βΌ CVE-2023-21285 βΌ
π Read
via "National Vulnerability Database".
In setMetadata of MediaSessionRecord.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21290 βΌ
π Read
via "National Vulnerability Database".
In update of MmsProvider.java, there is a possible way to bypass file permission checks due to a race condition. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27947 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. Processing an image may result in disclosure of process memory.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21275 βΌ
π Read
via "National Vulnerability Database".
In decideCancelProvisioningDialog of AdminIntegratedFlowPrepareActivity.java, there is a possible way to bypass factory reset protections due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21280 βΌ
π Read
via "National Vulnerability Database".
In setMediaButtonBroadcastReceiver of MediaSessionRecord.java, there is a possible permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21292 βΌ
π Read
via "National Vulnerability Database".
In openContentUri of ActivityManagerService.java, there is a possible way for a third party app to obtain restricted files due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32876 βΌ
π Read
via "National Vulnerability Database".
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13. A shortcut may be able to view the hidden photos album without authentication.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48503 βΌ
π Read
via "National Vulnerability Database".
The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing web content may lead to arbitrary code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21273 βΌ
π Read
via "National Vulnerability Database".
In SDP_AddAttribute of sdp_db.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21274 βΌ
π Read
via "National Vulnerability Database".
In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21282 βΌ
π Read
via "National Vulnerability Database".
In TRANSPOSER_SETTINGS of lpp_tran.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21271 βΌ
π Read
via "National Vulnerability Database".
In parseInputs of ShimPreparedModel.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46725 βΌ
π Read
via "National Vulnerability Database".
A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.4 and iPadOS 16.4. Visiting a malicious website may lead to address bar spoofing.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21233 βΌ
π Read
via "National Vulnerability Database".
In multiple locations of avrc, there is a possible leak of heap data due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4347 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.8.0.π Read
via "National Vulnerability Database".
β€2π1
βΌ CVE-2023-4308 βΌ
π Read
via "National Vulnerability Database".
The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Γ’β¬Λuser-submitted-contentΓ’β¬β’ parameter in versions up to, and including, 20230809 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2916 βΌ
π Read
via "National Vulnerability Database".
The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'admin_notice' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including configuration. It can only be exploited if the plugin has not been configured yet. If combined with another arbitrary plugin installation and activation vulnerability, it may be possible to connect a site to InfiniteWP which would make remote management possible and allow for elevation of privileges.π Read
via "National Vulnerability Database".
π’ More than 100,000 hackers have details exposed through malware on cyber crime forums π’
π Read
via "ITPro".
Hackers accidentally falling foul of malware is becoming more common, researchers said π Read
via "ITPro".
ITProUK
More than 100,000 hackers have details exposed through malware on cyber crime forums
Hackers accidentally falling foul of malware is becoming more common, researchers said
π΄ How & Why Cybercriminals Fabricate Data Leaks π΄
π Read
via "Dark Reading".
A closer look at the nature of fake leaks can provide guidance on how to effectively mitigate associated risks.π Read
via "Dark Reading".
Dark Reading
How & Why Cybercriminals Fabricate Data Leaks
A closer look at the nature of fake leaks can provide guidance on how to effectively mitigate associated risks.
βΌ CVE-2023-24478 βΌ
π Read
via "National Vulnerability Database".
Use of insufficiently random values for some Intel Agilex(R) software included as part of Intel(R) Quartus(R) Prime Pro Edition for linux before version 22.4 may allow an authenticated user to potentially enable information disclosure via local access.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30778 βΌ
π Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Blubrry PowerPress Podcasting plugin by Blubrry plugin <=Γ 10.0.1 versions.π Read
via "National Vulnerability Database".