National Vulnerability Database".
Tenda AC1206 V15.03.06.23, AC8 V4 V16.03.34.06, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and AC9 V3.0 V15.03.06.42_multi were discovered to contain a tack overflow via the list parameter in the formSetQosBand function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38937 βΌ
π Read
via "National Vulnerability Database".
Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, AC9 V3.0 V15.03.06.42_multi and AC10 v4.0 V16.03.10.13 were discovered to contain a stack overflow via the list parameter in the formSetVirtualSer function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4012 βΌ
π Read
via "National Vulnerability Database".
ntpd will crash if the server is not NTS-enabled (no certificate) and it receives an NTS-enabled client request (mode 3).π Read
via "National Vulnerability Database".
βΌ CVE-2023-39349 βΌ
π Read
via "National Vulnerability Database".
Sentry is an error tracking and performance monitoring platform. Starting in version 22.1.0 and prior to version 23.7.2, an attacker with access to a token with few or no scopes can query `/api/0/api-tokens/` for a list of all tokens created by a user, including tokens with greater scopes, and use those tokens in other requests. There is no evidence that the issue was exploited on `sentry.io`. For self-hosted users, it is advised to rotate user auth tokens. A fix is available in version 23.7.2 of `sentry` and `self-hosted`. There are no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38940 βΌ
π Read
via "National Vulnerability Database".
Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38936 βΌ
π Read
via "National Vulnerability Database".
Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6, AC9 V3.0 V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38157 βΌ
π Read
via "National Vulnerability Database".
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-36499 βΌ
π Read
via "National Vulnerability Database".
Netgear XR300 v1.0.3.78 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at genie_ap_wifi_change.cgi.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4199 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. This affects an unknown part of the file catagory_data.php. The manipulation of the argument columns[1][data] leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236289 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38934 βΌ
π Read
via "National Vulnerability Database".
Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) was discovered to contain a stack overflow via the deviceId parameter in the formSetDeviceName function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36054 βΌ
π Read
via "National Vulnerability Database".
lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38931 βΌ
π Read
via "National Vulnerability Database".
Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and FH1203 V2.0.1.6 were discovered to contain a stack overflow via the list parameter in the setaccount function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38930 βΌ
π Read
via "National Vulnerability Database".
Tenda AC7 V1.0,V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0,V15.03.06.28, AC9 V3.0,V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38933 βΌ
π Read
via "National Vulnerability Database".
Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6 and AC9 V3.0 V15.03.06.42_multi, and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38938 βΌ
π Read
via "National Vulnerability Database".
Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the page parameter at /L7Im.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38928 βΌ
π Read
via "National Vulnerability Database".
Netgear R7100LG 1.0.0.78 was discovered to contain a command injection vulnerability via the password parameter at usb_remote_invite.cgi.π Read
via "National Vulnerability Database".
π΄ Akamai Research: Rampant Abuse of Zero-Day and One-Day Vulnerabilities Leads to 143% Increase in Victims of Ransomware π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Akamai Research: Rampant Abuse of Zero-Day and One-Day Vulnerabilities Leads to 143% Increase in Victims of Ransomware
CAMBRIDGE, Mass., Aug. 7, 2023 /PRNewswire/ -- Akamai Technologies, Inc. (NASDAQ: AKAM), the cloud company that powers and protects life online, today released a new State of the Internet report that spotlights the evolving ransomware landscape. Ransomwareβ¦
π΄ SecurityScorecard Launches Managed Cyber Risk Services to Mitigate Zero-Day and Critical Supply Chain Vulnerabilities π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
SecurityScorecard Launches Managed Cyber Risk Services to Mitigate Zero-Day and Critical Supply Chain Vulnerabilities
BLACK HAT 2023, LAS VEGAS β August 7, 2023 β SecurityScorecard today announced new partner-focused Managed Cyber Risk Services designed to help customers of all types and sizes operationalize third-party cyber risk management. With 98% of organizations havingβ¦
βΌ CVE-2023-39525 βΌ
π Read
via "National Vulnerability Database".
PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, in the back office, files can be compromised using path traversal by replaying the import file deletion query with a specified file path that uses the traversal path. Version 8.1.1 contains a patch for this issue. There are no known workarounds.π Read
via "National Vulnerability Database".