βΌ CVE-2023-21267 βΌ
π Read
via "National Vulnerability Database".
In doKeyguardLocked of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2802 βΌ
π Read
via "National Vulnerability Database".
The Ultimate Addons for Contact Form 7 WordPress plugin before 3.1.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)π Read
via "National Vulnerability Database".
βΌ CVE-2023-21134 βΌ
π Read
via "National Vulnerability Database".
In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21269 βΌ
π Read
via "National Vulnerability Database".
In startActivityInner of ActivityStarter.java, there is a possible way to launch an activity into PiP mode from the background due to BAL bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40024 βΌ
π Read
via "National Vulnerability Database".
ScanCode.io is a server to script and automate software composition analysis pipelines. In the `/license/` endpoint, the detailed view key is not properly validated and sanitized, which can result in a potential cross-site scripting (XSS) vulnerability when attempting to access a detailed license view that does not exist. Attackers can exploit this vulnerability to inject malicious scripts into the response generated by the `license_details_view` function. When unsuspecting users visit the page, their browsers will execute the injected scripts, leading to unauthorized actions, session hijacking, or stealing sensitive information. This issue has been addressed in release `32.5.2`. Users are advised to upgrade. There are no known workarounds for this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20965 βΌ
π Read
via "National Vulnerability Database".
In processMessageImpl of ClientModeImpl.java, there is a possible credential disclosure in the TOFU flow due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3721 βΌ
π Read
via "National Vulnerability Database".
The WP-EMail WordPress plugin before 2.69.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)π Read
via "National Vulnerability Database".
βΌ CVE-2023-39828 βΌ
π Read
via "National Vulnerability Database".
Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via the security parameter in the formWifiBasicSet function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21265 βΌ
π Read
via "National Vulnerability Database".
In multiple locations, there are root CA certificates which need to be disabled. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39827 βΌ
π Read
via "National Vulnerability Database".
Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via the rule_info parameter in the formAddMacfilterRule function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38687 βΌ
π Read
via "National Vulnerability Database".
Svelecte is a flexible autocomplete/select component written in Svelte. Svelecte item names are rendered as raw HTML with no escaping. This allows the injection of arbitrary HTML into the Svelecte dropdown. This can be exploited to execute arbitrary JavaScript whenever a Svelecte dropdown is opened. Item names given to Svelecte appear to be directly rendered as HTML by the default item renderer. This means that any HTML tags in the name are rendered as HTML elements not as text. Note that the custom item renderer shown in https://mskocik.github.io/svelecte/#item-rendering is also vulnerable to the same exploit. Any site that uses Svelecte with dynamically created items either from an external source or from user-created content could be vulnerable to an XSS attack (execution of untrusted JavaScript), clickjacking or any other attack that can be performed with arbitrary HTML injection. The actual impact of this vulnerability for a specific application depends on how trustworthy the sources that provide Svelecte items are and the steps that the application has taken to mitigate XSS attacks. XSS attacks using this vulnerability are mostly mitigated by a Content Security Policy that blocks inline JavaScript. This issue has been addressed in version 3.16.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21242 βΌ
π Read
via "National Vulnerability Database".
In isServerCertChainValid of InsecureEapNetworkHandler.java, there is a possible way to trust an imposter server due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4953 βΌ
π Read
via "National Vulnerability Database".
The Elementor Website Builder WordPress plugin before 3.5.5 does not filter out user-controlled URLs from being loaded into the DOM. This could be used to inject rogue iframes that point to malicious URLs.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3435 βΌ
π Read
via "National Vulnerability Database".
The User Activity Log WordPress plugin before 1.6.5 does not correctly sanitise and escape several parameters before using it in a SQL statement as part of its exportation feature, allowing unauthenticated attackers to conduct SQL injection attacks.π Read
via "National Vulnerability Database".
π¦Ώ At Black Hat, Splunk, AWS, IBM Security and Others Launch Open Source Cybersecurity Framework π¦Ώ
π Read
via "Tech Republic".
With security schema, Splunk and collaborators aim to transform alert telemetry from cacophony to chorus with one taxonomy across vendors and tools.π Read
via "Tech Republic".
TechRepublic
At Black Hat, Splunk, AWS, IBM Security and Others Launch Open Source Cybersecurity Framework
With security schema, Splunk and collaborators aim to transform alert telemetry with one taxonomy across vendors and tools.
π€1
β βGrab hold and give it a wiggleβ β ATM card skimming is still a thing β
π Read
via "Naked Security".
The rise of tap-to-pay and chip-and-PIN hasn't rid the world of ATM card skimming criminals...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2023-21276 βΌ
π Read
via "National Vulnerability Database".
In writeToParcel of CursorWindow.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21231 βΌ
π Read
via "National Vulnerability Database".
In getIntentForButton of ButtonManager.java, there is a possible way for an unprivileged application to start a non-exported or permission-protected activity due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46706 βΌ
π Read
via "National Vulnerability Database".
A type confusion issue was addressed with improved state handling. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to execute arbitrary code with kernel privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21281 βΌ
π Read
via "National Vulnerability Database".
In multiple functions of KeyguardViewMediator.java, there is a possible failure to lock after screen timeout due to a logic error in the code. This could lead to local escalation of privilege across users with no additional execution privileges needed. User interaction is not needed for exploitation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35689 βΌ
π Read
via "National Vulnerability Database".
In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb before SUW completion due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.π Read
via "National Vulnerability Database".