βΌ CVE-2023-3261 βΌ
π Read
via "National Vulnerability Database".
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier contains a buffer overflow vulnerability in the librta.so.0.0.0 library.Successful exploitation could cause denial of service or unexpected behavior with respect to all interactions relying on the targeted vulnerable binary, including the ability to log in via the web server.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40293 βΌ
π Read
via "National Vulnerability Database".
Harman Infotainment 20190525031613 and later allows command injection via unauthenticated RPC with a D-Bus connection object.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40292 βΌ
π Read
via "National Vulnerability Database".
Harman Infotainment 20190525031613 and later discloses the IP address via CarPlay CTRL packets.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40296 βΌ
π Read
via "National Vulnerability Database".
async-sockets-cpp through 0.3.1 has a stack-based buffer overflow in ReceiveFrom and Receive in udpsocket.hpp when processing malformed UDP packets.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40283 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3262 βΌ
π Read
via "National Vulnerability Database".
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database.A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or delete arbitrary database records.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40294 βΌ
π Read
via "National Vulnerability Database".
libboron in Boron 2.0.8 has a heap-based buffer overflow in ur_parseBlockI at i_parse_blk.c.π Read
via "National Vulnerability Database".
π¦Ώ Media Disposal Policy π¦Ώ
π Read
via "Tech Republic".
An organizationβs data and information possess tremendous value and must always be safeguarded. This policy from TechRepublic Premium helps ensure an organizationβs storage media are properly cleansed and sanitized prior to disposal, recycling or donation. From the policy: When disposing of damaged, unusable, obsolete, off-lease, decommissioned, old, or end-of-service-life equipment and media, the organization requires ...π Read
via "Tech Republic".
TechRepublic
Media Disposal Policy
An organizationβs data and information possess tremendous value and must always be safeguarded. This policy from TechRepublic Premium helps ensure an
β€1
βΌ CVE-2023-3266 βΌ
π Read
via "National Vulnerability Database".
A non-feature complete authentication mechanism exists in the production application allowing an attacker to bypass all authentication checks if LDAP authentication is selected.An unauthenticated attacker can leverage this vulnerability to log in to the CypberPower PowerPanel Enterprise as an administrator by selecting LDAP authentication from a hidden HTML combo box. Successful exploitation of this vulnerability also requires the attacker to know at least one username on the device, but any password will authenticate successfully.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3267 βΌ
π Read
via "National Vulnerability Database".
When adding a remote backup location, an authenticated user can pass arbitrary OS commands through the username field. The username is passed without sanitization into CMD running as NT/Authority System. An authenticated attacker can leverage this vulnerability to execute arbitrary code with system-level access to the CyberPower PowerPanel Enterprise server.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3264 βΌ
π Read
via "National Vulnerability Database".
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass in the REST API due to the mishandling of special characters when parsing credentials.Successful exploitation allows the malicious agent to obtain a valid authorization token and read information relating to the state of the relays and power distribution.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3265 βΌ
π Read
via "National Vulnerability Database".
An authentication bypass exists on CyberPower PowerPanel Enterprise by failing to sanitize meta-characters from the username, allowing an attacker to login into the application with the default user "cyberpower" by appending a non-printable character.An unauthenticated attacker can leverage this vulnerability to log in to the CypberPower PowerPanel Enterprise as an administrator with hardcoded default credentials.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40305 βΌ
π Read
via "National Vulnerability Database".
GNU indent 2.2.13 has a heap-based buffer overflow in search_brace in indent.c via a crafted file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3263 βΌ
π Read
via "National Vulnerability Database".
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass in the REST API due to the mishandling of special characters when parsing credentials.Successful exploitation allows the malicious agent to obtain a valid authorization token and read information relating to the state of the relays and power distribution.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40303 βΌ
π Read
via "National Vulnerability Database".
GNU inetutils through 2.4 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process.π Read
via "National Vulnerability Database".
π΄ 5 Ways CISA Can Help Cyber-Poor Small Businesses & Local Governments π΄
π Read
via "Dark Reading".
Adopting these recommendations will help SMBs and public-sector agencies that must deal with the same questions of network security and data safety as their larger cousins, but without the same resources.π Read
via "Dark Reading".
Dark Reading
5 Ways CISA Can Help Cyber-Poor Small Businesses & Local Governments
Adopting these recommendations will help SMBs and public-sector agencies that must deal with the same questions of network security and data safety as their larger cousins, but without the same resources.
βΌ CVE-2023-30186 βΌ
π Read
via "National Vulnerability Database".
A use after free issue discovered in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30187 βΌ
π Read
via "National Vulnerability Database".
An out of bounds memory access vulnerability in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30188 βΌ
π Read
via "National Vulnerability Database".
Memory Exhaustion vulnerability in ONLYOFFICE Document Server 4.0.3 through 7.3.2 allows remote attackers to cause a denial of service via crafted JavaScript file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37847 βΌ
π Read
via "National Vulnerability Database".
novel-plus v3.6.2 was discovered to contain a SQL injection vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37070 βΌ
π Read
via "National Vulnerability Database".
Code Projects Hospital Information System 1.0 is vulnerable to Cross Site Scripting (XSS)π Read
via "National Vulnerability Database".