🕴 'Downfall' Bug in Billions of Intel CPUs Reveals Major Design Flaw 🕴
📖 Read
via "Dark Reading".
A newly revealed flaw affects a good chunk of the world's computers. A patch has been released, but broad, structural change in CPU design will be required to address the root cause.📖 Read
via "Dark Reading".
Dark Reading
'Downfall' Bug in Billions of Intel CPUs Reveals Major Design Flaw
A newly revealed flaw affects a good chunk of the world's computers. A patch has been released, but broad, structural change in CPU design will be required to address the root cause.
‼ CVE-2023-39001 ‼
📖 Read
via "National Vulnerability Database".
A command injection vulnerability in the component diag_backup.php of OPNsense before 23.7 allows attackers to execute arbitrary commands via a crafted backup configuration file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48600 ‼
📖 Read
via "National Vulnerability Database".
A SQL injection vulnerability exists in the “notes viewâ€� feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48587 ‼
📖 Read
via "National Vulnerability Database".
A SQL injection vulnerability exists in the “schedule editorâ€� feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48585 ‼
📖 Read
via "National Vulnerability Database".
A SQL injection vulnerability exists in the “admin brand portalâ€� feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39000 ‼
📖 Read
via "National Vulnerability Database".
A reflected cross-site scripting (XSS) vulnerability in the component /ui/diagnostics/log/core/ of OPNsense before 23.7 allows attackers to inject arbitrary JavaScript via the URL path.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48596 ‼
📖 Read
via "National Vulnerability Database".
A SQL injection vulnerability exists in the “ticket queue watchersâ€� feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39008 ‼
📖 Read
via "National Vulnerability Database".
A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense before 23.7 allows attackers to execute arbitrary system commands.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2022-48589 ‼
📖 Read
via "National Vulnerability Database".
A SQL injection vulnerability exists in the “reporting job editorâ€� feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39002 ‼
📖 Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense before 23.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48593 ‼
📖 Read
via "National Vulnerability Database".
A SQL injection vulnerability exists in the “topology data serviceâ€� feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48595 ‼
📖 Read
via "National Vulnerability Database".
A SQL injection vulnerability exists in the “ticket template watchersâ€� feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48591 ‼
📖 Read
via "National Vulnerability Database".
A SQL injection vulnerability exists in the vendor_state parameter of the “vendor print reportâ€� feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48580 ‼
📖 Read
via "National Vulnerability Database".
A command injection vulnerability exists in the ARP ping device tool feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48598 ‼
📖 Read
via "National Vulnerability Database".
A SQL injection vulnerability exists in the “reporter events type dateâ€� feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38999 ‼
📖 Read
via "National Vulnerability Database".
A Cross-Site Request Forgery (CSRF) in the System Halt API (/system/halt) of OPNsense before 23.7 allows attackers to cause a Denial of Service (DoS) via a crafted GET request.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39004 ‼
📖 Read
via "National Vulnerability Database".
Insecure permissions in the configuration directory (/conf/) of OPNsense before 23.7 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege escalation.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48599 ‼
📖 Read
via "National Vulnerability Database".
A SQL injection vulnerability exists in the “reporter events typeâ€� feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48592 ‼
📖 Read
via "National Vulnerability Database".
A SQL injection vulnerability exists in the vendor_country parameter of the “vendor print reportâ€� feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39007 ‼
📖 Read
via "National Vulnerability Database".
/ui/cron/item/open in the Cron component of OPNsense before 23.7 allows XSS.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38998 ‼
📖 Read
via "National Vulnerability Database".
An open redirect in the Login page of OPNsense before 23.7 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL.📖 Read
via "National Vulnerability Database".